9 Bring Your Own Device (BYOD) Challenges

Last reviewed: November, 2017.

The Bring-Your-Own-Device (BYOD) trend has gained traction within the healthcare and medical space, and it offers a number of benefits for both large and small health institutions. However, the BYOD trend also presents a number of challenges.  Providers of care must now turn their attention to not only their core business, but also with how they secure and manage their mobile workforce.  If hospitals are to take advantage of the benefits and value that BYOD provides, the shortcomings of BYOD will need to be clearly understood and addressed.  The 9 challenges below have been identified as some of the more important BYOD issues facing healthcare providers today.

Many organizations are supporting BYOD usage, but have not developed a well-defined BYOD policy and an end user acceptable use agreement.  As a result, those responsible for mobile technology and those using it may not be clear on many important issues, such as data management, reimbursement, support, etc.

A lost personal device that is not sufficiently secured and managed can cause significant corporate risk and expense.  It is critical that consumer-owned devices are enrolled in a mobile device management solution, and that users of these devices are educated on how to properly use them.

Largely due to consumer demand for features and functionality, mobile devices by default are configured with minimal security settings enabled.  Password protection is a must to protect against a device being lost or stolen, sensitive data being accessed by an unauthorized user, and should be required for all devices accessing company information. 

Lost, stolen, or misplaced unencrypted mobile devices, laptops in particular, account for a significant percent of internal and external security breaches.  It is imperative that mobile devices accessing or storing company data have encryption enabled.

If company data is stored or accessible on an unmanaged mobile device, loss of the device or inappropriate access of the device by an unauthorized user can cause severe consequences.  Controls need to be implemented that ensure that lost or inappropriately changed company data be backed up and recoverable if deemed necessary.

In an effort to meet customer and employee mobile technology demands, both vendors and healthcare organizations have not placed equal importance on “baking in” security in mobile device hardware and software development, and future roadmap planning.  As a result, security concerns are often addressed in a reactive fashion.

A comprehensive, multi-layered, defense-in-depth approach to security is needed, not only for the company owned network and PCs/laptops, but also for employer-owned and employee-owned mobile devices.  Because mobile devices access company information at the network, application, database, and device level, sufficient controls at each of these layers should be in place to ensure there will not be a weak security point.

Many healthcare organizations have permitted employees to use personal devices to access or store company information, but have not developed comprehensive BYOD policies and procedures, deployed an MDM technical solution, or required their end users to agree to an acceptable use agreement.  As a result it is often unclear who has responsibility within the organization for managing the BYOD program. 

Mobile technology is a driving force behind healthcare reform, innovation, and improving the quality and efficiency of healthcare delivery. Because technology, people, rules and laws are rapidly changing, organizations must continuously monitor the mobile environment and keep their policies, practices and procedures current with this evolving ecosystem.

byod challenges, bring your own device disadvantages