Skip to main content

The BYOD Side of Health Care IT Security

In the past several years, plenty of trends in corporate IT have taken shape and intensified, but perhaps none quite as impactful and challenging as enterprise mobility. Sure, the Internet of Things is beginning to scale up and challenge managers in the IT department, but it will take years for this trend to see the same types of gains in adoption as enterprise mobility and, specifically, BYOD, have seen of late.

Lost or stolen devices, rogue IT, poor control over access, no governance and other issues have all become extremely relevant in health care, where providers are increasingly turning to smartphones and tablets as viable devices to improve care. What's more, physicians and other practitioners have been demanding the ability to use their personal smartphones and tablets for work functions, and failing to oblige these requests can hinder engagement and efficiency in several fashions.

For these reasons and many more, medical firms do not necessarily have an option to go mobile or not, but rather must embrace this trend in such a way that fuels gains in patient care efficiency and efficacy while simultaneously mitigating the threat of breach. With the right solutions in place and strong policies that align with compliance requirements and best practices, health care providers can get BYOD right and avoid the fallout of a major data loss event.

New recommendations
The Healthcare Information Management Systems Society recently released a new set of recommendations and guidance for medical firms regarding the implementation of BYOD policies. First, the firm pointed out that end-users, managers and IT professionals will need to be on the same page, and each must understand their unique responsibilities with respect to personal smartphone and tablet use.

For example, HIMSS noted that managers should always be working to handle risk proactively, while IT staff needs to be focusing on service delivery and support of end users. Policies should be clearly and definitively drawn to ensure physicians are aware of the risks that accompany BYOD, and what they must be doing to follow the best practices of use from security, privacy and productivity perspectives.

In that same vein, health care providers would do well to build strategies and policies off of employee preferences, at least to a certain degree, as this can help to mitigate one of the greatest threats of all - rogue IT. When employees are not able to seamlessly move through their responsibilities due to poor support or overly restrictive policies, they will be more likely to circumvent IT and, in the process of doing so, put data and systems at risk.

Forthcoming guidance
CSO Online recently reported that the U.S. National Institute of Standards and Technology is working on the final stages of a new best practice framework that will help to boost security and privacy performances among medical firms. According to the news provider, the completed form will not be available until the fall, as the agency is currently taking comments and suggestions through the end of September.

The work done by NIST will hopefully bolster the intelligence and relevance of BYOD policies on a broad scale, similarly to the guidance it developed for cloud computing security a few years back. The source noted that the current iteration of the guide is relatively exhaustive, going through all different types of considerations including the integration of various platforms and operating systems into a unified framework.

By following these types of new guidance and leveraging secure cloud, HIPAA email and similar services, medical firms can enjoy stronger protection against breach even with BYOD in place.

Add Comment

Comments (0)

Post
×
×
×
×
Link copied to your clipboard.
×
×