An airplane pilot wants to bring his own propeller to work. A fireman insists on bringing his hose from home. A student says to heck with the text book the teacher wants me to read, I’ll find one I like better. These scenarios might appear to be somewhat preposterous but what if the pilot, fireman, and student insist that their “stuff” will allow them to work better, faster, and more effectively? What’s an airline executive, fire chief, and teacher to say in response? BYOD, short for Bring Your Own Device is the latest headache facing IT departments, especially in the healthcare industry, across the country and around the world. In increasing numbers, clinical and administrative employees are insisting on bringing their laptop computers, tablets, and cell phones to work with them. Security and compliance be damned! BYOD has employers scrambling to balance worker satisfaction, productivity, and the benefits of not having to pay for all this stuff, with the potential for sensitive data breaches, violations of privacy laws, and the need to have IT people well versed in supporting the variety of end user devices now being brought into the workplace.
Bring Your Own Device
BYOD (not to be confused with BYOB which might alleviate some of these headaches!), even has its own Wikipedia page. “BYOD is making significant inroads in the business world, with about 75% of employees in high growth markets such as Brazil and Russia and 44% in developed markets already using their own technology at work. In most cases, businesses simply can't block the trend. Companies like Workspot believe that BYOD may help employees be more productive. Others say it increases employee morale and convenience by using their own devices and makes the company look like a flexible and attractive employer. Many feel that BYOD can even be a means to attract new hires, pointing to a survey that indicates 44% of job seekers view an organization more positively if it supports their device.”
Challenges for BYOD in Healthcare
One of the biggest challenges for BYOD is in the healthcare industry. The electronic health record (EHR) mandate set by the federal government has doctors and nurses thinking instant access to information. Often times, that means using their own cell phones, laptops, or tablets but comes with the risk of exposing sensitive data, in violation of HIPPA regulations.
According to Anders Lofgren, writing for Health Management Technology, “banning devices outright isn’t an option (as) about 70 percent of IT specialists and physicians already use mobile devices to access electronic health records.” Lofgren suggests implementing a comprehensive BYOD policy as soon as possible. Here are some suggestions on what to include.
- Start by defining BYOD. Mobile phones may be permitted but iPhones, Android devices, and heaven forbid, Blackberrys, require different security protocols.
- Implement MDM. That stands for Mobile Device Management and basically means registering each and every device with your IT department. It’ll be up to IT to set security policies and determine how data will be accessed, stored, and used. They’ll also decide what Apps will be allowed or banned, a potential major hurdle for any BYOD policy. MDM will also mean new complex passwords, something employees generally dislike with a passion.
- Acceptable Use. Most companies have rules about corporate issued mobile devices governing what an employee can and cannot do. That policy needs to be reassessed with BYOD since personal devices can be used to access potentially offensive material using the company’s network connection. Do I hear 1st amendment lawsuit?
- Termination. What happens when an employee leaves the company? You can’t take back his or her phone but you do have to be able to remove email access and other proprietary applications. When will this process occur and how will it be enforced?
Embracing BYOD may be a necessity in keeping a 21st century employee happy and productive but like BYOB, liability questions can arise if an accident occurs on the way home!