Mobile technology adoption in healthcare is widespread. According to the 2nd Annual HIMSS Mobile Technology Survey, 45 percent of clinicians now use mobile handsets to collect data at the bedside, a 30 percent increase from 2011. Twenty-five percent of clinicians reported that all data captured by mobile devices integrates directly into their organization’s electronic health record. Additionally, 36 percent of providers now allow patients to access their own medical information through patient portals on a mobile device.
This increased use in mobile tools across several facets of the healthcare spectrum demands recognition that security is vital, and a strict Bring Your Own Device (BYOD) policy must be in place and enforced. Data collection, storage and even sharing have become mobile and, as a result, healthcare environments must design boundaries to ensure patient information remains secure. The conundrum, however, is to also ensure that information is readily available and easily accessible to those who have the right to access. In other words, fencing the data to make it secure must not interfere with the ability to quickly and easily access the information. This would slow down caregivers and discourage patients in the process.
When thinking of mobility and data security, it’s important to step back and consider the separate stakeholders when it comes to BYOD. First are the healthcare providers, i.e., the doctors, nurses and technicians, who bring their personal devices to work. These stakeholders want their smartphones and tablets to work on the hospital’s or clinic’s network with the ability to access HIS, CIS, PAC, lab and other networked systems containing patient data. It’s up to the information technology department to provide that access while ensuring the data exchange remains secure.
Because these healthcare providers use their personal devices to access the health system’s network and applications to conduct their day-to-day activities, facilities must develop data security strategies that provide the same secure access for personal devices as for enterprise-grade devices purchased and maintained by the hospital. A doctor on call needs to access the healthcare records of his patient from home as easily and securely as he does when he is sitting at his desk with his work-issued laptop.
Second are the patient-access BYOD stakeholders. These are patients, visitors or family members who, for one reason or another, need to access the health system’s network while they are on campus. You need a BYOD policy that not only supports the healthcare providers who enter the data into your systems, but also considers the guest access of others trying to review their medical history, or spend time on internet sites to view local news, sports scores or online shopping while they are on your campus.
The network security protocols of patient access cannot come at the expense of secure data exchange at the provider level. Information exchange must be secure for the providers who ultimately access the same network as your guests. With the increase in mobility across healthcare, it is crucial to consider all side effects, specifically when it comes to data security. Putting the fence around the stakeholders while allowing easy, timely and guarded access will reduce the risk, improve the user experience, and help you meet your goals of developing and implementing a sound, reliable and trustworthy security strategy that supports a BYOD mobile environment for caregivers and patients alike.
Vivian J. Funkhouser is Global Healthcare Solutions Principal with Motorola Solutions, Inc.