BYOD in hospitals? The debate rages on

By Howard Solomon, Network World Canada |  Consumerization of IT, BYOD, health care

Cost was one reason why Deaconess, which oversees six hospitals in the Evansville area, decided to let staff bring their own devices, Richardson said. The hospital doesn't have to pay for the devices, support them or worry about "device envy" when some staff get the latest version of a tablet and others don't. And, he said, people take better care of what they own.

Approved users get secure access to the wireless network through Citrix, a common solution several attendees said their institutions use. Security is ensured because no hospital data is downloaded to personal devices. Email is secured through password -protected access Deaconess' Microsoft Exchange server. In addition, the mail goes through Zix Corp.'s ZixMail, which automatically encrypts messages that have delineated sensitive words (such as social insurance numbers).

El Emam outlined a raft of security problems with privately-owned mobile devices that management has to face. One U.S. study showed that half of the data losses of healthcare institutions last year came from the loss of theft or mobile devices, he said.

There are security techniques including using Citrix, forcing users to have password access on the devices, enabling IT for the remote wiping of lost or stolen devices and setting up audit trails.

Make sure there's a formal agreement with users regarding the use of the device and accessing patient data, he said, including a requirement to report immediately the loss or theft of the device.

But he also warned of dangers: Many devices have "backdoors" to their operating systems so they can be serviced by tech staff. Users will have the freedom to download their own apps, which may be a hazard if they "leak" information. "My general perspective is you cannot trust developers," he said. Cloud service providers are another potential security hole.

"If everybody did the basic (security) things we'd be so far ahead," he said. But "if we don't take care of these risks there will be consequences."

Finally, Richardson acknowledged that BYOD may not be right for all health institutions. But, he told attendees, having a mobility strategy is better than not having one at all. "You're better off learning and moving down a path, even if you end up being wrong."

The conference, organized by the Strategy Institute, concludes Thursday.


Originally published on Network World Canada |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Consumerization of ITWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question