- With health IT and mobile security of the utmost importance throughout the healthcare industry, more medical providers including chief information officers at hospitals are starting to focus their efforts on ensuring patient data privacy and security concerns are addressed when personnel adopt Bring Your Own Device policies.
HealthITSecurity.com reported last week that top executives at hospitals are being provided with more opportunity and financial capability to prevent cybersecurity attacks. The research behind this finding comes from a study completed by Scott Dynes, PhD, Tyler Moore, PhD, and Frederick R. Chang, PhD, from Southern Methodist University.
Top level executives are putting more administrative and financial support throughout hospitals to address patient data security risks including when healthcare personnel use Bring Your Own Device guidelines. Some challenges standing in the way of pursuing the goals of strengthening cybersecurity measures include lack of staffing and not enough budgetary means for the more grand executions.
mHealthIntelligence.com has reported on the importance of strengthening security within Bring Your Own Device policies time and time again. In an interview with Dr. Robert G. Graw, Jr., Chief Executive Officer of Righttime Medical Care, mHealthIntelligence.com asked about the importance of patient data safety and security within a Bring Your Own Device policy.
“[Safety and security] is the name of the game today,” Graw postulated. “Folks would like to be sure that in all circumstances their private health information is not shared with anybody but the medical clinician who is treating them. So it’s very important.”
“We looked at the various types of communication that people can have – whether it be an email in our organization or an email that was sent back and forth. One of our first questions by our in-house council and IT folks is whether it’s secure and could it be captured for any other purposes than was intended. [Our clinicians] only use smartphones, computers, iPads, and etcetera from our corporation that are secure.”
A white paper from Spok details the benefits and challenges of Bring Your Own Device strategies. The use of mobile devices throughout both the healthcare system and the corporate world has spread quickly due to the many functions and capabilities of these tools.
Among medical providers, mobile devices offer patient record access, medication management apps, code alerts, test result notifications, and a secure method of communicating between nurses, doctors, and other specialists. Additionally, the white paper explains that Bring Your Own Device policies can actually save an organization money that would have been spent on technology investments.
Some of the key questions that healthcare providers, hospital executives, and security experts will need to consider when creating Bring Your Own Device guidelines are allocating who will cover the costs, whether there is adequate IT support for these BYOD policies, and whether the guidelines ensure safety and security.
One of the first steps of developing effective Bring Your Own Device policies is to gather feedback from BYOD participants regarding their understanding behind system access, the use of personal mobile devices, and any risks associated with accessing patient data on mobile devices.
“One of the hardest parts of developing a BYOD policy is establishing the expectations of employees and employers around who foots the bill,” the white paper established. “Users are generally expected to purchase personal devices such as smartphones and tablets. In fact, this is the primary cost savings for facilities that choose BYOD over the employer-supplied device model.”
“However, there may be exceptions that warrant consideration, such as offering to cover part of an upgrade cost if it is required for compatibility with certain hospital-approved or purchased apps. Then the primary questions are around the data and cellular plans. If the personal device being used is essential to the employee’s job, hospitals might consider covering part of the monthly expense by paying a flat stipend to employees, paying a percentage of the bill, or reimbursing monthly expenses based on actual usage.”