Realizing the importance of catering to the needs of a mobile workforce – even the president regularly uses a mobile device – the United States Department of Defense (DoD) has created a mobile device strategy that could be adapted to serve the needs of health care organizations as well.
According to the DoD document:
“From office productivity to tactical operations, the potential for mobile devices to strengthen the DoD workforce is manifold. As such, DoD will evolve the information enterprise to capitalize on the use of mobile devices. To guide this evolution, DoD will focus on three goals.” Those goals are as follows:
- “Advance and evolve the DoD information enterprise infrastructure to support mobile devices – Improves wireless infrastructure to support the secure access and sharing of information via voice, video or data by mobile devices.
- Institute mobile device policies and standards – Establishes policies, processes and standards to support secure mobile device usage, device-to-device interoperability and consistent device lifecycle management.
- Promote the development and use of DoD mobile and Web-enabled applicatiions – Provides the processes and tools to enable consistent development, testing and distribution of DoD-approved mobile applications for faster deployment to the user. Establishes policy, processes and mechanisms for appropriately Web-enabling critical DoD IT systems and functions for mobile devices.”
All of the measures that the DoD proposes for the use of mobile devices among its workforce could easily be translated into something that accommodates the needs of the health care industry. All health care organizations, especially those that allow employees to use their own devices, must have strict policies to govern mobile device usage.
One of the things that makes smart phones in particular vulnerable to cyber criminals is that although people use them as tools to access the Internet and company networks, they still think of their smart phones as simply versatile phones. They’re not. Smart phones are more like pocket computers and must be protected by things like security software and passwords just like desktops, laptops and tablets. Employees can’t be cavalier about how, when and where they choose to access sensitive information.
HIPAA and other regulations that govern the health care industry demand that health care organizations safeguard patients’ personal information. That’s where regular training comes in, especially among the BYOD (bring your own device) crowd.
Says the DoD, “The use of mobile devices requires a new level of trust with the end user. DoD personnel, accustomed to using mobile devices in their personal lives, must be aware of the differences when employing the devices for DoD mission purposes. … To ensure an understanding of why security settings are important, DoD must broadly integrate mobile device training into existing workforce education and training programs where applicable.”
No one expects change to take place overnight. But for the safety and security of patients and their personal information, health care organizations will, sooner or later, have to establish effective mobile device policies and enforcements. The mobile revolution is in full swing, and those health care providers and administrators who refuse to adapt to the use of mobile devices among their workforces probably won’t enjoy the level of success that they’d like, if they remain in business at all.
What is your mobile device policy in your business? We can help you implement a mobile device policy to ensure your data is secure on all mobile devices.