Healthcare News & Insights

One key lesson for BYOD programs in health care

Along with nearly every other industry, more hospitals and other healthcare providers are letting employees bring in their own personal mobile devices. That’s creating several new risks for those organizations. 


While bring your own device (BYOD) programs can help organizations increase productivity and lower costs, there are some serious issues raised by those personal devices. The biggest worry: IT security.

For example, in hospitals, clinicians might user smartphones or tablets to view patients electronic health records (EHRs). Then if that device is lost or stolen, all of that sensitive information might be exposed.

But despite those risks, nearly all (89%) of healthcare workers say they’ve used a personal smartphone for work in the past year, according to a survey from Cisco.

The bottom line: Hospitals need a BYOD policy and a strategy to manage those personal devices — otherwise, they’ll be used without any controls.

And as hospitals come up with their BYOD plans, there’s one mistake they should try to avoid: using a one-size-fits-all management strategy.

Separate employee groups

Different groups of employees have different needs and present different risks when it comes to BYOD, said Steve Cowperthwaite, CSO of Providence Health Services, in a presentation at the recent CITE conference in San Francisco.

In Providence’s BYOD program, participants are divided into five separate groups:

  • Clinicians work in different rooms with the hospital
  • Homecare providers
  • Remote workers who are always or usually off of the hospital’s premises
  • Executives and upper-level management, and
  • Other staff members.

Those groups each had different needs and reasons for participating in BYOD, and Providence chose to manage their devices differently. For example, the remote workers needed a secure way to access data and applications from outside of the office. Therefore, Providence set up a desktop virtualization system that allowed employees to access those resources without storing anything on their personal devices.

For the on-site clinicians, on the other hand, Providence only needed to give those devices access while they were connected to the hospital’s internal network. And many staff members just needed access to simple resources, like the corporate email account.

When organizations plan their own BYOD strategy, a good early step is to figure out all of the groups that will participate in the program, what they need and how they can be effectively managed.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.