As we all find ourselves buried in gadgets, it is hard to recall a day when we walked out of the house carrying nothing but a purse or a wallet. Somehow we survived a day without “checking-in” with someone or something.
With the emergence of a 24 hour news cycle, we have grown accustomed to having real-time information at our fingertips whenever we want. This up to the minute mentality is now spilling over into what seems like a 24 hour work cycle, with our work coming home with us via our smart phones or laptops. For many, there is very little time in your day when you are truly disconnected. As we move toward ramping up mobile communication between home and office, many find themselves needing a backpack just to juggle all of their devices, such as your work phone and your personal cell phone or your work tablet and your personal tablet.
To minimize some of the stress of having to manage all of these devices (or to offset the lack of a company’s internal infrastructure), individuals and their companies are exploring or have employed procedures to authorize the use of personal devices often referred to as “BYOD” or “bring your own device” policies. For companies that do not need to invest extra capital in hardware, such a plan is a major cost savings. Alternatively, for employees that can access their personal data as well as work data in one step, these plans are super convenient. Sure the benefits can be easily quantified, but at what expense to the integrity and security of patient data.
Clearly, many of the security concerns associated with mobile devices are the same whether the device is issued by a company or is the employee’s personal property. It is of supreme importance that the devices are equipped with safeguards stipulated in the HIPAA rules and the HITECH Act. However in cases where the device is owned by an employee, it is necessary for companies to have strict and enforceable guidelines in place to protect patient data. These rules may mandate the deployment of specific encryption solutions or prohibiting certain applications. Whatever these rules might be, it is important that health care providers ensure that the convenience of having these attractive BYOD programs does not place patient data at risk.
So as you weigh the merits of a BYOD program, don’t forget to consider all of the facts. If you are an employer, do you have a strong policy in place to protect your company’s sensitive information? If you are an employee, will using your personal equipment and the restrictions that you may have to adhere to prove to dissolve any of the convenience you thought you might enjoy? In the end, there are clearly ways to strike a balance between the desire to expand access and the need to protect patient data. It is up to all sides to make informed and educated decisions before moving forward with a BYOD solution…so are you ready to say “Bring it on…”?