The Implications of Bring Your Own Device (BYOD) in Healthcare

By November 11, 2015Health

Recent movements toward the democratization of data across information systems have fuelled a rapid uptake in the capabilities of mobile devices as a foremost means of access. The percolation of such influences through the foundations of organized healthcare has enhanced the spectrum of functions that medical professionals can employ in attending to patient needs. These include applications that extract and aggregate data from electronic medical records, harness neural networks on data sets to interpolate diagnoses on behalf of clinicians, produce timely drug references, or even interface with a sensor network to generate treatment compliance notifications and evaluate physical well-being. With a plethora of devices simultaneously connected to a distributed network, large quantities of data relating to potentially sensitive topics are exchanged every second across a complex web of stakeholders comprising doctors, caregivers, administrators, patients and their family members.

Connecting more devices and consumers to a network can confer the advantage of a broader array of patient cases from which to elucidate empirical insights. Furthermore, these would enable the current store of data to be employed in a growing set of circumstances, increasing the utility that each patient brings to the network. However, this same predicament could also undermine the viability of the mobile device network. A larger number of devices engaged with the network simply translates into a larger number of hazards from which unwanted intrusions into the network could occur, culminating in a spate of privacy breaches. Yet another cause for concern surrounds the interoperability of numerous network components that have developed around each other in an unmitigated fashion, imposing a huge strain on enforcing compatibility across different systems to facilitate information exchange, and in spreading finite computational power too thinly across a decentralized system.

Bring Your Own Device (BYOD) policies, therefore, offer a way for grappling with the security challenges associated with device usage within formalized healthcare information networks, such as those within hospitals, while helping to preserve the original mandate of these structures. This article highlights a number of key implications that BYOD may engender that are of immediate concern to the profession, alongside solutions that may be engineered to foster the productive development of the field.

BYOD could introduce multiple gaps in an otherwise closed network, possibly leading to data breaches. Paul McRae, director of healthcare solutions at AirWatch by VMware, discusses how healthcare systems are starting to involve mobile platforms as a workflow tool. Shrinking IT budgets often lead to compromises regarding non-performance related goals such as safety, leading to decisions not to purchase dedicated enterprise devices in favour of enrolling personal devices through WiFi networks. These trends were realized in part by the perception that data kept in a secure location accessible by mobile devices would diminish the need for data safeguards on the mobile device itself. However, the concentration of data at the nexus of a network with decentralized loci of entry control intensifies the risk of data theft, especially if personal devices in the network fail to encrypt data prior to transmission. As we discovered with the controversy that emerged when Anthem Inc was unable to adequately protect the social security numbers of 80 million customers, misplacing a single personal mobile device that lacks adequate identity verification mechanisms can result in the compromise of an unencrypted database. Experts postulate that having an integrated mobile device management security protocol that enforced a routine list of checks on all mobile devices accessing the network, while restricting access to devices with suitable decryption keys, could have limited the outflow of sensitive information considerably. However, this would be most feasible under an enterprise-level mobile device management plan managed by a single issuer, precluding the option of BYOD.

One of the major advantages to hospitals that advocate a BYOD environment is avoiding the costs of purchasing enterprise server-linked mobile devices for professional usage. Extending this line of logic further, we observe that it also combines professional and personal activities within a single point of contact, increasing the convenience and utility of an entity that has been gaining traction as an all-purpose device. The evolution of this trend could hypothetically diminish lag times in conveying professional alerts to healthcare professionals who would still be using their personal devices after work hours. However, research by Spyglass Consulting suggests the opposite. While 69% of hospitals interviewed reflect that medical professionals practice BYOD, it also indicates that typical hospital network infrastructures are far from well-equipped to handle this usage level. The report further contends that 25% of hospitals interviewed were dissatisfied with the quality and reliability of their wireless networks. Taken together, these results depict a dynamic in which usage convolution has dramatically spurred increments in network load in hospitals, resulting in trade-offs in terms of reduced bandwidth and network reliability in data service provision.

We would therefore require new methods of partitioning and approving network usage according to the priority of queries as a means of arbitrating between competing claims for resources in the interim, while focusing on extending the load bearing capacity of hospital network infrastructure to cope with heightening demand. As a start, traffic could be prioritized internally based on the application which issues data queries. At a hospital, for example, applications pulling critical information such as allergies from Electronic Health Records (EHR) would take precedence over costing applications, which would in turn be ranked ahead of social applications.

BYOD facilitates the movement of specialists such as anesthesiologists and radiologists between multiple healthcare facilities, which increases diversity of the contexts in which information is gathered and deployed. As specialists tend to be hired to fulfil highly niche roles within healthcare systems, it is also likely that they will experience the greatest degree of disintermediation when balancing between different facilities that run on different enterprise technologies. As such, they spearhead the BYOD revolution in owning the devices that are used to maintain connectivity, while leveraging the network assets of the facility for connectivity. A growing majority of end-user devices running on different operating systems echoes federal regulators’ call for a single network standard to establish a clear baseline for interoperability for encrypting all data on clinical wireless LANs. It is recommended that these standards also make provisions for flexibility in incorporating nascent forms of future technology, so as to enable unforeseen additions to the hospital’s wireless network at any point in time. To avoid dampening the incentives propping up the conversion to a BYOD paradigm, healthcare entities must invest resources in designing open-ended systems that are capable of commensurate levels of interoperability and security.