For years, many healthcare organizations have opted to purchase mobile devices for their employees. But due to the rapid changes in the mobile market and the negative feedback from employees, many healthcare organizations have decided to permit their employees to use their own mobile devices for work purposes. However, is this policy appropriate for your organization?
IBM recently announced that due to privacy and security concerns, it had banned the use by its employees of Siri, the personal assistant that comes standard on the iPhone 4S. These concerns arise because of the way the Siri software processes requests – it sends them back to Apple. That is, when people speak a command into Siri or ask Siri a question, according to the Licensing Agreement, "the things you say will be recorded and sent to Apple in order to convert what you say into text and . . . to also process your requests." Similarly, IBM has banned Apple's Dictation tool because it can be used to take dictation for text messages and emails. For organizations that have protected health information or other sensitive information (e.g., trade secrets), this process may create problems.
Many organizations adopted Bring Your Own Device policies in an effort to minimize costs and to increase employee efficiency. However, employers must be careful to ensure that the devices used by employees do not contain apps that lead to increased security concerns.
As such, employers who have adopted Bring Your Own Device policies should take the opportunity to audit the devices for compliance with their policies. Additionally, each device should include technology that permits it to be wiped remotely if it is lost and employees should sign an acknowledgment that their device will be wiped if lost. While employees do like using their own devices, a BYOD approach will likely not be appropriate for all healthcare organizations. Organizations that continue down this path should consider refinement of their Bring Your Own Device policies to be more in the nature of "Bring Your Own Pre-Approved Device if You Use it on Our Terms."
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.