Bring-your-own-device (BYOD) has corporate IT departments in a bind, and the healthcare community is even more in trouble.
IT and corporate managers in general have long realized that they need to keep sensitive corporate data secured. This was relatively easy until the laptop, which took corporate data out into the world. Things got even more challenging with the emergence of smartphones, but the leading business smartphone company, Blackberry, was built for business use and therefore had a relatively good security foundation.
This hasn’t always been the case with other smartphone solutions, however, and BYOD means that IT departments have largely lost control of the security on devices that might carry corporate information. Mobile device management (MDM) helps, and there are solutions. But not every firm is using such tools, and getting the mix right can be tricky.
Healthcare is even more challenged by BYOD.
First, the stakes are higher. While corporate data is sensitive, hospitals also have to contend with HIPPA laws that are strict in limiting access to health records and what must be done to ensure adequate security. Like the financial industry, data security is even more heightened than it is for the average corporation.
Healthcare also has two additional challenges when it comes to BYOD: Those who must access the data are usually not employees like at corporations, and the data accessed is almost uniformly sensitive, in contrast to most information that business users access from smartphones and tablets.
“And hospital CIOs are equally worried about the broader security concerns inherent with BYOD,” noted Andrew Litt, M.D., chief medical officer for Dell (News - Alert)'s healthcare solutions. “How does one monitor or control the apps on all the different devices and make sure they are not a ‘back door’ into sensitive systems and data?”
The Internet of Things is also a security concern for the healthcare industry, he noted.
“The ‘things’ involved that concern hospitals are patient monitoring and diagnostic devices that are Internet enabled,” he noted. “Again, a very scary thought when you consider the sensitivity of the data that is being transmitted.
He added: “While these wireless medical devices currently exist, they now communicate by way of Bluetooth, transmitting data via a smartphone or computer that relays the data to the endpoint. Once these devices become Wi-Fi enabled, however, that buffer will disappear, creating yet another access point to the network.”
If enterprise IT departments are grappling with the challenges of mobility when it comes to data security, they should look at their healthcare counterparts for solace. It could be worse.