Survey: Many organizations lack effective mobile device policies
More employee-owned devices are being brought onto healthcare organizations’ networks, but policies for using those devices haven’t kept pace.
That’s the gist of a recent survey of 654 IT professionals, including 151 health IT pros, from CDW.
More than two-thirds of respondents say they allow employee-owned devices on the organization’s network. However, fewer than that have an effective policy for dealing with those devices, which may leave many organizations open to the risk of data loss or other incidents.
For example, 42% of organizations said they their policies for employees’ personal mobile devices are less strict than those for devices issued by the organization — even though employee-owned devices typically pose the greater security threats of the two.
One possible explanation for the discrepancy in how mobile device policies are applied is that it’s simply easier to control what happens with a device that’s purchased and managed by the organization.
However, organizations must be sure that they deny network access to devices that fail to meet specified security requirements. Experts recommend IT departments require employee-owned smartphones and tablets to be equipped with features such as encryption and remote wipe. IT should inspect devices before they’re allowed on the network and require users to sign off on the policy first.
The signed policy should also be specific about what the organization is allowed to do with an employee-owned device after it’s approved. For example, it’s a good idea to let users know the device may need to be wiped of all its data if its ever lost or stolen.
- Experts predict more lawsuits, data breaches against healthcare providers in 2012
- Hospital employee posts patient’s name and medical info on Facebook
- Help doctors use social networking safely: 3 keys
- Study: Providers want health information exchanges, but lack budgets to deploy them
Below are a few free resources you may find useful.