A recent study has shown that BYOD (bring your own device) is decreasing amid concerns around data security. Of the organizations surveyed, 73% allowed BYOD, down from 88% in 2014. This is in contrast to the Gartner research conducted at the end of 2014, which projected that 90% of organizations would support some aspect of BYOD by 2017.
High profile data breaches have no doubt contributed to the decline, with BYOD being seen as too high risk. 81% cited concerns for data security as the primary reason for not adopting BYOD. In addition to this, BYOD policies are challenging to implement, and of those surveyed that allowed staff to use their own devices, nearly half did not have a defined BYOD policy in place.
There are huge cost savings that can be made by permitting BYOD, and this is a major factor for many organizations. Providing members of staff with enterprise-owned devices is costly, but the reality is, staff and patients will benefit from the adoption of smartphones and tablets within an organization making BYOD an attractive option. Aside from the cost savings, the use of mobile devices allows for better communication between members of a care team, as well as speeding up access to patient records and improving workflow.
There are downsides to BYOD besides data security concerns: Wi-Fi infrastructure, IT support for users, devices being used for personal reasons during working hours, and the use of unapproved, potentially malicious apps and software being downloaded to a device are all reasons that need to be considered before deciding whether BYOD is right for your organization.
There is also the matter of privacy to consider. While an organization will want to ensure that a personal device is meeting the criteria from a data security perspective, the staff member may feel that as it is their device, they have the right to use it however they see fit and that it encroaches on their privacy if the device is being monitored or checked frequently.
With employee negligence and lost and stolen devices being the most likely reasons for a data breach in the healthcare sector, the risk of breaches from BYOD has the potential to be much higher than enterprise-owned devices. Staff may also be more likely to lose their own devices, or leave them unattended in places where they are at a higher risk of being stolen. Enterprise owned devices are typically equipped with the technology to remote wipe devices, encryption, HIPAA compliant apps and approved for use software, multi-factor authentication, in addition to being more closely monitored by the organization.
BYOD can be deployed effectively providing there are sufficient measures in place to prevent misuse of devices and data breaches. All organizations need to be certain that they meet HIPAA compliance and are not in violation of the HITECH Act.