Many organizations in the healthcare field are now implementing BYOD policies that permit employees to work with their personal laptops, tablets, and smartphones – Is it the right call for your organization?
Who would have thought, even twenty short years ago, that you could use a little phone to do work instead of a big clunky computer? That’s today’s reality and tomorrow’s norm. However, with this new wave of change in the workplace, there comes many risks and rewards to both employers and employees.
The ever-rising ubiquity of mobile devices among private consumers has quickly led to them being used for healthcare organizations as well, and that’s not necessarily a bad thing. Mobile devices have made it easier to get work done while on the go, with laptops, tablets, and smartphones providing a simple way to share and review documents, stay in touch with employees, and more.
However, as convenient as mobile devices are, they aren’t guaranteed to be secure, especially when dealing with private health data. That’s why many healthcare organizations have started implementing Bring Your Own Device (BYOD) policies.
BYOD is a company policy that dictates how your employees use their personal devices for work purposes, prioritizing security above most other concerns.
Benefits of BYOD include:
- Cost-Efficiency: Having your staff use their own personal devices for work means that you don’t have to pay for the technology they’d be using otherwise. Depending on the size of your organization, that could mean potential savings of thousands of dollars that would have been necessary to pay for tablets and work phones.
- Convenience & User Experience: Allowing your staff to use their technology also means there’s no pesky learning curve to overcome with new devices. Instead of having to ensure your staff knows how to use the hardware at work, they can simply use the phone, tablet and/or laptop they’re already familiar with.
However, as is usually the case, with greater convenience comes greater risk. Lost, stolen or compromised devices are a major liability for healthcare organizations that allow their employees to use personal devices for work purposes.
Bring your own device policies can be broken down into three important areas of review.
- Determining which software applications are required to manage devices connecting to the network.
- Preparing a written policy outlining the responsibilities of both the employer and users.
- Ensuring users sign an agreement acknowledging that they read and understand the policy.
This is where things get tricky. You can create all the policies you want–write them up and discuss them until you’re blue in the face, but how do you truly enforce them? The answer is that you can’t.
You can’t control what employees do even if they sign an agreement of usage. So, it stands to reason that you must be very careful when hiring employees. Trust is crucial. You must be able to count on your staff to do the right thing all the time.
What About BYOD And Cybersecurity?
The fact is that cybersecurity in healthcare IT is more difficult than other sectors. It requires a lot of data sharing with a lot of different people, more so than in other sectors. It exists on more different devices in more dispersed settings. The complexity and breadth of health IT systems have increased.
There are complex and ever-evolving government standards that can be hard to understand but must be complied with, and the data being dealt with has a high market value and a high negative impact on individuals if it becomes compromised.
Don’t forget–software and hardware are replaceable, but company data is not. In a BYOD workplace, organizations lose much of the control over the equipment and how it’s used. After all, how do you tell an employee what they can and can’t do with their own laptop or smartphone? Company-issued devices, on the other hand, are protected by company-issued security that is controlled by the IT department.
BYODs are beneficial for healthcare organization because they save time and money; instead of investing in healthcare organization-owned mobile devices and training employees to use them properly, BYOD allows the healthcare organization to let their employees supply a device that they’re already comfortable using. It’s good for employees and the healthcare organization as a whole.
Do you have a BYOD policy in place at your healthcare organization? This policy dictates how your employees can use their personal devices for work purposes. An effective BYOD policy should also instill safe and secure practices for employees that use personal devices for healthcare organization travel.