There's been a growing trend towards the use of bring-your-own-device (BYOD) policies in the workplace. According to Wikipedia, up to 75% of employees in high-growth markets already use their own devices at work, attesting to its widespread popularity. BYOD policies reduce unnecessary costs while ensuring that workers are familiar and knowledgeable with the technology. But healthcare workers who use their own devices must follow some basic guidelines to ensure their data remains safe and protected.
Doctors and other covered entities, should proceed with caution when allowing workers to bring, and take home, their own devices. While this may seem like a good idea, it raises concerns regarding patient privacy and the nuances of the Health Insurance Portability and Accountability Act (HIPAA).
Originally passed by Congress in 1996, HIPAA requires all covered entities to take meaningful and appropriate steps to prevent the unauthorized access or disclose of Protected Health Information (PHI). If a healthcare worker takes home a device on which PHI is stored, and he or she doesn't take meaningful steps to protect the PHI, the entity for which they work could be found in violation of the HIPAA Security Rule.
Does this mean you should avoid using a BYOD policy in your workplace? Not necessarily, although there are some measures you should take to protect sensitive data on workers' devices. For starters, all devices on which PHI is stored should have a remote data wipe feature. In the event the device is ever lost or stolen, this feature will allow you to erase the data remotely, preventing unauthorized persons from accessing it.
Another helpful step to ensure the security of patient data on workers' device is to require a 2-step login. Rather than using a standard username and password, for instance, you can implement an additional step where the worker must verify a 4-digit PIN that is sent to his or her cellphone. The device sends a unique PIN to the worker's phone, and only upon verifying this PIN will the worker be given access to the data. 2-step verification is an excellent safeguard to protect data integrity of workers' devices.
Implementing a tracking feature may also prove helpful in securing workers' devices. Thanks to GPS tracking software and applications, this feature is now easier than ever to implement. If a worker ever loses his or her device, it can be used to determine its exact location, and hopefully recover the lost device.