Michael Pinch, chief information security officer at the University of Rochester Medical Center, recently spoke to Healthcare IT Security about hospital bring-your-own-device policies. Pinch, who secures and manages more than 15,000 devices all across three hospitals connected to the organization's network, said that regardless if provider executives love or hate the idea of BYOD, that's where we are today. "You really can't put the cat back in the bag once you've [started allowing BYOD]," Pinch told said. "We just have to address the problem."
He said that his facility boasts a 100 percent encryption policy, regardless of storage medium. "[W]e write policy to the data, not necessarily the type of device," Pinch said. He advised dividing user access between those who touch protected health information (PHI) and those who are just researchers for an organization. Article