‘Bring Your Own Device’ (BYOD) –
The potential benefits of using BYOD build a strong case for its consideration. Users get to access the Internet and workplace services via their own, and most likely, favourite device, be it a smartphone, or a tablet etc. The potential for the organisation to save on buying separate equipment for this task is undoubtedly an attractive one. For some organisations this can be a highly successful route to IT provision, but whilst the freedom of using your own device offers distinct benefits it also brings a fresh set of issues and potential problems – and the most pressing of these for the health sector is the one of security.
When dealing with patient records, surgery administration or other sensitive information security is an obvious concern. Like most secure IT systems, healthcare security is only as good as the end point, i.e. the equipment that the user relies upon for access, and this is where a basic BYOD strategy can start to show its flaws. Even if the organisation’s servers are secure, it is much harder to ensure that the user’s own device matches this level of assurance – unfortunately presenting another set of IT challenges. Administering a large number of BYOD users and offering fully secure access (across any number of different potential software and hardware platforms) is easily as resource-
Justified fears over security do not necessarily rule out using technology in new ways to offer greater productively with reduced costs though. It’s an accepted fact that using well targeted unified communications systems (i.e. those that work in tandem across different technology platforms such as telephones, pagers, email, IM etc.) can offer real-
Fears over users taking away devices (and the data stored on them), when they move to another role and employer for example, are just as founded as anxiety over information being vulnerable to outside influences. Fears over the security of BYOD centre around the fact that users can (and have the right to) take their device away with them outside of their role. If the device is actually owned by the health organisation there can be much more stringent controls over the security software and other applications that are installed. Unauthorised software, such as spyware and viruses, updates and external links to software are all potential risks to security. The whereabouts of the devices and the functionality they have to operate outside the organisation’s designated areas or sites requires very strict controls, if highly sensitive data is to be secure. For example, it is easy to install security software on mobile devices that can complete a remote wipe of all data in an emergency that either locks down or deletes any potential data on a stolen or lost device and makes the failure of recovery much less serious. However this exposes the business to potential problems, such as the cost of replacement (for the latest devices) and a lack of continuity –
Hospital owned systems are rigorously maintained and updated to meet the highest levels of quality demanded for such an important sector, who deal with life and death situations. If members of staff use their own, unregulated devices as their primary method of communications there are potentially serious gaps in the audit trail. A vital member of the operating staff, for instance, will rely upon receiving information quickly and accurately to react to emergencies. If the BYOD fails to do this (perhaps through poor signal or another unforeseen problem), where does the hospital and the individual professional stand with regards to liability?
Ultimately there are important beneficial ideas for the health sector to learn from the BYOD phenomenon, even if it is unlikely to be able to wholly embrace it. BYOD can show ways of working that are natural to workers, especially younger workers who are more likely to choose their own communications methods and tools, but maintaining ultimate control over the outcome is the key. It’s unlikely that an ‘off-
Efficiency and performance in the healthcare industry comes from dedicated staff using dedicated tools, the problem is one tool does not suit all. Allowing staff to use the right device for their needs, whether a smartphone or tablet, DECT phone or pager, all needs the careful control of a dedicated IT / Telecoms department, to provide the right access, privacy and security demanded in a highly critical and important environment.
Download a Copy