Devices & Hardware News

BYOD Security Policies May Be Too Invasive for Providers

By Sara Heath

BYOD programs have brought to users many benefits, including easier access to patient information and increased mobility throughout a healthcare facility. However, the storage of patient information on a personal mobile device has also posed many complications, predominantly with health IT security.

BYOD health data security policies pose threat to providers personal information

To account for security issues, many healthcare facilities have implemented BYOD policies that have strong safeguards against security breaches, including the ability to wipe the data completely from the device should it be stolen or misplaced. However, these policies are often seen by healthcare professionals as invasive.

According to a recent Bitglass study, 57 percent of end-users are opting out of company BYOD programs because they perceive the policies too invasive and they do not want hospital IT professionals to have access to their personal data. Thirty-eight percent of IT professionals decline to participate in BYOD programs, as well.

Furthermore, a significant number of users are refusing to use IT security strategies implemented to protect personal devices from health data breach. Nearly 57 percent of end users refuse to use mobile device management (MDM) and mobile app management (MAM) programs. According to Bitglass, this means that millions of dollars are being dedicated to developing these programs, but go to waste because users do not want to utilize them.

The primary concern for end users is the IT department’s access to private, personal information stored on the device. The study shows that 78 percent of users are not likely to partake in a BYOD program if IT has access to personal information and applications. Likewise, 64 percent would not be likely to participate in a program where IT departments are able to wipe devices of all data when the employee leaves the healthcare organization.

However, the study shows that employees understand the importance of health IT security with regards to BYOD policies. The problem is simply that employees feel organizations should not have the ability to wipe personal information from the device. According to the study, 78 percent of employees feel this way.

Likewise, many IT professionals are not fans of company-implemented MDM/MAM software on their personal devices. Approximately 38 percent of IT professionals do not participate in their BYOD policies because they do not want this software on their devices.

Despite the unpopularity of security tools like MDM and MAM, the survey shows that it is important that data security be an integral facet of BYOD policies. According to the study, nearly 15 percent of all health data breaches are due to lost or stolen mobile devices. To keep this number from growing larger, IT departments need to develop security strategies that will be accepted by users and that will keep data safe.

According to the study, one popular potential solution is developing a system that would block IT professionals from seeing users’ personal information. Approximately 67 percent of employees reported that they would participate in such a program, and 64 percent of IT professionals feel this would make their BYOD policies more popular.

The Bitglass study suggests that healthcare organizations and IT departments reshape BYOD policies to be more data-centric and allow for increased privacy for providers’ personal information. Bitglass executives suggest that these kinds of changes could make BYOD policies more popular, and bring positive changes to healthcare practices.

“BYOD holds great promise for employee productivity and cost savings, but architectural challenges introduced by the first wave of solutions have inhibited adoption,” said Bitglass CEO Nat Kausik in a statement. “Going forward, BYOD programs must comprehensively address privacy concerns while allowing users to maintain control over their personal data.”

Do Not Sell or Share My Personal Information
©2012-2024 TechTarget, Inc. Xtelligent Healthcare Media is a division of TechTarget. All rights reserved. HealthITAnalytics.com is published by Xtelligent Healthcare Media a division of TechTarget.