Healthcare BYOD Data Security Challenges Explored

Ask any healthcare IT professional what the main healthcare BYOD data security challenges are and you could be in for a long speech; BYOD schemes are a major security worry and with good reason: There is considerable potential for HIPAA violations and data breaches to be caused when staff are allowed to use their own mobile devices for work purposes.

Healthcare providers are being left with little alternative but to introduce BYOD schemes. Doctors and other healthcare professionals are demanding to bring their own Smartphones to work, if their healthcare providers refuse to supply them. With doctors losing so many hours using antiquated communication systems, many have quite simply had enough.

BYOD schemes do carry a security risk, but the list of benefits is considerable. They offer a low-cost way of gaining the benefits of mobile devices, and with the right security controls in place, can improve efficiency and productivity without placing patient data in jeopardy.

However, it is essential that controls are put in place to secure the data stored on the devices, as well as protect the networks to which the devices can connect. The OCR can fine organizations that fail to implement the necessary controls to protect data, and a failure to secure personal devices could potentially result in a considerable fine.

How to Improve BYOD Data Security (and protect against BYOD HIPAA violations)

There are a number of safeguards that can be implemented to keep the data stored on mobile phones. Consider implementing the following security measures to reduce the risk of a BYOD HIPAA violation.

Use Remote Data Storage

Portable devices are easy to lose, misplace and steal. It is therefore essential that the devices are never used to store protected data. If the device is lost, any data stored can potentially be viewed. However, if data is stored securely in the cloud, or on a secure remote server, access to that server can be easily blocked. Theft of the device will therefore not result in any data exposure.

Update Firewalls

It is essential for data to be protected by firewalls, yet authenticated users must be able to easily access data and download mobile apps securely. There are a number of tools that can be used to ensure access to data is fast and easy, while criminals are prevented from gaining access. Modern firewalls are far more effective at repelling attacks, and can perform deep packet inspections. Aging firewalls should be replaced for more robust protections.

Use Data Encryption

If data must be stored on a portable device in must be encrypted. Data encryption ensures any person not in possession of a security key will be prevented from accessing the data. Data encryption should be used for data storage – wherever that data is located – and all emails must be encrypted to prevent interception and viewing by unauthorized individuals.

Install Secure Text Messaging Applications

One of the biggest data security risks on mobile devices is the ability to send text messages containing PHI. Text messages are insecure, and any PHI sent via unencrypted text message services is an automatic violation of HIPAA Rules. In order to prevent accidental disclosures and HIPAA breaches, secure text messaging applications should be installed on all BYOD devices.

Implement Two-Step User Authentication

A system of authenticating users must be installed to prevent mobile thieves from being able to access data. A two-step authentication program can greatly enhance security, such as incorporating a fingerprint scanner or other secure authentication system with a password.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of