Halamka Knows Perils And Promise Of Healthcare BYOD - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile
Commentary
12/13/2012
04:21 PM
Paul Cerrato
Paul Cerrato
Commentary
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Halamka Knows Perils And Promise Of Healthcare BYOD

One of the nation's top healthcare CIOs discusses Beth Israel Deaconess Medical Center's $200K project to secure personal devices used for work.

9 Mobile EHRs Compete For Doctors' Attention
9 Mobile EHRs Compete For Doctors' Attention
(click image for larger view and for slideshow)
"BYOD is an unstoppable force." That's the unequivocal view of Dr. John Halamka, CIO of Beth Israel Deaconess Medical Center. Halamka, speaking on Tuesday's InformationWeek Healthcare Virtual Event, discussed the opportunities the bring-your-own-device movement affords IT managers and clinicians alike, as well as the risks and responsibilities now placed on CIOs' shoulders.

"Although CIOs would much rather focus on the cool apps of the future or that 3D holographic iPad, compliance and regulatory imperatives are a must do," Halamka said. Much of his presentation dealt with those imperatives and the accountability associated with them.

His take-home message on how to keep patient data safe was straightforward: "Policy is no longer enough."

Until recently, BIDMC clinicians had to follow a detailed policy that outlined procedures for password protection, encryption, device firewalls, time out periods, automatic wipes and the like if they were going to use their personal mobile device to access patient data.

[ Most of the largest healthcare data security and privacy breaches have involved lost or stolen mobile computing devices. For possible solutions, see 7 Tools To Tighten Healthcare Data Security]

Unfortunately, about a year ago an unsecured personal laptop containing sensitive data was stolen from one of BIDMC's doctors, costing the medical center hundreds of thousands of dollars in legal fees and forensic analysis. At that point, the institution decided that it had to go beyond policy and put specific technologies in place to secure all devices, Halamka said.

BIDMC's IT department initially shut down all smartphone email protocols, with the exception of Exchange Activesync, which lets IT managers enforce certain settings on a mobile device. Then, the team audited all BIDMC-purchased devices, tagging each of them and ensuring that their data was properly encrypted. Next, they turned to the personally owned devices being used to access the BIDMC network and encrypted the data on those devices, scanned for malware, and installed antivirus updates and patches as needed. Equally important, they required employees to attest to all the devices they use in the workplace, and to the fact that the sensitive data on them had been encrypted.

It was a big project given the age of some of the hardware and software. In addition to using Bitlocker and FileVault2, the BIDMC IT department had to install self-encrypting drives to secure some devices.

In total. BIMDC spent about $200,000 on the project, but as Halamka pointed out, it can cost an institution that much if it loses a single unsecured laptop.

Again, the lesson is clear: Don't wait until federal regulators come knocking at your door asking why you didn't secure a stolen iPad that contained HIPAA-related patient data. They don't want to hear that you had a policy in place and that you warned the doc to encrypt the device. Like it or not, accountability rests on your shoulders.

Join two prominent IBM healthcare executives, along with Dr. Carolyn McGregor, associate professor at the University of Ontario Institute of Technology, and Annamarie Saarinen, founder of the Newborn Foundation, to discuss how big data analytics is helping to improve outcomes and reduce morbidity and mortality among critically ill infants and ICU patients. This IBM-sponsored Webcast will take place on Dec. 17 at 1:00 p.m. EST. Register here.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

News
Becoming a Self-Taught Cybersecurity Pro
Jessica Davis, Senior Editor, Enterprise Apps,  6/9/2021
News
Ancestry's DevOps Strategy to Control Its CI/CD Pipeline
Joao-Pierre S. Ruth, Senior Writer,  6/4/2021
Slideshows
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
White Papers
Register for InformationWeek Newsletters
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
Video
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Slideshows
Flash Poll