Security issues and solutions associated with use of personal devices (BYOD) in hospitals

What is it about?

Hospitals are at great risk of leaking sensitive information assets like Personal Health Information (PHI) of patients, given that personal devices are outside the control of hospital IT management and may lack important security measures. Hence, the aim of this research is to develop a mitigation strategy which can cater to such security issues. A comprehensive literature review was conducted to identify BYOD security issues and mitigation solutions. Technical, managerial and social issues were identified which include unsecure user behaviour by hospital employees, lack of security awareness, usability issues, legal requirements and lost devices. This was followed by using two existing security frameworks, the BYOD security framework and People Policy Technology (PPT) model to shape a stepwise mitigation strategy. The mitigation strategy elucidates that while information and communication technologies allow better enforcement of security measures; policies and training provide the desired guidance to influence positive user behaviour among employees. The paper also discusses the need for a balance between usability and security in the success of BYOD in hospitals and hence provides systematic guidelines to curb BYOD security risks in hospitals.

Featured Image

Why is it important?

For the hospital senior management or policy developers, this research can be of aid as it may help them in designing key components of the hospital BYOD or personal device use policy. Secondly, for the hospital IT department, it can also provide an understanding of the technologies that can be used to curb BYOD security risks which can help them in deciding what technology or approach suits the hospital to meet the security requirements and how. Thirdly, for the hospital employees who deal with sensitive data such as PHI, this research can help to raise awareness among them and therefore influence them to take appropriate security control measures while using their devices in the hospital. Lastly, for informatics researchers, particularly within the domain of health IT security management, this paper can help in understanding the research gaps existing in this area of study.