Unlocking Healthcare’s Mobile Future: HIPAA-Compliant BYOD

April 4, 2024
John Lynn
5 Min Read

When I’ve talked to CIOs about what’s keeping them up at night, they almost universally answer: security.  No doubt it’s the biggest risk to a healthcare organization and the attackers only need a slight opening in your security defenses to wreak havoc.

That’s why we were particularly interested in this session at HIMSS 2024 that looked at how to create a HIPAA-Compliant BYOD program which balanced the security needs of a healthcare organization while still meeting the workflow needs of their users.  Michael Karnezis, Director of Commercial Sales, and Vernon O’Donnell, President, Field Operations at Hypori did a great job sharing a case study on Alliance Clinical Network‘s BYOD implementation on the Cybersecurity stage.  Here’s our summary of the session with some additional commentary and be sure to check out this summary of the healthcare BYOD session too.

I’ll admit that I’d almost forgotten how many breaches occured on mobile devices.  We hear all the headlines associated with ransomware and phishing attacks that I’m sure that many of us have forgotten how many data breaches are happening because of poorly secured mobile devices.  As O’Donnell from Hypori pointed out, 1/2 of the US population suffered from data breaches and mobile was a major part of it.

Diving deeper into the stats associated with mobile breaches, 100 smart phones are stolen or lost every minute in the US.  The speakers shared that 45% of breaches were occuring on mobile devices.  Plus, healthcare has up to $1.5 Million in HIPAA fines.  Of course, this doesn’t even highlight the impact to a healthcare organization’s reputation and the downtime this can cause as well.

 

In this case study, they highlighted how Alliance Clinical Network had a number of important reasons why they decided to formalize a HIPAA-compliant BYOD program.  What’s fascinating from a Healthcare IT Today perspective is that we’ve seen every kind of mobile device security effort out there.  It’s true that secondary devices are expensive and have their own logistical challenges.  PHI or other protected organizational data can’t be left on the device without a major impact financially on the organization.  And then of course, we all know how a high level executive’s experience can drive many initiatives at a hospital or health system.

One of the main reasons that Alliance Clinical Network decided to partner with Hypori was that the virtual image that Hypori provides on users’ mobile devices means that users can access specific data that’s needed for their jobs, but that no data is actually stored on the phyiscal device.  From a security perspective, that’s a big deal since that means there’s no data to lose, no data to leak and no costly hardware!

Another key to Hypori’s efforts to make BYOD secure comes from their work with other clients outside of healthcare including the Department of Defense.  We know how secure the Department of Defense has to be.  It is literally a matter of national security.  It’s great to see healthcare benefiting from the innovations that were first implemented in other industries.

No doubt many reading this will be familiar with MDM (mobile device management) and most are likely using some sort of MDM in their organization.  There’s a lot of value from MDM, but Hypori highlighted some of the challenges and risks associated with MDM versus the Hypori approach of a virtual machine running on the mobile device.  My favorite is that the speed of the device is never less than the speed of Android 13.  Speed has become a big deal for front line workers and having them receive a consistent experience means fewer calls to the help desk.

Alliance Clinical Network described well why they decided to take this approach to creating a secure BYOD environment using Hypori:

  • Scalable
  • Conevenient
  • Cost-effective
  • One app HIPAA-Compliant Access to Enterprise Applications and Data

No doubt every organization has thought about securing their mobile device infrastructure.  The question I’d ask is when did you last look at that plan?  When did you last make sure the plan is being followed?  How much has technology changed since you last put that plan together?  Is it time to take a look again before you’re the next victim of a breach?

This was a fascinating use case for us to learn about at HIMSS.  They offered a really innovative and straightforward approach to securing a healthcare organization’s BYOD environment.  What do you think of the approach?  What else are you doing to make sure your organization’s mobile devices are secure?  Let us know in the comments and on social media.

Tags

About the author

View All Posts

John Lynn

John Lynn is the Founder of HealthcareScene.com, a network of leading Healthcare IT resources. The flagship blog, Healthcare IT Today, contains over 13,000 articles with over half of the articles written by John. These EMR and Healthcare IT related articles have been viewed over 20 million times.

John manages Healthcare IT Central, the leading career Health IT job board. He also organizes the first of its kind conference and community focused on healthcare marketing, Healthcare and IT Marketing Conference, and a healthcare IT conference, EXPO.health, focused on practical healthcare IT innovation. John is an advisor to multiple healthcare IT companies. John is highly involved in social media, and in addition to his blogs can be found on Twitter: @techguy.

Add Comment

Click here to post a comment

   

Categories