There are a number on vendors that offer this software, including AirWatch and Citrix. Installing a good mobile device management (MDM) tool is also essential for any BYOD program, experts say. ONC indicated as recently as February that not enough organizations are conducting risk assessments.įinally, organizations need to make sure breach management and incident response teams are on board and know what the mobile device policy is. She also recommends thorough and regular risk assessments to ensure compliance with HIPAA privacy requirements. To ensure policies don’t end up being disruptive, Downing suggests following a “reasonableness” standard. Some organizations deploy extreme measures, such as requiring a lengthy alphanumeric phrase recognition password or prohibiting PHI in emails, while others are less restrictive. Not one size fits all, however, when it comes to mobile device and BYOD policy. “You can’t just build it behind the scene,” she says. Policies should reflect the concerns of nurses, lawyers and others whom they will impact. For example, don’t allow others to access secure information on your phone, don’t share your password and don’t ignore software updates designed to address a security risk.Ī big piece of any BYOD program is employee awareness and education, Downing says. Policies also need to have some sort of user review and acknowledgment so that people understand their responsibilities. Basic components tend to include expectation of privacy, acceptable use, device and support, security and risks and liabilities. There are numerous examples of BYOD policies. These are basic principles that apply across any vertical, not just healthcare, Earle says. Such policies need to address questions like retention of emails and passwords and, if a personal device is going to connect to the network, what broader mobile device guidelines it must comply with to ensure users stay connected in a secure manner. That’s usually coupled with formal BYOD policies, he adds. “Most organizations do allow for people to bring in devices, but you have to couple that with a mobile device management solution in order to control the various dynamics of protected health information and allowing a more secure … connection to the health system,” says Cletis Earle, CHIME board chair and CEO at Kaleida Health. The problem, critics say, is that employees where BYOD is permitted often don’t want their personal devices monitored. This usually entails installing a profile on a device so that it can be monitored and controlled. The National Institute for Standards and Technology also has a practice guide on mobile device security that discusses enterprise mobility management. Among its recommendations are that organizations install and enable encryption and research mobile apps before downloading them onto devices. ONC has developed guidance on securing mobile devices, including BYOD. While HIPAA doesn't require specific solutions when it comes to technical safeguards for mobile devices, HHS does require organizations to have reasonable and appropriate security measures for standard operating procedures. Infrastructure was also a concern, with 54% citing Wi-Fi coverage and 44% saying cellular coverage is a security challenge. In the Spõk survey, 52% of respondents named BYOD as a top data security challenge. Last year, Children’s Medical Center of Dallas paid $3.2 million to HHS over patient privacy breaches linked to an unencrypted, non-password protected BlackBerry device.įor that reason, data security remains the chief reason hospitals prohibit BYOD. Healthcare organizations can pay dearly when breaches occur. “We see so many breaches when somebody has downloaded something on a flash drive and the flash drive goes missing,” she tells Healthcare Dive. Mobile devices should be part of an organization’s overall governance program, and that should include BYOD and issues like what people can download on a flash drive, says Kathy Downing, director of practice excellence and senior director at the American Health Information Management Association. Experts say hospitals that allow employees to use their personal cell phones in the workplace need clear policies on who can use BYOD and what types of information can be transmitted. ![]() ![]() Security concernsīut with wider use of mobile devices, and particularly BYOD, come increased privacy and security concerns. Where such initiatives exist, nearly all respondents reported higher patient experience scores. According to Spyglass Consulting Group, nine in 10 hospitals are investing in smartphones and secure mobile communications platforms to drive clinical transformation. And 91% of healthcare IT leaders in a recent JAMF survey said they would benefit from an enterprise-wide mobile device initiative. By far the biggest users of mobile devices are clinical care teams.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |