- While there are some benefits to Bring Your Own Device or BYOD guidelines such as cutting costs of company-owned products and offering employees more flexibility, the privacy and security risks associated with BYOD guidelines may be too great to ignore.
ABC News reported on the dangers of incorporating BYOD guidelines throughout the healthcare industry. Doctors and nurses capable of accessing patient information through their own devices could be putting that data at risk of a cyberattack.
Medical providers could stand to lose as much as $305 billion throughout the next five years from cyberattacks, according to ABC News. BYOD guidelines – no matter how intricate – pose a problem for the healthcare industry, as personal devices become part of a hacker’s game plan to steal patient information.
Physicians and other specialists often need to access sensitive and private patient data to diagnose and treat the patient at hand. However, the ability to download that information to a personal laptop, smartphone, or tablet poses significant security concerns.
A major issue with BYOD guidelines across medical facilities is that few establishments require the user to install antivirus and antimalware software on smartphones or other devices. Employees also rarely remove mobile applications that could pose a security risk when integrated into the hospital network.
Even when medical establishments have adopted these stipulations in their BYOD guidelines, there is little enforcement requiring employees to follow these steps toward securing patient data.
It is nearly impossible for organizations to determine whether their employees have downloaded every update necessary to keep patient data safe, so malware protection could be subpar.
This information on BYOD policies and security risks is truly concerning to learn, as patient data today has a wide variety of private and intimate information about diagnoses, treatments, and medical conditions that no individual would want exposed to the outside world.
ABC News details how patients could potentially reduce the cybersecurity risks associated with their data by excluding their social security numbers from the information given to their primary care doctors. If the consumers have health insurance, social security numbers may not be necessary for billing and other processes.
BYOD security risks are especially harmful if a medical group or practice has recorded patient financial information such as data that could be used to access bank accounts or credit card statements.
Identity theft is a real problem for the healthcare industry as well, as electronic medical records could be mixed in with another person’s health details once they have access to the record and use the information to obtain medical care.
“If an impostor uses your insurance to gain access to healthcare, it can also affect your own ability to access care: many insurance plans have yearly caps on certain types of procedures and treatments — and no insurance company is going to pay for one person to have an appendectomy twice,” the news source reported. “An identity thief with access to your insurance could drain your coverage before you even know it’s happened, and leave you in the lurch when you need it.”
While there are clearly specific privacy and security risks associated with BYOD policies, mHealthIntelligence.com recently mentioned a few benefits that come from allowing employees to use their own mobile devices. These include improving care coordination and health data exchange while offering employees more flexibility.
While these advantages are true, it’s imperative to include strong BYOD guidelines that will protect patient data across the medical care continuum.
“Our greater connectivity and enterprise mobility has confronted employers with a wide range of issues: dealing with the loss or theft of mobile devices, data breaches, security maintenance, issues of discoverability in litigation, and separation issues,” attorney Julie Brook of Continuing Education of the Bar California wrote in an advisement.
As such, strengthening patient data security is imperative for the future of healthcare.