This book includes a plain text version that is designed for high accessibility. To use this version please follow this link.
● Strategic Directives Real-world

BYOD security

BYOD security strategies from two distinct healthcare organizations. By Jason Free, Features Editor

a critical consideration given that to be compliant with the Health Insurance Portability and Accountability Act (HIPAA), healthcare organizations must create policies and processes that take on managing, classifying and maintaining real-time knowledge of all network activity, regardless of whether the activity is conducted on company or personal devices. T ese sets of tasks can be herculean eff orts even for facilities with a large IT staff and robust technology options. Below are the profi les of two healthcare organizations


currently employing BYOD in secure and effi cient envi- ronments. T ey each represent the opposite ends of the spectrum in terms of size and types of BYOD use, however, upon close examination, they possess common points that reveal core strategies that all facilities may employ when trying to establish and maintain a secure, user-friendly outside device policy.

Benson Hospital: Automation for a two-man IT operation

Located about 45 miles east-southeast of Tucson, AZ, Benson Hospital is a general medical and surgical hospital with 22 beds and 125 employees. Even though the size of his hospital may suggest that BYOD is

14 March 2014

hether your facility has a formal “bring your own device” (BYOD) policy or not, chances are good that personal devices are operating on your site. T is fact is

not a dominant factor within his planning, the hospital’s CIO, Rob Roberts, has known for some time that he had to prepare the facility to accommodate outside devices. “We started looking at BYOD about three years ago. We had a lot of people bringing in mobile devices and, actually, our CEO came in with his iPad one day and asked to be hooked up to our network. T at was kind of the writing on the wall for us,” says Roberts. “We knew we were going to have to have some type of policy and process in place for allowing outside devices on our systems. We needed to decide whether or not some devices would access patient health information and then how to make them secure and keep HIPAA compliance.” Many facilities have turned to virtual desktops to meet the need of BYOD and HIPAA demands. Roberts feels such a strategy is not a good fi t for Benson Hospital. “We looked at virtual desktops,” says Roberts. “For small facilities like ours, however, it’s kind of a tradeoff right now, as far as cost and the resource allotment that we would need. We’re talking about less than 10 users that are actively using remote-type services outside of the facility, or coming in and out with devices. A lot of the strategies like virtual desktops that make sense for a bigger facility will make sense for us, at some point in the future, when the costs come down and the management of those types of services is within the grasp of our two-person IT department.” Rather than trying to leverage a cumbersome set of sys-

tems, Roberts sought the help of PFU, a Fujitsu company. He knew they had a line of products called iNetSec Inspec-


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28