What is BYOD?
For those who may not already be familiar with it, BYOD stands for “Bring Your Own Device,” and it refers to the practice of allowing employees to bring and utilize their own computing/mobile devices—smartphones, tablets, laptops, etc.—within the office/company to be used for business/work purposes, including allowing them to connect to a company’s secure network with said devices.
A plethora of blogs and news articles on the topic of BYOD have been popping up all over the internet in recent years. While some articles express various apprehensions and concerns about BYOD, often claiming it presents an unsolvable security risk situation, a great many more of these articles point to BYOD as the “new normal,” a necessity of conducting business in the New Media Age. Whether for or against the practice of BYOD, however, it seems as if everyone is going to have to accept it at this point, because it looks like it’s here to stay.
This shouldn’t be all that surprising, of course, if you consider that BYOD was seen as a novelty idea when it was first introduced in 2009. Within only a few years, it had already become a widespread practice (in an impressively short period of time). A recent study by Tech Pro Research found that 74% of all organizations currently either have or are in the process of implementing BYOD, up from only 44% in 2013. In the healthcare industry, the rise of BYOD has grown even more rapidly. As far back as 2012, a survey by Aruba Networks found that over 85% of hospital IT departments had already implemented at least some form of BYOD and that 83% of all healthcare IT professionals allowed employees to use iPads on their networks. In 2013, Wolters Kluwer Health reported that roughly 80% of all physicians were using their own mobile devices for professional or clinical purposes. Through 2015 and beyond, these numbers are expected to keep rising.
Most would agree that BYOD will soon become a nearly universal practice, not only in healthcare but in workplaces in various industries worldwide. And there are plenty of reasons for this prediction. There are a lot of advantages to having BYOD in the workplace. Of course, there are also a good number of risks associated with it.
Unfortunately, there isn’t really a way to take advantage of the useful parts of BYOD without also dealing with the bad stuff that comes along with it. This blog series has been created to help our readers navigate the sometimes tricky (and, in terms of cybersecurity, potentially risky) realm of BYOD. In this first installment, we are going to take a look at both the pros and cons of adopting a BYOD environment in a healthcare workplace. In later articles, we will go on to discuss the various security tools, HIPAA standards, encryption methods, and internal/office policies for maintaining a BYOD environment that is private, secure, and (perhaps most importantly) HIPAA compliant.
I’m reminded of something a Marine Corps buddy of mine used to be fond of saying:
“I’ve got some bad news, and I’ve got some good news.”
First, the Bad News
We might as well get the bad stuff out of the way, right? As already mentioned, there are some drawbacks and risks involved with having a BYOD environment. For healthcare practices, there are three main issues that one needs to be aware of before deciding whether or not to adopt the practice of BYOD:
- Cybersecurity Risks: Remember, BYOD means allowing employees to use their own devices, often on the office network. Unless you have implemented a specific BYOD policy (we’ll cover how to implement a policy later in this blog series), you have no way of knowing how safe their devices are. Employees may not have tools in place for protecting their devices from malware or viruses. They might not be keeping their phones/devices locked with a password or PIN. And, perhaps most common and likely, employee devices often get lost or stolen.
- HIPAA: To be honest, HIPAA should be a concern when using just about any electronic device or digital medium in healthcare professions. A lost/stolen BYOD device without proper security tools (again, we will cover these later in this blog series) could get your practice slapped with a HIPAA violation. And, as many healthcare organizations have learned the hard way in recent years, Protected Health Information breaches can be very costly.
- Interoperability/Compatibility Issues: Most people are aware of the fact that different phones/devices run on different mobile operating systems (OSs)—iOS, Android, Windows Phone, etc. Unfortunately, mobile OSs are rarely if ever designed to play nice with others. Also, some devices can do things that others cannot and vice versa. This means that some employees may not have devices that are compatible with the apps your office uses, or may not be able to perform certain functions (for example, some tablets are equipped with USB ports while others are not).
Luckily, that’s about the worst of the bad when it comes to BYOD. While none of the above issues should be seen as unsolvable, they can lead to serious problems if not properly addressed in advance. In the later articles of this blog series, we will offer you more information and refer you to useful resources for dealing with the abovementioned issues.
Now, for the Good News
Despite the risks involved (which, as already mentioned, can certainly be handled if the proper measures are taken), adopting a BYOD environment can come with some pretty significant benefits as well:
- Cost Reduction: Since employees are using their own personal devices for work purposes, this means the cost of these devices is not incurred by the company. While the company may need to invest in security and/or device management, this is far less costly than paying to purchase/provide devices for all employees. In fact, in a survey conducted by Citrix, 35% of companies reported an anticipated reduction in time and cost of device management as their primary reason for choosing to adopt BYOD, as well as the significant reduction in training costs.
- Mobility/Efficiency: In a BYOD environment, employees are more capable of doing work when they are out of the office or on the move. They are able to access email, documents, and other work related items on the go, without being tethered to an office location or desktop computer. The added mobility of BYOD also translates into more efficient responses to time-sensitive situations/materials.
- Recruitment/Retention of Talent: A lot of the top young talent these days often expect to find a BYOD environment with an employer. In fact, many tend to actively seek out more tech-savvy employers who have already adopted BYOD, and they commonly view those who have not as being “outdated” or “behind the times.” Therefore, adopting a BYOD environment can be beneficial to a company when it comes to both recruiting and retaining talented employees with the highest level of potential.
- Allows for Device Familiarity/Preference: Allowing your employees to use the devices with which they are comfortable and familiar can improve job satisfaction and raise overall office morale. Many users these days are partial to certain mobile platforms. Most of you have probably had a run-in with a borderline-fanatical Apple/Mac user who believes all other devices are either obsolete or inferior. BYOD allows you to offer employees (even the borderline-fanatical ones) more variety in their choice of devices, which can lead to improved proficiency.
So, what now?
What you have to do first is absorb the above information, weigh the pros and the cons, and decide whether (for your situation) the benefits of BYOD adoption are worth dealing with the potential risks. After that, you will need to come up with an adoption plan. Any BYOD adoption plan for a healthcare organization will require at least two main steps—1) investing in mobile security tools, device management, and/or mobile encryption in order to assure HIPAA compliance; and 2) implementing a clear BYOD Environment Policy for the office.
In Part 2 of this blog series, we will take a look at some of the technology, apps, and tools available for maintaining the kind of secure and HIPAA compliant BYOD environment that can bring your office into the New Media Age of mobility and efficiency.