• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to secondary sidebar
  • Skip to footer

  • Opinion
  • Health IT
    • Behavioral Health
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Patient Engagement
    • Population Health Management
    • Revenue Cycle Management
    • Social Determinants of Health
  • Digital Health
    • AI
    • Blockchain
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • M&A
  • Value-based Care
    • Accountable Care (ACOs)
    • Medicare Advantage
  • Life Sciences
  • Research

3 Basics of Effective BYOD for Your Healthcare Organization

by Erica Garvin 02/12/2013 25 Comments

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

Imprivata’s David Ting talks about the basics of effective BYOD for your healthcare organization in successfully establishing mobile security.

Today, mobile technologies are changing the way we work and play. No doubt, there are benefits to tapping into the multi-screen world—but if you’re considering enacting bring your own device (BYOD) practices into your health organization— Imprivata’s David Ting warns not to enter the endeavor lightly. For all that glitters (or glows) from tablets and touch screens is not gold.

3 Basics of Effective BYOD for Your Healthcare Organization
Imprivata CTO, David Ting

“There’s no question that mobile is a convenient, efficient means of sharing information, particularly for an industry like healthcare where every second counts,” said Ting, CTO and co-founder of the healthcare IT security company based in Lexington, MA. “However, healthcare faces unique BYOD challenges because of privacy and security regulations, so it is important for CIOs to understand the risks and approach the problem with the right mindset.”

According to a report published by Ponemon Institute and Health Information Trust Alliance, 94 percent of health organizations surveyed (80 in total) had experienced at least one data breach in the last two years. The survey also estimated that US health organizations lose $6.78 billion annually due to lost or stolen data; not exactly ideal for an industry where patient privacy and HIPAA compliance is paramount.

Those findings suggest that healthcare organizations need to pay closer attention to their BYOD efforts to avoid such data dilemmas. According to Ting, you first have to firmly decide if you’re for or against BYOD all together. When it comes to BYOD, there’s a lot to consider and little room for ambiguity.

Of course, some organizations don’t want to enact BYOD policies because there are too many devices or device types to support. Larger mobile devices like iPads may call for even greater system requirements, and there are infrastructure issues to deal with. “Do you have the Wi-Fi coverage or will this put added burden on your network? It’s important to think about these questions because BYOD does create challenges not only for the IT organization in setting up the security, but  also can be a nightmare for desktop support,” said Ting.

Those wanting to stave off enacting BYOD can buy themselves some time by being vocal about such concerns. Still, mobile device use isn’t going away. According to Allied Health World, there are more than 40,000 mobile health apps on the market for smartphones and tablets today. Although not all of those apps are primed for physician use, there are many that are catching the eyes of those on call.

Thus, BYOD may be an inevitable reality for many health organizations, unless of course, they prefer the more costly alternative of deploying pre-authorized internal devices, which defeats the purpose of BYOD. However, with the right tools and techniques, health organizations can enact BYOD practices effectively.  Here’s a look at what he considers to be the basics of effective BYOD enactment:

1. Proactive Perspective

While policy is often deemed the guiding doctrine to any sound BYOD effort, Ting says that there may be something even more powerful to draw from when enacting BYOD—like a proactive, precautionary perspective.

“Any time you bring a new device into your system, think of it as already compromised,” he said. “It’s a device you have no control over that has been used as a personal device rather than a professional instrument.  It could have malware on it.  It may have none, but the weakest link is where your breach is going to be, so it’s imperative to begin your BYOD plan with that assumption.”

Starting with that point of view can help you efficiently evaluate the risks of having an “unclean machine” on your network. From there, you need to investigate what your clinicians really need on their mobile devices and whether that requires unilateral or bidirectional access.

Once you get a handle on what type of access you need, you can start creating the infrastructure to support that access be it through a browser, hosted desktop or hosted application. It’s best to do your homework on what works best for your organization because your selections have huge implications on how your system can be made secure, how much data can be stored locally, and what happens to a device that falls into the wrong hands.  “Again, it’s about building the surface area you need, and then, working back to safeguard that surface area from being compromised,” said Ting.

 2. Endpoint Integrity

Addressing the security issues associated with BYOD may seem daunting.  However, Ting said that ensuring you have the right technical safeguards is no different than establishing remote access for your IT system. “It’s a remote access issue, so treat it that way,” he said. “How do I guarantee the integrity of the endpoint? Today, you have to enforce endpoint security. You want to make sure your endpoint is secure and has the means to authenticate the user.”

It sounds like a tall task, but Ting said there are tools that can help you maintain the integrity of those endpoints efficiently, like Imprivata’s OneSign Anywhere. The secure solution provides strong authentication and application single sign-on (SSO) capabilities for unmanaged devices at remote locations or within an organization.  The product works similarly to Imprivata’s OneSign platform for desktop systems.

