By Ken Congdon
A BYOD presentation I gave at the HIMSS13 conference back in March recently sparked some lively conversation in a HIMSS LinkedIn discussion group. Much of the discussion revolved around the security challenges and concerns that accompany a BYOD implementation. Several healthcare IT professionals, including Kent King, a hospital and healthcare IT consultant, argued that BYOD should be forbidden because of the PHI security risks.
Others, such as Mark Ackley, executive director at CHRISTUS Health, argued that BYOD offers workflow, communication, and patient care benefits that are too powerful to ignore.
The topic of BYOD in healthcare is an important issue that warrants this type of debate. Valid points can be made both in favor and against BYOD. My stance on this subject is simple — I feel the BYOD ship has already sailed and that healthcare IT professionals should focus on how to enable secure and effective BYOD policies rather than forbid the practice. Clinicians and end users are driving the BYOD trend because they want to use the devices (i.e. tablets and smartphones) they have become comfortable using in their personal lives on the job. Blocking this type of activity can not only be difficult, but counterproductive. For example, according to a 2011 study by Forrester Research, 37% of employees use noncompliant devices on corporate networks before formal permissions or policies are instituted. This is a strong indication that if employees really want to use personal devices at work, they will find a way — with or without corporate approval. Isn’t it better for employees to be able to engage in this type of activity under the watchful eye of IT (and within the policies the IT department outlines) rather than behind the department’s back?
Think SYOD Rather Than BYOD To Ensure IT Control
Much of IT’s BYOD concerns are rooted in the perception that BYOD erases the centralized control the IT department has over not only mobile devices, but the corporate data these devices have access to. The term ‘BYOD’ conjures up images of a ‘Wild West’ atmosphere where unknown (and potentially unlimited) devices must be managed and chaos reigns supreme.
Perhaps this is an error in semantics, because a BYOD strategy should by no means be a free-for-all. Instead, a sound BYOD policy should limit the devices and operating systems approved under the policy, and IT should have the controlling vote as to what is ultimately included. Perhaps Nick Vanduyne, VP of client engagement at Alere Accountable Care Solutions, said it best when he suggested a move from the term BYOD to SYOD (Select Your Own Device).
There’s no doubt in my mind that SYOD is actually a more accurate acronym to describe how healthcare IT departments should approach BYOD. By supporting iOS and Android, iPhone 4 and above, plus a few of the leading Android devices, a healthcare facility should be able to address 85+% of the user demand out there while providing IT with a more practical group of devices to manage. Of course, IT will have to stay up to speed on the latest mobile devices released and determine whether they will be added to or replace other devices approved under the policy.
By applying the right mix of encryption, virtualization, and MDM (mobile device management) software to a manageable group of personal devices, IT can retain control over the corporate data these devices access. In fact, these tools can extend many of the same centralized management capabilities (e.g. remote wipes, device/application monitoring, encryption enforcement, etc.) IT enjoys within a corporate-issued device environment to personal devices as well. When you think of BYOD in this fashion, it’s not quite as frightening a proposition, is it?
I encourage you to read the entire HIMSS LinkedIn discussion on this very important topic. 31 comments have been posted to date, and each one is insightful. If interested, you can also access my hour-long presentation from HIMSS13, “A Health IT Executive’s Guide To BYOD Management” via the HIMSS website. HIMSS has included my presentation in a special “Social Media Collection” of HIMSS13 session recordings. This collection included the seven educational sessions that got people taking the most in social media circles during the conference.