Today, I had the pleasure of participating on a panel discussion about BYOD with Dr. Mark Blatt from Intel and Bruce Michelson from HP. It was a highly interactive discussion where a number of the attendees asked questions and shared their thoughts and observations on this topic. It's clear to me that BYOD is still a controversial, complicated topic and we need more guidance on this topic in the health care environment. Most physicians and nurses do not fully understand the technical implications associated with data encryption, mobile security management, and remote data persistence on mobile devices. They also do not have a technical understanding behind some of the fundamental security issues and features that distinguish business mobile devices from consumer devices.
I believe that BYOD is a phenomenon that is here to stay in health care. We may not like it, but it's almost impossible to eliminate. Physicians and nurses are going to bring their own devices, even if they can't access patient data on them. They will use their smartphones to take pictures of rashes on lesions on patients. They will use their mobile devices to communicate with other clinicians.
CIOs and other health IT executives need to know how they will handle these BYOD challenges. There are some good mobile device management or MDM solutions that can get installed. We're also seeing mobile operating systems evolving to offer features that are designed to address some of these BYOD headaches.
Are we at a point where we have enough best practices to guide BYOD policies? I feel that BYOD policies must be tailored for each organization based on factors like: 1) Do you have students or residents/fellows? 2) If you do, will you allow these transient users to have access to the enterprise network? 3) Are these devices storing personal health data, or are they only accessing the data remotely? 4) What type of data persistence will you allow if you're accessing data remotely? 5) What changes do you need to make to your wireless infrastructure to accommodate BYOD? 6) How will you define what is personal vs business information on someone's mobile device? 7) Will you be able to wipe/erase the data if the mobile device is powered off and not connected to a wireless network? 8) What are the risks involved with allowing your clinicians to bring their own device? 9) Which types of devices and mobile operating systems will you be supporting? 10) How will you monitor and enforce your BYOD policy?
I also want to reference a presentation here at HIMSS by Dr. Steven J. Davidson and Gregg H. Malkary titled, "Mobile and Wireless Technologies in the Hospital--Now and Soon." You can view their slides here (PDF). This year at HIMSS, there were over 15 sessions focused on mobile or mHealth.
BYOD is here. Are you ready for BYOD? Does your organization have a BYOD policy?
HIMSS13 coverage is sponsored by HP. HP’s extensive portfolio of products, solutions, services and relationships can help your healthcare organization achieve quality business practices and provide quality patient care.