As more doctors begin using their personal mobile devices to aid patient care, hospitals must be prepared to manage them in order to ensure security and privacy, according to one expert.
It is imperative that the hospital manage not just the medical devices it issues, but also personal devices, like the ref="/directory/ipad" target="_blank" class="directory-item-link">iPad or iPhone, that the clinician may have brought from home, said Ilene Yarnoff, lead assurance and resilience principal for Booz Allen’s Healthcare clients.
The hospital has less risk when it has issued the devices, says Yarnoff, because they can be password protected, encrypted and, “with thoughtful planning,” the hospital can set up tools to track the devices throughout the building. Most importantly, the devices can be turned off if there is any suspicious activity.
But Yarnoff points out you can only do this when you know what devices you have. In order to do this, the hospital has to create policies around personal mobile devices. “There needs to be a policy that the clinician or manager sign up or get authorized permission to use a personal phone so it is managed by the system,” she says.
In some cases, it might be necessary to restrict access, especially to certain apps, says Yarnoff. The hospital may want to allow certain apps, for example medical ones, while restricting others.
“Many times doctors are looking for ways to improve things and they are not aware that that [device] has personal health information on it," says Yarnoff. "They don’t understand the impact and tend to cause problems inadvertently."
That's why it is “really key to get them trained on the usage of that tool whether personal or medical,” she adds.
Key to ensuring security and privacy is “ensuring that people register their personal devices,” says Yarnoff. “You don’t want to add additional points of compromise. Each new entry point adds risk to the infrastructure."
