Unlocking Healthcare’s Mobile Future: HIPAA-Compliant BYOD

When I’ve talked to CIOs about what’s keeping them up at night, they almost universally answer: security.  No doubt it’s the biggest risk to a healthcare organization and the attackers only need a slight opening in your security defenses to wreak havoc.

That’s why we were particularly interested in this session at HIMSS 2024 that looked at how to create a HIPAA-Compliant BYOD program which balanced the security needs of a healthcare organization while still meeting the workflow needs of their users.  Michael Karnezis, Director of Commercial Sales, and Vernon O’Donnell, President, Field Operations at Hypori did a great job sharing a case study on Alliance Clinical Network‘s BYOD implementation on the Cybersecurity stage.  Here’s our summary of the session with some additional commentary and be sure to check out this summary of the healthcare BYOD session too.

I’ll admit that I’d almost forgotten how many breaches occured on mobile devices.  We hear all the headlines associated with ransomware and phishing attacks that I’m sure that many of us have forgotten how many data breaches are happening because of poorly secured mobile devices.  As O’Donnell from Hypori pointed out, 1/2 of the US population suffered from data breaches and mobile was a major part of it.

Diving deeper into the stats associated with mobile breaches, 100 smart phones are stolen or lost every minute in the US.  The speakers shared that 45% of breaches were occuring on mobile devices.  Plus, healthcare has up to $1.5 Million in HIPAA fines.  Of course, this doesn’t even highlight the impact to a healthcare organization’s reputation and the downtime this can cause as well.

In this case study, they highlighted how Alliance Clinical Network had a number of important reasons why they decided to formalize a HIPAA-compliant BYOD program.  What’s fascinating from a Healthcare IT Today perspective is that we’ve seen every kind of mobile device security effort out there.  It’s true that secondary devices are expensive and have their own logistical challenges.  PHI or other protected organizational data can’t be left on the device without a major impact financially on the organization.  And then of course, we all know how a high level executive’s experience can drive many initiatives at a hospital or health system.

One of the main reasons that Alliance Clinical Network decided to partnered with Hypori was that the virtual image that Hypori provides on users’ mobile devices means that users can access specific data that’s needed for their jobs, but that no data is actually stored on the phyiscal device.  From a security perspective, that’s a big deal since that means there’s no data to lose, no data to leak and no costly hardware!

Another key to Hypori’s efforts to make BYOD secure comes from their work with other clients outside of healthcare including the Department of Defense.  We know how secure the Department of Defense has to be.  It is literally a matter of national security.  It’s great to see healthcare benefiting from the innovations that were first implemented in other industries.

No doubt many reading this will be familiar with MDM (mobile device management) and most are likely using some sort of MDM in their organization.  There’s a lot of value from MDM, but Hypori highlighted some of the challenges and risks associated with MDM versus the Hypori approach of a virtual machine running on the mobile device.  My favorite is that the speed of the device is never less than the speed of Android 13.  Speed has become a big deal for front line workers and having them receive a consistent experience means fewer calls to the help desk.

MDM is risky!

Interesting comparison between MDM and @Hypori_VM.

• No data is ever stored on the device
• No data in transit
• Use on any mobile device
• User can access to multiple environments
• Operates at the speed of Android 13 regardless of physical device#himss24

— Healthcare IT Today (@hcittoday) March 15, 2024

Alliance Clinical Network described well why they decided to take this approach to creating a secure BYOD environment using Hypori:

  • Scalable
  • Conevenient
  • Cost-effective
  • One app HIPAA-Compliant Access to Enterprise Applications and Data

No doubt every organization has thought about securing their mobile device infrastructure.  The question I’d ask is when did you last look at that plan?  When did you last make sure the plan is being followed?  How much has technology changed since you last put that plan together?  Is it time to take a look again before you’re the next victim of a breach?

This was a fascinating use case for us to learn about at HIMSS.  They offered a really innovative and straightforward approach to securing a healthcare organization’s BYOD environment.  What do you think of the approach?  What else are you doing to make sure your organization’s mobile devices are secure?  Let us know if the comments and on social media.

Get Fresh Healthcare & IT Stories Delivered Daily

Join thousands of your healthcare & HealthIT peers who subscribe to our daily newsletter.