BYOD Opens Pandora’s Box of Challenges for Healthcare Industry

March 9, 2016

Physicians and healthcare workers are bringing their own devices into the workplace to stay connected personally and to help them while on the job. With the advent of Bring Your Own Device (BYOD), it is important to have secure messaging tools that continue to ensure patient confidentiality.

byod_strategy_1In some healthcare circles, BYOD is referred to as ‘Bring Your Own Disaster,’ further verifying the need for the healthcare industry to stand up and take notice of the vulnerabilities BYOD calls into play.

According to a recent SPOKE survey, more than 75% of medical professionals use smartphones while on the job and actively use it as part of their daily tasks and routine patient visits. More than 92 percent of those users are utilizing iPhone devices within their healthcare organizations and their organizations actively support the use of the device.

“One of the top concerns in any BYOD environment is security,” said Syed Ali, IT Director at Digital Intelligence Systems, LLC (DISYS). “If a BYOD policy is not carefully thought out, the integrity of a company’s entire network can be put at risk.”

With healthcare professionals doing a majority of their tasks on their mobile devices while on the institution’s network, it is increasingly important to focus on the number of network endpoints – everything from a FITBIT to a person’s tablet acts as an endpoint.

“Securing different network-enabled mobile endpoints isn’t difficult for an IT security professional,” Ali said. “It doesn’t matter what type of device it is, the enterprise network treats them as computers.”

Ali goes on to explain, the real problem for an IT departments isn’t the type of devices being connected to an enterprise network within a facility, but it is actually the number of network-enabled endpoints. Each endpoint has the potential to create remote access vulnerabilities within corporate networks.

An article from Risk Management Monitor, which focuses on the BYOD issues, discusses in detail the importance of securing endpoints and the appropriate filtering of traffic.

“Just as drivers create environmental waste every time they get behind the wheel, network users constantly send waste – in this case, private web and data traffic as well as malicious software into the network through their personal devices,” the article states.

“This is why, to mitigate risk, IT departments must rely on centralized authentication and authorization functions,” Ali said. “This ensures user access control and network policy adherence.”

According to Healthcare IT News, a recent roundtable of healthcare professionals found “although a majority of healthcare providers had defined procedures for securing devices, 46% admitted the policies are not being followed.  In similar fashion, roundtable participants agreed device encryption should be a part of any BYOD policy—but that encryption requirements were rarely enforced.  One reason for the prevalence of healthcare breaches is the lack of organizational adherence to their own policies.”

“This is a real concern,” said Sean Corry, Director of Global Services at DISYS. “The healthcare industry must be proactive with policy enforcement instead of waiting for employees to adopt their encryption protocols. Enforcement has to be top-of-mind as these procedures directly correlate to a patient’s data being safe and secure.”

Putting compliance in perspective, complying with HIPAA and the Health Information Technology for Economic and Clinical Health (HITECH) Act while also implementing a BYOD policy is a completely different challenge:

But mobile computing and BYOD in healthcare has given rise to an even more complex and nuanced undertaking than just meeting guidelines.

“Dealing with the information risks in healthcare BYOD requires understanding what kind of mobile solutions an institution has and how they are putting information at risk,” Corry said. “A holistic approach and a long-term security strategy can bridge these gaps and bring federal guidelines and BYOD strategies up to par with what consumers expect.

“This needs to be done in such a way that it does not disrupt the end-user experience but provides all the necessary safety and security.”

Note: Regardless of where you are in securing your healthcare data, Digital Intelligence Systems, LLC (DISYS) has seasoned teams with professional experience in the healthcare safety and security arena. Our Healthcare team is at the forefront of industry trends and is constantly looking for innovative ways to accelerate productivity within the Healthcare field for both providers and for the consumer. Click here to find out additional facts about our Healthcare Industry work.