HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Survey Shows U.S Companies Are Saying Bye Bye to BYOD

Bring Your Own Device (BYOD) schemes have proved popular in the healthcare industry. Physicians, nurses and other healthcare workers have petitioned healthcare providers to allow the use of personal Smartphones, tablets and laptops at work, and many have given in and introduced BYOD schemes.


The Benefits of BYOD


Financial constraints often hinder the uptake of new technology, and BYOD offers a cheap and convenient solution. The benefits of Smartphones and tablets can be gained, without the cost of having to purchase, maintain – and replace every 2-3 years – mobile devices for all physicians, nurses, and care providers.

Uptake was rapid in many industries, although slower in the healthcare industry due to heavy regulations covering data privacy and security. Over the past five years, more and more healthcare providers have started to embrace BYOD and are now enjoying the benefits; as are physicians, nurses and other healthcare workers opting into the scheme.


BYOD Security Risks


Personal devices can be used in a healthcare setting, although not without a number of controls to keep the devices secure. Policies must be put in place covering the allowable uses of the devices, security controls implemented to prevent accidental exposure of data, and remote data deletion must be possible. The staff must be trained on privacy and security regulations, and the allowable uses of the devices for work purposes.

Get The Checklist

Free and Immediate Download
HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Personal devices contain many apps and methods of communication: SMS, chat and VOIP programs (Facebook Messenger, Skype, WhatsApp); file sharing and cloud storage services (Dropbox, Google Drive etc.); and other apps that have potential to compromise the phone and the data stored on it.

The alternative – supplying devices to healthcare professionals – does not eliminate all of the security risks associated with mobile devices, but it does make those risks far easier to manage and control.


The Alternative May be Costly, but not as Costly as Data Breaches


Over the past few years, popularity of mobile devices has grown and with it the number of companies introducing BYOD schemes. Many believed BYOD was here for good, as it was the most cost effective way of leveraging the benefits of Smartphones and tablets without having to cover a considerable cost.

However, private companies are now abandoning BYOD and are absorbing the cost of purchasing mobile devices. It is seen as being much cheaper than covering the cost of data breaches which are believed to be inevitable with BYOD in operation.

Employer-supplied devices are much easier to control, secure, manage and maintain. They can be pre-loaded with apps, HIPAA-compliant SMS messaging services, and the appropriate security controls. It is also much easier for functions to be restricted and harder for security controls to be bypassed.

CompTIA Survey Shows Fall in Number of Companies Allowing BYOD


CompTIA, a not-for-profit IT trade association, recently conducted an online survey on IT professionals employed in a wide variety of private businesses in the United States. CompTIA quizzed IT professionals on their organizations’ stance on BYOD between April and May of this year. 375 completed surveys were received.

CompTIA determined that 53% of private companies now have a “no BYOD” policy in place, and ban the use of personal devices at work. Personal laptops, tablets and Smartphones cannot be used, instead these are provided by the company.

40% of respondents said they had a “partial BYOD” policy, meaning personal devices were allowed to access work systems, although some devices were provided by the company.

In 2013, 58% of companies had a full BYOD policy in operation. That fell to 50% in 2014 and 40% in 2015. A “No BYOD” policy was adopted by 34% of companies in 2013, which rose to 45% in 2014 and 53% this year.

According to Tim Herbert, CompTIA senior vice president for research and market intelligence, “It’s not quite the death of BYOD, but there does seem to be a decrease in the use of BYOD in enterprises.”

He said in the report, “There is a clear move towards a policy of no BYOD.” He also pointed out that “[employees] are often happy to take a corporate device if it is the same thing they would choose on their own.”

Banning the use of mobile devices is not an option, but banning BYOD without providing an alternative is asking for trouble. Herbert says, “Ambitious employees will find ways to utilize personal devices and applications even if they are forbidden.” He proposes that the provision of devices by employers is the best way to ensure employees use mobile devices in secure manner. Risks can be reduced, and therefore so will the number of data breaches suffered.

The report predicts global sales of smartphones and tablets will reach $484 billion with cloud spending reaching $118 billion. The report says this is where 100% of IT growth will take place in 2015.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.