How Do Bring-Your-Own-Device Policies Impact Healthcare Privacy?

Security breaches are dangerous, inconvenient and expensive. Healthcare organizations need to look at ways to ensure that BYOD doesn't make matters worse. Data security breaches are leading patients to worry their medical data might be at risk as well. BYOD (Bring Your Own Device) — where healthcare professionals use their personal mobile devices for work — have become routine. It's up to healthcare professionals to ensure that patient records are secure and protected from unauthorized disclosure. The need is real. According to a Cisco 2013 report, 88.6 percent of healthcare workers use their own smartphones for work purposes.

BYOD Can Cause Massive Security Threats

The benefits of using mobile devices in healthcare are immense. Benefits include lower costs, less training, convenience, ease of contact and higher productivity — U.S. BYOD users are estimated to grow to 108 million by 2016 and are expected to gain 81 minutes per week from using their personal devices. However, this same report states that 41 percent of professionals in the field of healthcare are using smartphones that are not password-protected and 44 percent of them interact with unsecured Wi-Fi networks during the course of their working days. These figures are alarming, as it means that medical information on mobile devices is vulnerable.

Expenses of Privacy Breaches

HIPAA and similar regulations mean that healthcare organizations are legally responsible for security breaches, no matter if the mobile devices are owned by employers or employees. Ponemon Institute, in a May 2014 research study, found that in a 10-month period in 2013, the average number of breached records in the United States was 29,087, mainly from loss and theft. The cost of these breaches was $5.4 million in 2013 and $5.85 million in 2014. Causes of the included :
- Criminal or malicious attack — 42 percent
- System problems in IT and business procedures — 29 percent
- Employee error and negligence — 30 percent

What Can Be Done to Improve Security?

Thankfully, healthcare providers have many options to combat this rising trend. Here's what can be done:
- Implement a mobile device management (MDM) policy that is clear, consistent and easy for employees to understand.
- Choose security programs that are compatible with iOS and Android devices.
- Convey to employees the importance of complying with MDM strategies. Let them know the consequences of security breaches.
- Allow the IT department to investigate whatever procedures are necessary to ensure the security of networks. Wiping devices clean is important, particularly if employees leave the organization. Software is available that will remove enterprise data and leave personal information alone.
- Create the facility for professionals to store sensitive data before taking their devices home, or use software that only allows access and not storage of patient records.
BYOD is now an integral part of many healthcare organizations. The best policy now seems to embrace this change and make it work so that the most important people in the loop — the patients — are confident that their records are secure.

To Read More About Healthcare Management, See Below:

3 Reasons Why Health Insurance Co-ops Appeal to Members HealthThe Role of HIPAA in Gun Control3 Roadblocks to Installing Electronic Health Records (Also: How to Overcome Them)Photo Credit: Juhan Sonin via Flickr.

Written by: