Healthcare Information Security

HIPAA and Compliance News

Is BYOD, mobile health security an all-or-nothing decision?

By Kyle Murphy, PhD

- In healthcare, the debate over which mobile device strategy to support tends to be divided into two camps: those for and those against bring your own device (BYOD).

While policies that give hospital staff the ability to use personal devices are closely tied to employee satisfaction and ease of use, they may not take into account the whole range of sticking points healthcare organizations face when a BYOD strategy is given the go-ahead, ranging from security and privacy to durability and cost.

“We’ve seen hospitals going down that path, and we’ve also seen hospitals regretting that they took that path,” says Sten Dyrmose, CEO of Spectralink, a company specializing in the design of purpose-built mobile communication devices for healthcare and other industries. “There’s room for both solutions in the market, and we really appreciate and accept that. I just think as a customer you should be very, very careful about making the right choice.”

Dyrmose and his team at Spectralink have developed a Wifi-enabled purpose-built device that lives in the healthcare organization and can be shared among clinical staff at the end of shift all the while preventing protected health information (PHI) from being accessible beyond the range of the hospital’s secure network.

Rather than an all-or-nothing scenario, mobile strategies in healthcare may want to consider what policies are appropriate for given use case. As Dyrmose notes, a BYOD policy is useful for hospital staff working inside and outside the institution’s four walls but not necessarily the right fit for staff whose work is confined to one or the other area. “Smart is not always smart,” he adds.

The case of nurses provides an example of where BYOD may come up short, both in terms of their clinical workflows and their increased involvement in the decision-making process of choosing appropriate mobile devices for the workplace.

Nursing and mobility go hand in hand. “She’s not sitting at a desk obviously. She doesn’t want to walk back to the nurses’ station every time she needs to make a call or get a call. This becomes an integral part of the nurse’s day-to-day job, productivity, and effectiveness,” notes Mike Lanciloti, Spectralink’s VP of Marketing and Product Management.

At the same time, the pull that nurses have in selecting which mobile device or policy to support isn’t necessarily complemented by a thorough understanding of what that choice could mean for health data security and privacy.

“More and more, we’re seeing the nurses themselves involved in the decision,” explains Lanciloti. “But often nurses are not experts on things like security and network design, so that’s why you have to get the IT people involved as well.”

What’s more, purpose-built devices may lead to other benefits for healthcare organizations beyond health data security and privacy. For one, they’re designed with the clinical not just the consumer environment in mind. “Some of the disadvantages of smartphones is when you work at a hospital and you need to clean your phones with very rough chemicals – It kind of destroys them,” says Dyrmose.

Beyond durability, another benefit is the ability to share devices, cutting down on the number of devices that an organization needs to purchase.

“Consumer smartphones are not meant to be used by more than one individual,” continues Lanciloti. “The smartphone companies want every person to have a personal device. Hospitals can’t afford to do that. Generally, these devices are shared across shifts, which means they get intensive usage. They’re always being used.”

While healthcare organizations grapple with whether they will allow their employees to use their own devices versus those they’ve provisioned, they may want to begin their due diligence with a serious look at real-world applications in the clinical environment.

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy


no, thanks

Continue to site...