Nurses Using Smartphones and Tablets at Work
Should you BYOD?
Mobile devices are becoming increasingly common in patient care settings, and for some very good reasons: Smartphones and tablets are easy to carry; versatile; and provide an efficient way for nurses to access patient records, clinical resources and patient education materials or stay in touch with other healthcare professionals (including those working on the same unit). And we all know that if there’s a more efficient way to do something, nurses are going to find it.
THE BYOD TREND
While the value of smartphones is easy to see, hospitals have been slow to adopt and issue mobile devices on a large scale to the nursing staff, in part due to cost. A recent study by Spyglass Consulting of Menlo Park, Calif., found that a surprising number of hospitals still use pagers or loudspeaker paging systems, although 51 percent of the hospitals the firm surveyed were looking seriously at adopting enterprise-level smartphone tools in the near future.
In the meantime, many nurses are using their own smartphones at work. Spyglass found that nurses at 67 percent of the hospitals surveyed were using personal devices “to support clinical communications and workflow.”
This is nothing new in the business world. According to a recent Cisco study, 90 percent of Americans use their personal smartphones for work. “Bring your own device” (BYOD) policies are common in many industries, in part because BYOD can save employers big bucks on equipment costs. Also, even if work-issued smartphones are available, some people prefer to stick with their own tried-and-true devices.
That might sound like an appealing idea, but if you’re a nurse, using your own mobile device at work can also create a load of serious problems for you and your employer.
A HIPAA VIOLATION WAITING TO HAPPEN
Of all the potential risks of BYOD, probably the No. 1 concern for nurses is the security and protection of sensitive data. That issue is serious enough when it comes to our own personal photos and emails, but it takes on a whole new meaning when dealing with sensitive patient medical information. A single breach could potentially compromise thousands of patients’ data, leaving them vulnerable to medical identity theft and you staring at a career-damaging HIPAA violation.
Think it can’t happen? A report by the global technology research firm Gartner Inc. warns that employee-owned devices are compromised at more than twice the rate of devices owned by corporations. Let’s face it: Many of us don’t think too much about securing our favorite smartphones. The Cisco study found that 40 percent of Americans don’t even have password protection on their mobile devices and 51 percent use public Wi-Fi hotspots, which are particularly vulnerable to data breaches.
The desire for convenience can blind nurses to potential dangers. “Nobody wants to use a secure text messaging app,” laments Spyglass Managing Director Gregg Malkary. “They don’t want to have to use two apps, they want one, and the prevailing attitude is that unsecured SMS is just fine. They know it’s a violation, but it’s more fluid, they know everyone else’s smartphone number and they can coordinate care.”
To make matters worse, many nurses are waiting for their organizations to deal with these issues. The problem is that many hospitals lack the time, the tools or the resources to monitor the use of employee-owned devices and ensure that the staff is following best practices for securing them.
The stats are pretty scary. According to a 2011 report by the Ponemon Institute, 81 percent of healthcare organizations have sensitive data on mobile devices (either owned by the organization or by individual employees), but 49 percent of those organizations don’t provide any security for that data. That could make mobile devices a HIPAA “perfect storm” waiting to happen.
Rather than staying up nights worrying about BYOD worst-case scenarios, nurses need to open their collective eyes to the risks associated with using tables and smartphones in the clinical setting. Here are five tips to make their use a little safer:
1. Follow hospital policies.
Not all healthcare organizations have an official BYOD policy, but if your hospital does, make sure you find out what the rules are before you start using your own smartphone for work. Some policies may impose restrictions you won’t like on how you can use your device (even outside of work). Your hospital might have the right to confiscate your phone or erase everything on it in the event of a security breach.
If you still decide to use your phone or tablet, make sure you follow the official policy — even if it’s not strongly enforced. Your ultimate responsibility is not just to your organization, but to the patients and families in your care. Don’t let them down.
If your hospital has no official policy, don’t take it as a license to be as careless as you want. Be the pioneer who helps to set the standards for using mobile devices conscientiously and responsibly.
2. Use password protection.
You’re busy and having to stop to enter a password every time you need access to your device may seem like a needless waste of time. However, if you take a moment to remember what’s actually on your smartphone (including personal information and files as well as sensitive hospital or patient data), you’ll see that the extra step is time well spent.
You should always use strong passwords to protect your devices. Also, experts recommend having multiple layers of authentication (for example, having a separate password for each critical application as well as for the device itself) as a best practice for mobile security. Don’t balk if your organization requires it.
3. Install mobile security.
Since many mobile devices are completely unsecured, they have become what Kaspersky Lab Senior Vice President Chris Doggett calls “a target-rich environment” for hackers and malware creators. Remember, your smartphone is as much a computer as your laptop or desktop at home. You wouldn’t run your home computer without security software and it should be no different with your mobile device. Don’t make yourself an easy target.
4. Beware unsecured wireless networks.
Want to finish charting via the free wireless network at your favorite coffee shop or at the airport on your way out of town? Think twice.
Unsecured wireless networks are easy to infiltrate and compromise, which means they’re a bad choice when accessing sensitive personal information, much less work-related data subject to HIPAA. Stick to secure, encrypted networks with passwords and firewalls. Not sure if a network is secure? Assume it’s not. Don’t take chances.
5. Sharpen your application aptitude.
Mobile apps are like shiny toys that some of us just can’t resist. Unfortunately, installing any third-party software or app presents a major security risk. The most obvious danger is the chance that a virus or other malware will hitch a ride on your download and then invade your employer’s systems, but that’s only one of the possible problems.
Apps may be useful and they may be fun, but a recent HP study found that 75 percent of apps don’t properly encrypt data, 86 percent lack basic security mechanisms and a whopping 97 percent contain some type of privacy issue.
Why? Sometimes, developers don’t understand or just don’t care about their app’s security or privacy flaws.
Other developers include these “flaws” on purpose, enabling the creator to gather information on the app’s users. That’s a lot more common than you might think. A lot of free games and entertainment apps are created mostly as vehicles for advertising “spyware.” They may even say so in their license agreements, counting on the fact that consumers don’t always take the time to read the terms and conditions before clicking okay. Kevin Johnson, CEO of the network security consulting firm Secure Ideas and a self-described “ethical hacker,” warns that each mobile device on an organization’s network may be “talking to 75 advertisers” without the user even realizing it, putting sensitive data at risk.
BYOD OR BUST?
Johnson thinks BYOD is a bad idea for healthcare organizations, arguing that the only realistic way to minimize the risks is hospital-issued devices running only company-approved apps. However, with tight budgets and behind-the-times bureaucracies, many nurses are still faced with the choice of using their own devices or nothing. In today’s busy clinical environment, that may be no choice at all.
If you do choose to BYOD, just be sure you understand the dangers and issues it presents. At the end of the day, you own your device, which means you also own the risk — and the responsibility.
Sue Montgomery, RN, BSN, CHPN, is a critical care and hospice nurse who writes on healthcare issues. She is a member of the Hospice and Palliative Nurses Association and American Medical Writers Association.
This article is from workingnurse.com.