The BYOD trend has introduced a variety of concerns to the healthcare enterprise — but IT has a lot more to worry about than patient privacy and data security. There are several issues that arise when contemplating supporting clinicians using their own devices at the point of care on the hospital Wi-Fi; many of them have more to do with supporting the actual devices than simply focusing on securing the data.
Since the dawn of the cell phone, IT has been responsible for the tracking and replacement of lost devices when they are company owned. But what is the policy when a personally owned device that accesses hospital data is lost or stolen? Of all the issues that keep health IT managers awake at night, it’s hard to find one more worrisome than supporting mobile device management on personally-owned devices. The practice has been to utilize MDM on devices to remotely wipe and/or disable these devices when they are missing and this strategy is considered the bare minimum for supporting personally-owned devices on the hospital network. Regardless of what MDM strategy that is used, the solution can’t be too intrusive, and sometimes that can be an issue with MDM when used to manage BYOD. But when you’re dealing with patient information, anything that contains data covered by HIPAA needs to be secured, and those devices need to be able to be wiped clean. However, many clinicians and administrators are opposed to installing MDM on their personal devices. With that, some are looking to focus on managing data rather than managing devices, which can be accomplished through a virtual desktop approach. With all of its sensitive patient data on hospital servers, there’s no risk of breaches from stolen or lost tablets, smartphones and laptops.
Mixing personal and professional use of mobile devices
Mobile computing devices will soon be ubiquitous in clinical environments just as they are in everyday life. Many clinicians have several very valid concerns about BYOD for professional use. These concerns include a loss of privacy for personal communications, impressions that personal devices may compromise professional behavior, and the concern that procedures (the when and where) may not be clear around professional vs. personal use on personal devices.
A culture of responsible transparency is necessary in support of policy-makers as they to start a dialogue with users to understand their needs and to maximize the benefits of this powerful new technology while avoiding unintended consequences.
Through the use of application layer firewalls and unified threat management, most hospital enterprises have been able to deploy and monitor applications on the network safely and securely. UTM in particular provides a level of risk mitigation when compliance with HIPAA or other regulatory mandates the tracking of email, web or access to EHR. There are many advantages to these strategies for managing applications on personally-owned devices; however concerns about performance degradation and there can be limited application support. Scalability can also become a problem as the number of clients or the number of proxies increases. Deploying and supporting diverse applications can be a nightmare if you are dealing with thousands of devices.
There are very few environments on earth as difficult on devices as a hospital. Protecting these devices from fluids and harsh operating conditions can be a challenge. Additionally, clinicians are mobile professionals and the likelihood of personally-owned devices having the safeguards to protect them from cross-contamination from hospital to hospital can be nearly impossible. Should the responsibility of the sanitation and hardening of the personal device fall on IT or should the clinician assume responsibility when deciding to use their own device in the treatment of patients? These procedures should be considered when implementing a BYOD strategy in any healthcare environment.
Support of Doctors and Hospital Administrators
80% of physicians currently own tablets and the majority of those are demanding to use them at the point of care. This is driven by the desire to increase productivity and to use a familiar device while treating patients. This also allows clinicians the ability to tend to personal issues between rounds. But how does IT support the needs of the clinical staff and administrators while keeping a secure environment for sensitive patient data in the light of BYOD for clinical use?
BYOD isn’t going away — and why would we want it to? It helps clinicians provide better, speedier patient care and has no doubt saved lives on occasion. Once you find the right IT solution, it will certainly save you some sleepless nights as well.