The Implications of Bring Your Own Device (BYOD) in Healthcare

By November 11, 2015Health

Recent movements toward the democratization of data across information systems have fuelled a rapid uptake in the capabilities of mobile devices as a foremost means of access. The percolation of such influences through the foundations of organized healthcare has enhanced the spectrum of functions that medical professionals can employ in attending to patient needs. These include applications that extract and aggregate data from electronic medical records, harness neural networks on data sets to interpolate diagnoses on behalf of clinicians, produce timely drug references, or even interface with a sensor network to generate treatment compliance notifications and evaluate physical well-being. With a plethora of devices simultaneously connected to a distributed network, large quantities of data relating to potentially sensitive topics are exchanged every second across a complex web of stakeholders comprising doctors, caregivers, administrators, patients and their family members.

Connecting more devices and consumers to a network can confer the advantage of a broader array of patient cases from which to elucidate empirical insights. Furthermore, these would enable the current store of data to be employed in a growing set of circumstances, increasing the utility that each patient brings to the network. However, this same predicament could also undermine the viability of the mobile device network. A larger number of devices engaged with the network simply translates into a larger number of hazards from which unwanted intrusions into the network could occur, culminating in a spate of privacy breaches. Yet another cause for concern surrounds the interoperability of numerous network components that have developed around each other in an unmitigated fashion, imposing a huge strain on enforcing compatibility across different systems to facilitate information exchange, and in spreading finite computational power too thinly across a decentralized system.

Bring Your Own Device (BYOD) policies, therefore, offer a way for grappling with the security challenges associated with device usage within formalized healthcare information networks, such as those within hospitals, while helping to preserve the original mandate of these structures. This article highlights a number of key implications that BYOD may engender that are of immediate concern to the profession, alongside solutions that may be engineered to foster the productive development of the field.

BYOD could introduce multiple gaps in an otherwise closed network, possibly leading to data breaches. Paul McRae, director of healthcare solutions at AirWatch by VMware, discusses how healthcare systems are starting to involve mobile platforms as a workflow tool. Shrinking IT budgets often lead to compromises regarding non-performance related goals such as safety, leading to decisions not to purchase dedicated enterprise devices in favour of enrolling personal devices through WiFi networks. These trends were realized in part by the perception that data kept in a secure location accessible by mobile devices would diminish the need for data safeguards on the mobile device itself. However, the concentration of data at the nexus of a network with decentralized loci of entry control intensifies the risk of data theft, especially if personal devices in the network fail to encrypt data prior to transmission. As we discovered with the controversy that emerged when Anthem Inc was unable to adequately protect the social security numbers of 80 million customers, misplacing a single personal mobile device that lacks adequate identity verification mechanisms can result in the compromise of an unencrypted database. Experts postulate that having an integrated mobile device management security protocol that enforced a routine list of checks on all mobile devices accessing the network, while restricting access to devices with suitable decryption keys, could have limited the outflow of sensitive information considerably. However, this would be most feasible under an enterprise-level mobile device management plan managed by a single issuer, precluding the option of BYOD.

One of the major advantages to hospitals that advocate a BYOD environment is avoiding the costs of purchasing enterprise server-linked mobile devices for professional usage. Extending this line of logic further, we observe that it also combines professional and personal activities within a single point of contact, increasing the