In the healthcare industry, the security and data privacy stakes are high. Healthcare providers handle some of the most sensitive consumer information out there, including consumers' personal health histories and diagnoses, insurance and financial data, and identifying information. A breach can be disastrous both for a healthcare provider's reputation and its bottom line, thanks not only to lost business but also to stiff penalties meted out for HIPAA and HITECH violations.
All this can make BYOD seem a dicey prospect for a compliance-minded healthcare provider. BYOD is already happening in healthcare, though, and when implemented correctly, it offers the same benefits of cost savings and improved employee availability and productivity as in other verticals. Here are three solutions to prevent BYOD security issues in healthcare.
1. Strong authentication requirements
One major concern many healthcare providers and other BYOD customers have is around what happens if a BYOD device is lost or stolen. BYOD enables employees to access—and usually store—corporate data on their personal devices. If those devices are improperly secured, then all that data will be at risk should the device be lost or stolen, creating major BYOD security issues.
To address this concern, look for Mobile Device Management (MDM) solutions that provide the ability to require and enforce strong authentication measures for device and data access. At a minimum, BYOD devices must be protected with a PIN or a password so that if a device falls into the wrong hands, the applications and data on it aren't immediately accessible to unauthorized parties.
2. Secure containers for enterprise applications and data
Speaking of Mobile Device Management, the best in breed can significantly reduce the risk of other BYOD security issues, one of which is the risk that compromised or malicious software downloaded for the device owner's personal use will lead to the theft or disclosure of sensitive healthcare provider data. Anyone who's downloaded an app to their Android or iOS device will have noticed (and most likely reflexively accepted) the requests for device permissions that accompany nearly every mobile application these days. Should a BYOD employee unknowingly give data permissions to the wrong app, improperly secured enterprise data could be stolen.
MDM solutions like Citrix's XenMobile help to mitigate this risk by separating secured corporate applications from the device owner's personal apps and data and putting extra controls and strong security measures around the corporate side. XenMobile offers enterprises the flexibility to choose between an on-premises or cloud deployment.
3. Policy and education
Technology like MDM can help secure BYOD devices, but ultimately, the most dangerous of today's BYOD security issues is people. Even the most well-meaning personnel may not be aware of how their actions affect the organization. A physician may decide to back up patient data to his own Google Drive or Dropbox cloud storage account, for example, without understanding that consumer-facing cloud storage services may not offer the right security controls to remain in compliance with HIPAA and HITECH.
Help your customers develop and communicate a clear, specific data access and storage policy that details what actions are acceptable and what actions are not. Human error creates vulnerabilities; these can be addressed with education.
How do you help your healthcare customers avoid BYOD security issues? Tell us your thoughts in the comments.