Privacy, Security Protections Needed for Health Care BYOD Policies
May 21, 2015 in News
While the so-called Bring Your Own Device, or BYOD, movement, has increased the use of mobile tools in recent years, stakeholders say additional privacy and security protections are needed before physicians can use their personal mobile devices to access patient’s medical records, mHealth Intelligence reports.
According to mHealth Intelligence, research and analysis company Mind Commerce estimates that workplaces will use two billion BYOD devices by 2020. mHealth Intelligence reports that a large portion of that growth could come within the cloud sector, particularly in the mobile health industry.
Currently, many BYOD policies and strategies allow employees to access work-related data through their personal smartphones and tablets. However, some stakeholders say that additional safety and privacy protections are needed before such strategies can be implemented in the medical field.
To address the issue, Information Age published recommendations for health care organizations to implement BYOD within the medical care setting while also protecting patients’ data. For example, it suggested that health care organizations:
- Create registries of all connected devices that allow their IT departments to detect any unauthorized use of the devices or potential security issues;
- Implement mobile device managements systems to bolster device tracking and mobile health application use;
- Require passcode entry controls on all connected devices;
- Require staff to use company-appropriate apps when completing work-related tasks and set network access conditions to help reduce the potential for data breaches and security issues; and
- Require VPN set-up phases and ensure that all connected mobile health devices support VPN connectivity.
Further, Information Age recommended that for “ultimate data security,” companies implement standards that “keep personal and corporate data and apps separate.” It noted that “[s]ome device manufacturers have” created programs that allow “device owners to separate ‘work’ and ‘home’ apps and data,” which can help achieve that goal (Gruessner, mHealth Intelligence, 5/19).