OneSign Anywhere was specifically designed for remote access, however. The solution allows you to control the internal applications you want to expose by providing granular access. “It’s a selective way to reduce the surface area of all your internal applications to one or two, and to have it managed securely,” Ting said. “It’s also nice and easy to support; there’s no software at the endpoint, and it eliminates password headaches.”

Regardless of how you choose to protect your endpoints, Ting said that’s where the solution to effective BYOD security lies. “Reducing the exposure for being compromised is priority number one, because it will happen. The question is—will you be ready when it does?”

3. Transparency through Technology

It’s not surprising that transparency of your security efforts is important. But Ting brings it up not as a reminder about the importance of policy or practice, but as a warning not to rely on it. “Transparency is extremely important, but you can achieve it by having the right tools to support your BYOD efforts. Tools like OneSign Anywhere don’t require the user to understand the safeguards that are in place. Their goal is to get their jobs done. The definition of bad security is when everything is left up to the user to secure.”

Ting certainly gives us plenty of food for thought as far as BYOD is concerned. A great deal of effort and investment is involved in any BYOD endeavor, no doubt. It’s still a fairly new practice. Perhaps technology needs to evolve a bit more before hesitant health organizations warm up to the idea—or as Ting suggests—perhaps it’s the thinking behind BYOD that needs to evolve.

“You won’t be able to anticipate every obstacle that stands in your way, but changing the way you think about the problem to assuming your devices are already compromised is one of the best defensive mechanisms you can employ.”

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

Tagged With: BYOD, healthcare it, Healthcare IT Security, HIPAA, Imprivata, Malware, mobile health, patient privacy, Ponemon Institute

Tap Native

Get in-depth healthcare technology analysis and commentary delivered straight to your email weekly

Reader Interactions

Primary Sidebar

Subscribe to HIT Consultant

Latest insightful articles delivered straight to your inbox weekly.

Submit a Tip or Pitch

Featured Insights

2025 EMR Software Pricing Guide

2025 EMR Software Pricing Guide

Featured Interview

Kinetik CEO Sufian Chowdhury on Fighting NEMT Fraud & Waste

Most-Read

Blue Cross Blue Shield of Massachusetts Launches "CloseKnit" Virtual-First Primary Care Option

Blue Cross Blue Shield of Massachusetts Launches “CloseKnit” Virtual-First Primary Care Option

Osteoboost Launches First FDA-Cleared Prescription Wearable Nationwide to Combat Low Bone Density

Osteoboost Launches First FDA-Cleared Prescription Wearable Nationwide to Combat Low Bone Density

2019 MedTech Breakthrough Award Category Winners Announced

MedTech Breakthrough Announces 2025 MedTech Breakthrough Award Winners

WeightWatchers Files for Bankruptcy to Eliminate $1.15B in Debt

WeightWatchers Files for Bankruptcy to Eliminate $1.15B in Debt

KLAS: Epic Dominates 2024 EHR Market Share Amid Focus on Vendor Partnership; Oracle Health Sees Losses Despite Tech Advances

KLAS: Epic Dominates 2024 EHR Market Share Amid Focus on Vendor Partnership; Oracle Health Sees Losses Despite Tech Advances

'Cranky Index' Reveals EHR Alert Frustration Peaks Midweek, Highest Among Admin Staff

‘Cranky Index’ Reveals EHR Alert Frustration Peaks Midweek, Highest Among Admin Staff

Madison Dearborn Partners to Acquire Significant Stake in NextGen Healthcare

Madison Dearborn Partners to Acquire Significant Stake in NextGen Healthcare

Wandercraft Begins Clinical Trials for Physical AI-Powered Personal Exoskeleton

Wandercraft Begins Clinical Trials for Physical AI-Powered Personal Exoskeleton

Chipiron Secures $17M to Transform MRI Access with Portable Scanner

Chipiron Secures $17M to Transform MRI Access with Portable Scanner

Abbott to Integrate FreeStyle Libre Glucose Data with Epic EHR

Abbott to Integrate FreeStyle Libre Glucose Data with Epic EHR

Secondary Sidebar

Footer

Company

  • About Us
  • Advertise with Us
  • Reprints and Permissions
  • Submit An Op-Ed
  • Contact
  • Subscribe

Editorial Coverage

  • Opinion
  • Health IT
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Population Health Management
    • Revenue Cycle Management
  • Digital Health
    • Artificial Intelligence
    • Blockchain Tech
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • Value-Based Care
    • Accountable Care
    • Medicare Advantage

Connect

Subscribe to HIT Consultant Media

Latest insightful articles delivered straight to your inbox weekly

Copyright © 2025. HIT Consultant Media. All Rights Reserved. Privacy Policy |