Benson Hospital finds solution to BYOD flexibility, security

Tools

Bring-your-own-device (BYOD) practices are popular in some healthcare settings, where many physicians and care providers are "associates" to a hospital or healthcare center, not employees.

But whether a hospital has a formal BYOD program or not, a CIO must operate on the assumption that there are many personal devices accessing its networks.

"That fact is a critical consideration given that to be compliant with the Health Insurance Portability and Accountability Act (HIPAA), healthcare organizations must create policies and processes that take on managing, classifying and maintaining real-time knowledge of all network activity, regardless of whether the activity is conducted on company or personal devices," explains an article at Insurance News Net.

The article offers the example of Benson Hospital, located about 45 miles east-southeast of Tucson, Ariz. Benson Hospital is a general medical and surgical hospital with 22 beds and 125 employees. While the hospital is small in size, CIO Rob Roberts knew for some time that he had to prepare the facility to accommodate outside devices.

"We started looking at BYOD about three years ago. We had a lot of people bringing in mobile devices and, actually, our CEO came in with his iPad one day and asked to be hooked up to our network. That was kind of the writing on the wall for us," Roberts is quoted as saying.

Rather than trying to leverage a cumbersome set of systems, Roberts sought the help of PFU, a Fujitsu company. The CIO used the company's iNetSec products to classify and label each hospital device with specific risk assessments attached, the article explains. He also created a very restrictive policy on who can bring their own device into the hospital and what network each device can access.

"Other facilities have physicians bringing in their tablets and other personal devices, and they run critical software on those devices," Roberts is quoted as saying.

"We don't allow that here. We have only a few physicians bring in their own tablets, and they can access clinical applications through a remote portal. By doing this, we do not have to actively monitor those devices as the level of detail that a lot of other facilities may. The Fujitsu products give us that much-needed freedom," Roberts concludes.

For more:
- check out the case study on Benson Hospital

Related Articles:
What you gonna do when they say good-bye?
BYOD success starts with employee training
BYOD 'kill switches' off false security