Thursday, July 18, 2013
Healthcare providers must account for BYOD
Secure File Transfer
Bring your own device (BYOD) has proven itself to be among the most powerful, and disruptive, IT trends to emerge in recent years. With BYOD, employees are able to become more flexible, productive and satisfied with their jobs. And while BYOD has benefits for organizations in just about every sector, there are some industries where it is particularly well-suited, and key among these is healthcare. Doctors, nurses, clinicians and other healthcare professionals have eagerly adopted BYOD, and many more are likely to follow.
This presents a tricky situation for the healthcare providers. The advantages offered by BYOD are too great to ignore, yet the policy also features significant security concerns. With all this in mind, industry expert James Christiansen, chief information risk officer at RiskyData, recently told Government Health IT that a tipping point has been reached and it is now critical for healthcare providers to develop strategies and invest in secure file sharing and other tools to manage the expansion of BYOD.
BYOD in healthcare
BYOD in the healthcare sector is unique for two major reasons. First, doctors and other healthcare professionals are typically more mobile than workers in other sectors. A doctor working in a hospital will likely move rapidly from patient to patient, each stationed in a different room, as well as visit various labs and offices. BYOD is therefore extremely valuable for such workers, as it allows them to maintain access to necessary patient data and medical records at all times. If these professionals are forced to rely on printouts or desktop computers, accessibility will be greatly compromised.
And while organization-issued mobile devices can provide the same level of accessibility, this is an expensive option for many healthcare providers, and the doctors themselves almost always prefer to use their own devices, with which they are far more familiar.
The second key factor is that the information accessed by healthcare professionals is extremely sensitive. While a data breach will be damaging for any organization, the case is much more serious for a healthcare provider, as the information exposed will likely contain patients' medical and financial data. Organizations have a serious responsibility to protect this information, and yet BYOD inherently increases the risk of a breach. After all, every device used by a doctor, nurse or clinician can potentially contain such sensitive information and is susceptible to being lost, stolen or hacked.
In order to leverage BYOD policies effectively while minimizing risk, Christiansen asserted that organizations must become more aware of where information is being stored and accessed, according to the news source. Too frequently, he explained, data breaches have been caused by lost devices that had access to information which was both sensitive and irrelevant to the owner's job functions. If the healthcare provider exercises greater control over who has access to what data, it may be able to limit both the number of breaches which occur and the severity of such events.
He further noted that it is difficult, if not impossible, for organizations to truly monitor and control both access and distribution points, thanks to the expansive, independent nature of BYOD.
With this in mind, it's especially important for healthcare providers to pursue and implement secure file sharing solutions. By making these tools available to all BYOD participants, organizations can improve data protection without the deployment of a burdensome or intrusive security solution that would be unlikely to prove effective. Instead, stakeholders are empowered to protect their own devices.