How to establish an mHealth BYOD policy

Getting an early start, taking a hybrid flexible approach and establishing a strong comprehensive use policy are key in developing a bring-your-own-device program within the healthcare environment, according to John Donohue, associate chief information officer of technology and infrastructure at Penn Medicine, in an article published at mHealthNews.

Penn Medicine's BYOD policy effort is almost complete and the organization hopes to have in place by year's end, Donohue said. A top aspect to the effort was getting top corporate support and addressing governance elements at the start, he notes.

"That policy will govern what type of devices we'll support, what type of mobile health applications we'll support, any information around stipends and reimbursement, appropriate use guidelines--so we feel very confident that we have a policy that will cover all the issues in a BYOD environment," he said in the article.

One of the toughest hurdles, Donohue said, was establishing the stipend/reimbursement model as well as drafting policy violation actions given data security and access issues as they relate to patient privacy.

"We're pretty serious about making sure people use these devices appropriately and not putting anything PHI-related at any risk whatsoever," he said, adding that they "will not make any exceptions."

Data security and patient privacy are top challenges in the overall mHealth environment, whether it's creating new apps, tapping smartphones to work as monitoring devices or getting patients to embrace mHealth tools.

A recent Forrester report reveals just slightly more than half of healthcare employees are using full-disk encryption or file-level encryption on mHealth computing devices used at work. And an IDG Connect study reported the global healthcare industry is not keeping pace when it comes to mobile device security, specifically unsanctioned device and application use.

For more information:
- read the article

Related Articles:
Weak mobile device security bodes big risk for hospitals
Mobile device security in health industry 'immature'
FTC mobile health privacy revelations deserve more attention
How hospitals handle mHealth security
Researcher: Security, privacy low on priority list for mHealth innovators