Doctors are not only increasing their use of mobile technology, but increasing numbers are bringing their own smartphones, tablets, and other personal devices to work. Recent surveys have found that about three-quarters of U.S. doctors are using their smartphones at work, and about 38 percent of those surveyed said they use both their smartphone and tablet for their jobs.
While more and more health care organizations expect and allow doctors to use their mobile devices for professional purposes, many are wary or uninformed about “Bring Your Own Device” (BYOD) in their offices. Practices are smart to develop a solid BYOD policy, since not doing so can be risky and lead to data breaches and even financial penalties. Here’s how to manage BYOD at your medical practice.
Both pros and cons to BYOD
Almost 50 percent of all doctors in the U.S. are now using smartphones, tablets, and desktops — all three of these devices — in professional capacities at work, according to a 2013 survey conducted by Epocrates. As EHR adoption increases and more EHRs become compatible with mobile, more doctors than ever are using mobile devices to document patient data.
While there are advantages to bringing your own device to work—the practice does not have to pay for employee-owned devices, for instance, and employees are more likely to be accessible and responsive on their own devices—the blurring of the line between personal and professional use raises the possibility that protected health information (PHI) could be exposed, among other risks.
That’s why it’s necessary to have a BYOD policy that holds employees responsible for understanding HIPAA requirements and how to protect the practice when using their devices at work.
What goes into a BYOD policy
Having a written BYOD policy in place is the first step. Here is an example of the U.S. government’s BYOD policy template. Note that it includes things like which mobile devices are approved for BYOD use and acceptable uses for those devices; which browsers, email programs, and apps may be used; how to store and transfer documents, etc. The BYOD policy should also discuss what to do if the device is lost or stolen, and what will happen if there is a violation of the policy. It’s a good idea to have a lawyer review the policy before you ask employees to sign it.
A written policy is not enough, however. Practices also need to train employees on BYOD. Don’t take for granted that people understand how to create secure passwords, for instance, or how to access only secure networks. One recent survey on BYOD found that while 89 percent of health care workers use their personal smartphones for work purposes, 41 percent of their personal mobile devices were not password protected, and 53 percent accessed unsecured Wi-Fi networks with their smartphones. Training staff on best practices is crucial to a successful and secure BYOD program.
While BYOD appears to be a more cost-effective option for practices, the issue can be more complex—and costly—than it seems. “The increase in IT costs associated with managing those devices both from a content and security perspective, getting them on the network, the whole HIPAA security piece … there’s going to be an increased cost,” Brent Lang, president and COO of Vocera, told Healthcare IT News.
Some practices may want to consider using mobile device management (MDM) technology, which allows them to configure, monitor, secure, and control mobile devices remotely. There are many vendors that offer this service to health care organizations. MDM can ensure that before a device connects to the corporate network, it has a secure password, a time-out maximum set, the proper encryption settings, a virus scan capability, etc.
Of course, BYOD is a lot simpler if you’re not using mobile to access EHRs and PHI. Lots of doctors use their smartphones and tablets mainly to look up reference materials for themselves and to provide educational content to their patients. Internet-based applications, in particular, offer many of the benefits of mobile without the risks, time, and costs associated with other uses.
To find out more about how doctors are using mobile technology and how we can help, contact us today.