5 key strategies for securing health care data in BYOD

Health / Pharma   |   
Published November 18, 2015   |   

It is no longer a secret that, mobile technology has taken over virtually every sector of the world with health care not an exception. Thanks to a novel technology and engineering tactics that pushed health care in many parts of the globe for a huge positive development. Moreover, it is thus no surprise that Mobile computing is one of the most addicted in the realm of health care. The basic reason being that mobile devices are a now part of health care employees as much as they are common in other industries. Adoption of mobile devices in health care has set a trend known as Bring Your Own Devices (BYOD).  You may have heard of the term, but what exactly is BYOD?

BYOD Definition and Benefits

In simple terms, BYOD is a concept whereby employees and professionals are allowed to use their mobile devices for work related aspects. It is also being encouraged in Healthcare facilities given the number benefits that associated with the trend. If we talk about its advantages, the following are some of its advantages:

1.  Utilization of Healthcare Infrastructure

The main advantage with BYOD is that the professionals can eliminate the need to carry multiple devices to achieve tasks. As a result, it leads to better utilization of infrastructure deployed by health care facilities. A good example of such an infrastructure is a wireless communication network in form of WLAN. Through such a network, cloud computing is feasible and very efficient in allowing user efficiency. Most health care companies spend a great deal of time and money in setting up such infrastructure so why not make good use of them?

2. Employee Satisfaction and Attraction of Talent

The key to business development is having a good Human Resource management base to build a company on. Human Resource entails proper employee management coupled with spot on talent recruitment techniques.  A research-by Xigo’s 2012 “Mobility Temperature Check” study found that the main reason behind the deployment of BYOD in organizations is to keep employees happy. Think of it this way, employees use devices like Smartphone in virtually any activity, thus wouldn’t it be wise to afford them the same Smartphone to access various functions at work? This next generation is full of passion for mobile devices. It is even safe to say that our lives are driven by this kind of technology. In terms of attracting talent BYOD adoption in health care could be used to lure new employees owing to the flexibility it affords. The point here is that BYOD can be used as selling point in a bid to beat off competitors in hiring raw talent.

3. Employee Productivity

BYOD is known be provide the flexibility that brings the best out of employees. Employees tend to visualize the chance to work from any place without experiencing too many impediments. In fact, research has shown that a health care organization’s productivity peaks when an employee is allowed to access health care functions from home. An employee can log into work related applications at home working extra hours, thus boosting organizational productivity unlike in the traditional way of working.

4. Reduced Costs

BYOD is a great trend to reduce the cost for health care organizations around the world. The key reason is that an organization can shift a portion of its hardware acquisition costs to employees in a passive manner. The tricky part with technological hardware and software is the rate at which it turns obsolete, thus companies are always forced to incur costs frequently to get new ones. With BYOD, employees use the latest technology that can solve the problem of spending budget for new models.

BYOD Risks

Of course with any technology, there are some cons associated. With BYOD, there are a number of challenges that are moving back the trend in health care, but the major one has got to be a data security breach. Statistics even show that the number of health care related data breaches has grown more popular than any other security breach! In 2013 for example, it accounted for 44% of all breaches, according to the Identity Theft Resource Center. Perhaps what has been driving these numbers is the invaluable nature of Personal Health Information in identity theft.


Another fact is that 1 out 10 American citizens have been affected in one way or another by a health care data breach. The interesting fact is that employee negligence was found to be the loophole behind this shocking statistic. According to the HIMSS Security Survey, employee access and handling of data is a major concern in the fight against this vice. Now, this is where the data security risk with BYOD make health care organizations cautious. The question that begs for an answer then is how can BYOD data be secured?

5 strategies to secure healthcare data in BYOD

Regardless of a companies’ stand in terms of BYOD, the trend has in a way or another passed into many institutions. This is to imply that BYOD data security is colossal to companies that have policies against the BYOD trend and employees that are already implementing it. There are a few strategies that can be effectively used to curb data breaches in BYOD:

1. Risk Assessment

The first step before implementing BYOD in health care is to assess all the risks associated with the system. For example, in the healthcare business, how many staff members have access to the patient information? The essence of this is to identify any loopholes that you will think possible in the future. Carrying out a data inventory and threat analysis plus an analysis of the current BYOD status is one way to ensure that the Personal Health Information will be kept safe on implementation.

2. Mobile Device Management

BYOD security in communication is best achieved through protecting data as it flows from one end to another. Mobile Device Management (MDM) is one powerful way of implementing such kind of security in mobile communications. This approach utilizes software platforms in aspects like configurations, software updates while also keeping an eye on the security of information. Choosing an MDM system that can manage phones from different platforms is a cost effective option for health care institutions.

The other key part of MDM is encryption of data in networks and devices. This can be done through the use of multi factor authentication and encryption algorithms. Containerization is another scheme that works effectively. In containerization, it allows IT to not only secure the data on a device, but also grants control to apps to access data and manage data sharing.

3. Policies

Create clearly defined rules and regulations before implementing BYOD is also one very important element in fighting data breaches in health care.  This is to ensure that users have a clear understanding of the device specs allowed, their roles and consequences of breaking regulations. For example, users should not be allowed to share PHI (personal health information) through file sharing platforms.

4.  Invest of Securing PHI

The biggest mistake that many health care organizations make is that they focus on securing devices in BYOD environment instead of PHI.  There is a limit at which one can secure a mobile device, in this way, one is advised to try and secure data flow and data access before allowing users to start using the system. Drawing a map of data flow is normally used to check and deploy PHI security procedures.

5. Do Not Compromise on Usability

Data security, integrity will not be enforced well without great user experiences in BYOD. User mobility is the ultimate goal of BYOD and it should not be compromised even though security layers have to go together with this feature. The best way to do this is to make sure of enough support in terms of IT staff that will smooth the use of BYOD systems in the health care facility


It is expected that health care will grow prone to hackers in the future, thus data security will grow primarily in all health care facilities. As hacking grows in size so should data security experts. To be safe, protection is a great step towards mitigating cybercrime disasters-prevention will always be much better than cure!