BYOD or Bring Your Own Device is a common practice within the workplace. BYOD essentially means that the staff member (clinician in this case) is using their personal device to perform work-related tasks on business premises. For those who want to implement BYOD in healthcare, it is critical that they look into the legal, technical and business aspects of such a policy.
What is the best way to implement BYOD in healthcare?
I’m going to break the answer into two parts, the first part focuses on the privacy of the data that is on your mobile device and the second part focuses on the privacy of the business data that may be accessed by your device.
Privacy of the data on the mobile device
When you’re at work and you plug your laptop into the network or connect your tablet/phone to the Wi-Fi you’ve added to your business’s network infrastructure.
This means that your device might be detected and viewed by other devices on the same network.
To ensure that this isn’t possible, you can do the following:
- Set your device discovery to hidden (depending on what you use it’s a different setting but all devices allow you to hide from other devices on the network).
- Ensure that your laptop, phone and tablet are protected by password. This will stop anyone trying to browse your personal data from accessing it. Try not to use network hotspots (using your mobile device as Wi-Fi). This gives others an opportunity to download via your bandwidth.
- Disable downloads when you connect your mobile device to the network. This may cause your device to be blocked by the router, as it may be detected as a network intrusion.
Privacy of the business/clinical data
- Ensure that your mobile device is free from all spamware and viruses
- Ensure that you have approval to use your device in a clinical environment (to access data).
- Most IT service level agreements (SLAs) don’t cover outages caused by personal devices. Never download any work-related data on your personal device. Business networks are protected by policies, software and other configurations. Your personal device is not protected to the same high standard.
- This might be slightly technical but you can always ask your IT provider to add your device to the ‘safe list’. This means that your device will be recognised and trusted by the network. This also means that you are covered under the network SLA.
We always recommend that you use your business device to access business-related data and not your personal devices. This protects you from causing any damage or possible data breaches but it also helps the IT team keep better control of the network. I hope you’ve found this week’s tip useful and as always, if you’ve any questions just email them to us and we’ll answer them promptly.