There is a gap between what vendors, service providers, bloggers and other folks whose jobs depend upon staying up to date with the latest trends use and what those in the field are actually using.
This is most often apparent in security. For experts (and for everyone else when they are asked), the use of passwords and other rudimentary security is obvious. However, surveys suggest that significant numbers of people don’t do even the minimum to protect themselves when they are using their devices.
That gap between what people know they should do — but insist nonetheless on smoking, refusing to buckle up — and protecting themselves on the Internet is something to think about in the context of the BYOD reality (it is past the time to call it a trend).
Spyglass Consulting Group released research this week that said that 69 percent of hospitals queried responded that nursing staffs use smartphones on the job for both professional and personal communications.
The press release doesn’t say what precautions are in place. Obviously, Nurse Jones using her iPhone to transmit and then store sensitive data about patient Smith and then potentially forgetting it at the Dunkin’ Donuts where she takes her break raises enough HIPAA questions to keep a blogger (or federal investigator) busy until springtime.
The finding leads to two interrelated questions: Does technology exist to make such a situation pass muster? And, more importantly, even if that technology does exist, will the various levels of folks who would have to buy, deploy and use it — hospital administrators, IT departments and Nurse Jones — do the right thing?
The answer at this point almost certainly is that at least one of the three levels will not. That’s a big deal: The reality is that what actually is happening in the field almost certainly is way behind what the government demands and the cutting-edge technology and procedures that many of us spend time talking and writing about. In other words, a new, super-high-tech seatbelt that somehow cushions blows and improves survival rates is worthless if the driver doesn’t put it on. (In this analogy, passive restraints are akin to security with an “on” default setting.)
That doesn’t mean that people are giving up, of course. Indeed, the significance of the need is a great opportunity for vendors and a strong push to best practices. The situation can change. The other side of analogies to smokers and seat-belt deniers is that far few people engage in those dangerous practices today compared to 20 years ago. The same change can be made in BYOD.
This week, MobileHealthNews posted a story that dealt with BYOD and HIPAA. The bottom line is that it isn’t easy. Security software isn’t viable if it slows down performance or impacts reliability (by, for instance, requiring data to be stored off-device and therefore potentially not be available if the network goes down). If security is absent, the hospital is at risk and patients who find out may withhold information.
Clearly, this is a big issue. The Ponemon Institute has released research that suggests that it is even more of a problem in health care than in general. The InfoLawGroup reported on Ponemon’s findings — and does so without fear of editorializing:
Amazingly, use of BYOD in the healthcare field is significantly higher than in other areas, with 81% of organizations allowing employees and medical staff to “use their own mobile devices” to connect to their network or enterprises, with, on average, 51% of employees BYOD’ing. That’s stunning.
The bottom line is that there is a lot at stake in health care communications, from the ethical issue of protecting patient data to the very real threat of severe government sanctions to organizations that fail. The question is whether people really are paying attention or if they are continuing to do the IT equivalent of puffing away on a cigarette and driving down the highway without a seatbelt.