Healthcare institutions and Bring Your Own Device (BYOD) policies might seem at odds due to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and concerns over Personally Identifiable Information (PII).
However, after speaking to some healthcare IT experts, the same concerns about endpoint security, data governance, and mobile device management (MDM) exist but with the added concerns of stringent compliance programs that protect patient information.
Here are five lessons from healthcare BYOD for other industries:
1. BYOD can interconnect organizations and cross hierarchies
“Healthcare has had to adapt to what doctors do,” says Chris Davis, senior solutions architect, Verizon Enterprise Solutions. “The healthcare industry is a collection of providers agreeing to participate together much different from some of the other corporate driven practices and hierarchies.”
“It’s from necessity, not out of design,” adds Davis about healthcare BYOD. Early adopters, even Millennials, aren’t part of the healthcare BYOD discussion.
2. Outsourcing enterprise mobile and BYOD security is an option
Changes in mobile devices and mobile security technologies can be hard for some companies to manage. This is leading to a growing outsourcing market for BYOD and mobile security including managed service providers and professional services firms.
Julee Thompson, Chief Healthcare Executive for Sprint, recommends that healthcare institutions seeking out technology partners to handle mobile/BYOD security. This advice is applicable across industries as organizations of all size move to secure their enterprise end-points and corporate data.
3. Separate data from the device for BYOD security
HIPAA focuses on protecting the data, not the device. This makes healthcare IT focus on protecting data using Virtual Desktop Infrastructure and SaaS-based applications, thus taking patient data and PII off employee devices.
“It depends on what you are using the device for. As an example, device security really is the is the thing most providers and administrators are going to be concerned about with BYOD,” says Daniel Cane, CEO of Modernizing Medicine, a provider of cloud-based Electronic Medical Records software. “If the data isn’t residing on the device, I think it’s a lot easier to have a BYOD environment.”
4. Compliance programs raise the stakes for BYOD
“The ramifications for a security breach in a traditional corporation are a heck of a lot less draconian than a breach with HIPAA,” says Cane. “A HIPAA breach is a lot more punitive than a software breach so BYOD if you aren’t using cloud applications can get very scary, very quickly.”
He also adds that information is the asset that has to be protected whether that is on corporate or personal computing devices.
5. Keep lost devices a focus of BYOD security
Healthcare is a highly mobile profession with a user community that’s literally on their feet all day running from crisis to crisis. It’s easy for a healthcare practitioner to set their device down and lose it (more so than traditional office workers). Verizon’s Davis and nearly every healthcare IT expert I’ve spoken with on the subject of BYOD points to lost devices as a major security concern for healthcare institutions. Lost device security concerns drive the need for MDM solutions and early interest in emerging mobile security technologies like geo-fencing.
There’s a lot to learn about BYOD security management from the healthcare industry because of the unique challenges they face from maintaining HIPAA compliance and dealing with sensitive information.
Would it bother you if your doctor’s office went BYOD?
Image by freeimages.com user: LeoSynapse
This post was originally posted on The Mobility Hub on April 9, 2014
Will Kelly is a technical writer and analyst based in the Washington, DC area. His writing experience also includes writing technology articles for CNET TechRepublic and other sites. Will’s technology interests include collaboration platforms, enterprise mobility, Bring Your Own Device (BYOD), project management applications, and big data.