With the digital age upon us, there is an undeniable trend of looking for better ways to simplify our lives. In particular, in professional settings where we lean heavily on mobile devices to increase accessibility and streamline workflow. However, as this dependency on technology grows, so too has the threat of losing valuable, personal information–as showcased in last week’s blog “5 Risks Associated with Using Mobile Devices in Healthcare.” Since there is no getting away from this trend, we must adapt all around, including our hospitals to develop the necessary policies and procedures for mobile use in healthcare.
Here are 5 things you should consider when developing policies and procedures to safeguard your health information:
BYOD – Bring your own device
Should the organization allow staff to use their personal devices for professional use? If so, are there limitations to what can and cannot be accessed on their device. If not, should staff be allowed to connect to the organization’s network at all?
Should you apply restrictions?
Ask what should be accessible on a mobile device. For example, should staff be able to access patient information on their mobile device, and if so should they be restricted from using their device when away from the organization?
Should staff be restricted to the type of information that can be stored on their device? For example, should staff be allowed to store patient or hospital information on their device, and if so where and for how long?\
Does the organization have a policy regarding misuse of devices? For example, what constitutes misuse and how will it be addressed?
Recovery or Deactivation Protocol
What is the protocol for lost or stolen devices? Does the organization have the ability to wipe or disable devices? Something that is often overlooked is a procedure to recover mobile devices from employees after their employment ends.
When building out your organization’s healthcare mobile policies and procedures these are some great questions to consider to ensure comprehensive safeguarding. But it’s never enough to just say “here are the rules, now follow them.” While policies and procedures are a great way to build a foundation, offering training to help staff realize the risks, understand how to protect their device, and how they’re accountable for their device and the information stored on it. This step is just as vital as the healthcare mobile policies and procedures themselves, so be sure not to skip this.