The BYOD Movement In HealthcareNovember 19, 2013
“I recently had a security manager tell me the days he dreads the most are days after major holidays,” said Kenneth Kleinberg, managing director of The Advisory Board Company.
IT managers are very familiar with the sentiment. The days when staff members show up at work with their brand new smartphones and tablets is likely to be a day of high stress. IT professionals are supposed to encourage the adoption of new technology, not suppress it. But supporting personal devices in a carefully controlled environment is not a trivial task.
Kleinberg believes policies need to be in place that guide mobile use across an enterprise, but organizations should also be prepared to offer employees access to mobile management tools that can facilitate access and ensure security at the same time: “We need a continuum of approaches that take people from their desktop to a broad range of devices.”
At the mHealth Summit in National Harbor, Md., Kleinberg will participate in a panel discussion looking at interoperability issues. His focus will be on the security issues surrounding the Bring Your Own Device (BYOD) movement.
For Kleinberg, perhaps the most important thing for health IT managers to understand is that policy and technology have to work together if organizations are going to manage mobile security effectively. “Even the most motivated users, who are supportive of organizational policies, are still challenged to make sure they’re doing everything right,” he suggested. “So systems need to be in place that will support staff workflows properly. If you provide mobile device management solutions before access is granted, you’re both helping the user and protecting the organization.
Of course, mHealth takes many forms, and Kleinberg pointed out that the regulations and risks vary depending on the type of information and desired communication.
For example, he said, “there’s a new world opening with telehealth.” Questions with which IT managers must grapple involve how to manage communications between cooperating clinicians and with other stakeholders, including business associates.
“It used to be that only a few entities were responsible under HIPAA,” he said. “Now, however, it’s clear that associates have to be in the responsibility circle.”
And the complexity of these questions is only going to continue with the move toward arrangements such as ACOs, and as the movement of information keeps spreading.
Asked how many organizations support BYOD, Kleinberg breaks the healthcare sector’s response more or less into equal thirds. One third of organizations are embracing the trend, one third aren’t, and one third want to embrace it but are struggling to figure out how to go about it.
The good news, he said, is that the latest version of most devices are all better equipped to help managers deal with security considerations. On the other hand, he said, “every time you add a new product, you have both newer and older equipment to manage.”
Article written by Jeff Rowe