A 4-step plan for IT consumerization in health care
IT consumerization – the trend of employees using their own personal mobile devices for work – is catching on in all industries, including healthcare. That can be a good thing thing for organizations – or if it’s not planned for properly it can create new risks and dangers.
Smartphones and tablets can help doctors while they’re caring for patients, as well as help other staff members do their jobs more efficiently. That’s why 85% of hospitals allow doctors and staff to bring their personal devices into work, according to one recent survey.
But despite the benefits, there are issues that must be planned for by health IT pros. Allowing personal devices on the hospital’s network can create new security risks due to lost or stolen devices, mobile malware and other threats.
Here are some steps health IT departments can take to get the most from IT consumerization:
1. Decide who will own the devices
IT consumerization has taken off because employees want to be able to use technology of their choosing while they’re at work. Organizations can allow that in two ways:
- Supporting approved smartphones and tablets owned by employees, and
- Purchasing devices that employees choose.
What the organization decides to do will depend on several factors, such as security concerns and how much control over the device is needed. For example, some may choose to purchase devices that will be used to access sensitive data so that the organization has as much control as possible.
2. Approve and configure devices
Some organizations publish a list of approved devices so that they don’t get support requests for a smartphone or tablet that doesn’t meet security or other requirements.
If a device is approved to access the organization’s network, it should be configured to enable encryption, remote wipe and other security features. IT should write a policy stating what can be done to employee-owned device and have people sign off on it. If, for example, the organization might need to wipe a lost smarphone, doctors and staff should know that’s a possibility when they start using a device for work.
3. Choose software wisely
Organizations have many software options available to help them manage consumer devices brought onto their networks. That includes mobile device management (MDM) software
Many organizations, especially in health care, are also looking into virtualization and web-based clinical applications. Those are two ways to let mobile devices access sensitive medical data without storing any of that information on the device.
4. Train doctors and staff about the dangers
In addition to security concerns, experts warn that mobile devices in hospitals can also distract doctors and lead to dangerous errors. New policies and training for staff can help remind everyone to use those gadgets safely.
Also, warning people about the dangers of lost devices and training them on how to avoid mobile malware can help avoid those problems.
- Experts predict more lawsuits, data breaches against healthcare providers in 2012
- Tracking and Reporting Health Care Professional Spend
- State governments plan 2012 health IT agenda
Below are a few free resources you may find useful.