Healthcare BYOD Schemes and HIPAA

There are clear benefits to Bring Your Own Device schemes, but healthcare BYOD schemes are often thought to be risky, with some believing BYOD and HIPAA are just not compatible.

Under HIPAA Rules, all Protected Health Information (PHI) must be safeguarded by a number of physical, administrative and technical controls. Ensuring those controls are used and remain in place on potentially thousands of privately owned portable devices is seen to be unworkable by many healthcare IT professionals.

However, healthcare BYOD schemes can be implemented successfully while keeping the risk of a data breach and HIPAA violation to a minimal level. It is just a case of planning, using the right technology and ensuring device use is monitored.

Healthcare BYOD Schemes Demanded by Doctors

Healthcare providers can realize many benefits by implementing BYOD schemes in hospitals, but it is actually doctors that are the driving force behind the decision to adopt such a scheme. Doctors generate revenue for hospitals, and if they feel they need better communication systems, ultimately they have the power to bring about change.

Doctors are demanding BYOD schemes because of the amount of wasted time that can be saved by using Smartphones and tablets. IT departments are left to cross the T’s and dot the I’s and make sure a BYOD scheme is fully secure.

Healthcare BYOD Schemes and HIPAA Rules

The problem with the use of mobile devices in a healthcare setting is the many restrictions of HIPAA. The Health Insurance Portability and Accountability Act places strict controls over the use of Protected Health Information, and HIPAA-covered entities must ensure data is secured at all times.

Unfortunately, mobile devices are insecure, and any PHI sent via the devices – in the absence of data encryption – could potentially result in that data being viewed by another person; a violation of HIPAA Rules. Fortunately technology exists that can protect mobile devices and keep data totally secure. A healthcare messaging app, one that has been specifically designed with HIPAA regulations in mind, is the most convenient solution.

Protecting PHI Stored on Mobile Devices

One of the best protections against HIPAA violations from mobile devices is to ensure all data is encrypted, whether it is stored on the devices or is transmitted through them. Cloud storage can also be used to prevent any sensitive data from being stored on personal devices. Provided data can be stored and transmitted in a HIPAA-compliant manner, BYOD schemes can operate in a healthcare setting.

However, since hospital IT departments are already stretched and face tight budget restrictions, devoting the time and resources to setting up a secure BYOD scheme is simply not possible. In such situations, one of the best solutions is to outsource the task to a technology partner who can assist with the introduction and management of the scheme. This can ease the pressure on IT departments and doctors can use the technology they need.

With the right compliance tools and management technologies, healthcare BYOD schemes can be a success, and patient data can be kept secure.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of