BYOD Security Tops Doctors' Mobile Device Worries

Bring-your-own-device trend leads healthcare providers to question mobile device management and security effectiveness, KLAS study finds.



7 E-Tools To Keep Patients Engaged (click image for larger view and for slideshow)

Managing security in the face of the bring-your-own-device phenomenon is a concern for many healthcare providers, according to a recent report from health IT ratings firm KLAS. The study, " Mobile Healthcare Applications: Can Enterprise Vendors Keep Up? " asked 105 professionals about their use of mobile technology in a hospital setting and found securing personal devices through mobile device management (MDM) software is the most prominent concern.

The report aimed to "narrow the scope" for applications and focused specifically on their use in the clinical realm, said report author Eric Westerlind in an interview with InformationWeek Healthcare. KLAS looked at mobile healthcare applications released by vendors including Allscripts, Cerner, eClinicalWorks, Epic, GE Healthcare, McKesson, MEDITECH and Siemens. "This is laying the groundwork to see what's going on," he said. "We narrowed it down to what [electronic medical records] systems we can find data on, and what we could find out about these applications [regarding] how they work on a smartphone or tablet."

BYOD, said Westerlind, was a major talking point among those surveyed. According to the report, 84% of respondents are already incorporating BYOD into their daily practices. "There's this momentum within healthcare where physicians or clinicians are bringing their own devices into work, and they want to use them in the practice of medicine," Westerlind. "That's a good thing because [these devices] are flexible ... and there's this coordination of care benefit. But the concern for providers is how do we secure these devices and make sure they're HIPAA compliant, because the last thing they want to be is the guy on the front of the newspaper."

[ For the latest development on Meaningful Use, see Meaningful Use Stage 2 Rules Finalized. ]

Nearly a third -- 31% -- of the respondents who said they're using BYOD also said their mobile usage is completely based on a BYOD initiative, while 55% said they had some level of BYOD combined with corporate-sponsored mobile initiatives. Just 14%, the report concluded, aren't "dealing with this phenomenon" at all, said Westerlind. "It was after that we asked physicians, 'What are you doing to secure these devices?' and 'Help us understand how good these applications are.'"

When asked what respondents are looking to do to secure devices, encryption was the number-one response. MDM ranked second, which, according to Westerlind, was telling. "MDM came up second as far as interest in security ... of those who answered, 50% said they're looking at MDM." Westerlind said because the use of encryption is already widespread, he sees this interest in MDM as promising. "[Execs] are concerned with making sure tablets are secure, and it's difficult because it's a personal device," he said. "Whatever they install can't be too intrusive, and sometimes that can be an issue with MDM. But when you're dealing with patient information, anything that contains data covered by HIPAA needs to be secured, and those devices need to be able to be wiped clean."

The report asked professionals what they viewed as some of mobile's biggest weaknesses when used in a clinical setting. One of the biggest gripes, the report concluded, was recording documentation on a mobile device. "The docs use the devices as an interaction [tool] with the patient and to consume data," said Westerlind. "If you think about a tablet, it's about the consumption of data, not creation of data. So it was difficult for [clinicians] to input their documentation or input an order entry." Computerized physician order entry (CPOE), he added, remains difficult to do on mobile devices. "Vendors know that," Westerlind said. "Epic performed well on usability, but they know you can't enter documentation [using their platform] ... Next year, a lot of vendors we talk to are looking to include more CPOE into devices."

One last area of interest, said Westerlind, was how clinicians were using mobile when it came to viewing picture archiving and communication system (PACS) information. "Most [respondents] said [clinicians] don't diagnose on a mobile device, which is a hindrance," he said. "If they could diagnose on those, that would speed up the process, but there are FDA requirements around the resolution of the screen." Instead, clinicians share PACS film or an image with a patient as an educational tool. "That was the key for PACS ... in this study, everyone said it's all about interaction with the patient, and they can sit down next to them and have that personal touch instead of diagnosing off those images."

Westerlind said the study concluded that no one vendor has the mobile space down. "I don't think anyone does a fantastic job yet," he said. "I think there's a lot more work to do here, and I think it'll continue to grow because of the benefits that are involved with mobile ... like outcomes, speed of diagnosis and coordinating care with other physicians. Most vendors know their applications for mobile need to be improved, and they're actively pursuing that and coming out with new applications."

InformationWeek Healthcare brought together eight top IT execs to discuss BYOD, Meaningful Use, accountable care, and other contentious issues. Also in the new, all-digital CIO Roundtable issue: Why use IT systems to help cut medical costs if physicians ignore the cost of the care they provide? (Free with registration.)

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.