- As new mobile technologies like smartphones, laptops, and tablets proliferate across the corporate world, it becomes easier than ever before for employees to use their own mobile devices when managing their work. Due to the growing popularity of mobile technologies, more companies today are creating BYOD policies to ensure their data and financial records remain safe and secure from cyber hacking.
While using one’s own device may be more convenient for many people such as healthcare professionals looking to maintain contact with their patient base, it is important to understand the need for strong security measures in BYOD policies across the medical care spectrum.
The publication Business Management Daily reports that about 75 percent of organizations around the country have established BYOD policies at this point in time. While these types of strategies can help companies reduce overall costs associated with bringing in corporate-owned equipment and mobile devices, it is important to understand the potential security risks of BYOD policies.
“BYOD can be great for startups or small businesses that don’t want to spend money on computers or equipment, but the risks include loss of information and privacy concerns,” Suzanne Lemen, founder and CEO of Dynamic Corporate Solutions, told the news source.
For the employee, however, BYOD policies can be helpful. The everyday nurse or physical therapist, for instance, could potentially get reimbursed by their healthcare organization for data plan minutes and other costs associated with mobile device use.
It is important to pay attention to the rules set forth by the IT department when it comes to BYOD policies and using one’s own device in the workplace. Some employers even have the right to access all data stored on personal mobile devices if used at work in order to have greater oversight of mobile data security.
This kind of BYOD strategy can allow employers to delete all information stored on a mobile device if it is lost or stolen. For example, if an employee leaves an organization, the company may need to ensure all corporate data stored on personal mobile devices is left behind. Securing the right to delete such information could be a key strategy for strong mobile security.
Additionally, employers including healthcare organizations will need to pay attention to regulatory compliance when it comes to mobile device security. The HIPAA Security Rule is the most common regulatory policy that medical facilities must adhere to.
Hospitals, clinics, and other healthcare establishments must be sure to keep all electronic protected health information (e-PHI) confidential, as patient data needs to remain secure and safe from the potential of cyber attacks or identify fraud. Also, entities will need to anticipate and identify potential threats to security as well as protect data against these security risks.
“Prior to HIPAA, no generally accepted set of security standards or general requirements for protecting health information existed in the health care industry,” the Department of Health and Human Services (HHS) states on its website. “At the same time, new technologies were evolving, and the health care industry began to move away from paper processes and rely more heavily on the use of electronic information systems to pay claims, answer eligibility questions, provide health information and conduct a host of other administrative and clinically based functions.”
“Today, providers are using clinical applications such as computerized physician order entry (CPOE) systems, electronic health records (EHR), and radiology, pharmacy, and laboratory systems. Health plans are providing access to claims and care management, as well as member self-service applications.”
“While this means that the medical workforce can be more mobile and efficient (i.e., physicians can check patient records and test results from wherever they are), the rise in the adoption rate of these technologies increases the potential security risks. A major goal of the Security Rule is to protect the privacy of individuals’ health information while allowing covered entities to adopt new technologies to improve the quality and efficiency of patient care.”