BYOD security: Where hospitals must focus their efforts

While healthcare facilities are slowly issuing mobile devices to staff and caregiver teams, it's not happening as rapidly as some would like. To that end, many healthcare professionals increasingly are tapping their own personal smartphones and mobile computing devices to help them do their jobs.

That, however, creates a big problem: the security issue (or lack thereof) when it comes to the information being shared, patient data being stored, images being housed, etc. One lost device, one misstep in emailing confidential data, a laptop stolen from a locker or a nurse's station means tremendous liability and legal headaches, not to mention the fallout in consumer trust.

As we reported last November, developing and deploying a BYOD program isn't something that can be done quick and it's not easy. It requires, as Penn Medicine discovered, months of planning, training, policy building and collaborative teamwork within an enterprise as it's not a project that falls solely to the IT organization.

As Penn's Associate CIO of technology, John Donohue shared, the BYOD strategy requires a hybrid flexible approach, and must incorporate comprehensive policies from use to data security to proper communications. But the key aspect, he stressed, is that a BYOD management plan gets support and endorsement from the very top of the organization, as well as the user population that must follow BYOD policies.

Another key factor, as Jeffrey Wilson of Albany Medical Center recently explained, is managing the human factor in the BYOD equation. According to Wilson--director of information services, assurance and IT security at the hospital--while device user training and security tools are essential, the human aspect must be addressed. As Wilson noted in an interview, there isn't any magic technology that can be engineered for the people factor when it comes to BYOD.

That's because the risk literally lies within the device user's hands. Inappropriate sharing of a photo, leaving a laptop exposed, texting about a patient's condition with someone outside the care team scope or mistakenly emailing a file or test result to an unauthorized entity can and will wreak havoc for everyone.

There is just one surefire way to eliminate the high risk and security issues inherent in BYOD; deployment of enterprise devices packed with quality tools and security gates around data and communications. Until that happens on an increasing scale, healthcare providers need to step up mobile device training and security governance to ensure the lowest level of risk is in play. - Judy (@JudyMottl and @FierceHealthIT)