NR 512 Week 7 Discussion Activities: Safeguarding Health Information and Systems

NR 512 Week 7 Discussion Activities: Safeguarding Health Information and Systems

NR 512 Week 7 Discussion Activities: Safeguarding Health Information and Systems

My workplace would never allow for us to bring our own devices into the facility! I was quite surprised to find out that this was a thing!
Upon doing some research on this topic I found out some interesting facts. I found it interesting that BYOD encompasses more than just computers. It also means that employees may use smartphones, tablets, kindles, and more for their work. The concept of BYOD includes personal software and services, as employees use iCloud services and other tools on the web (Eschelbeck & Schwartzberg, 2017).

To begin, I will discuss the security issues that would be encountered. It’s risky to assume that prohibiting the use of personal devices solves the problem. I say this because the average employee ends up using their own device anyway because it is not monitored by work place security policies. But, regardless of what you think about BYOD and however workplaces choose to implement it, IT managers should treat it the same way as any introduction of innovative technology: with a controlled and predictable deployment of security (Eschelbeck & Schwartzberg, 2017).

When it comes to devices being introduced into the workplace, a few questions should be addressed.

1) Who owns this device? 

Is this a trustworthy person? In the past, the company owned the devices, whereas in this case. the employee owns the device (Eschelbeck & Schwartzberg, 2017).

2) Who manages this device?

How is security going to be managed, if the employee is in charge (Eschelbeck & Schwartzberg, 2017)?

3) Who secures this device?

Accountability is not something that goes away for an employee just because they personally own the device (Eschelbeck & Schwartzberg, 2017).

All organizations have the flexibility to embrace BYOD as much as they feel reasonable. But, there are companies who have decided the risk is too great and choose not to implement a BYOD program (Eschelbeck & Schwartzberg, 2017).

In May 2012, a facility banned its 400,000 employees from using their own devices and their own applications because of the concerns about data security. The facility also banned cloud storage services such as Dropbox, as well as Siri. Since Siri listens to spoken requests and sends these requests to Apple’s servers where they are deciphered into text they found this could be a HIPAA violation along the line. They also banned Siri because she can create text messages and emails on voice command, but some of these messages could contain sensitive and private information (Eschelbeck & Schwartzberg, 2017).

Ultimately, the success of the BYOD program is measured by the employees’ willingness to use their personal devices within the rules set for them. The organization’s security procedures and policies should determine whether and how BYOD is utilized. If adopted into a company, BYOD users need to have the ability to enforce security policies on their device and protect their property if that device is ever lost or stolen (Eschelbeck & Schwartzberg, 2017).

Click here to ORDER an A++ paper from our Verified MASTERS and DOCTORATE WRITERS NR 512 Week 7 Discussion Activities: Safeguarding Health Information and Systems:

A couple other security concerns include:

-Being able to register employee devices with the company for monitoring purposes (Matteucci, 2017).

-Implementing password protection, antivirus and back-up software for all devices (Matteucci, 2017).

-Preventing the use of public WiFi networks (Matteucci, 2017).

-Downloading company information on home computers (Matteucci, 2017).

-Cleaning/resetting the devices entirely when employees quit or are terminated (Matteucci, 2017).

References:

Eschelbeck, G., & Schwartzberg, D. (2017). BYOD Risks and Rewards: How to keep employee smartphones, laptops and tablets secure. SOPHOS, 2(10), 1-7.

Matteucci, G. (2017, April 21). The Pros and Cons of Bring-Your-Own-Device (BYOD) for Your Mobile Field Workforce – Field Force Friday. Retrieved April 09, 2018, from http://www.msidata.com/pros-and-cons-of-byod-in-mobile-field-workforce

If a device is required to complete the functions of your job should the organization be accountable to this cost? Defend your perspective.

I feel the employee should be compensated to some extent for being required to use their own personal device at work. Also, if an employee is required to use their own personal device are they in jeopardy of having their personal information contained on the phone made public to the employer? Basically, by using their personal phone at work and accepting compensation for it, have they given up their right to personal privacy? I guess it all depends on the agreements made with the employer and this agreement should be carefully consider by the employee. There is no doubt that employers will save time and money by allowing employees to use their own devices but is this best for the employee?

A recent article mentions that expense reimbursement for use of personal cell phones for work activities is required depending of which state one lives in (Lannon & Schreiber, 2018). This same article goes on to discuss a law in California that requires employers to pay at least part of an employee’s wireless voice and data plan if it is required at work (Lannon & Schreiber, 2018). After further research I found the actual California Labor Code 2802 (a) that basically states that the employer is responsible for all expenditures or losses incurred by the employee in direct consequences of discharging their duties (leginfo.legislature.ca.gov). This means employers need to seriously research this topic depending in which state they reside before they end up in trouble for non-compensation. While employees need to fully understand if their personal right to privacy can be breached by their employer.  

Code Section. (2016, January 1). Retrieved April 10, 2018, from https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=LAB§ionNum=2802. Lannon, P. G., & Schreiber, P. M. (2018, March 30). BYOD Policies: What Employers Need to Know. Retrieved April 10, 2018, from https://www.shrm.org/hr-today/news/hr-magazine/pages/0216-byod-policies.aspx

With the new advances in technology, some hospitals are now allowing nurses to bring their own devices (BYOD) to work. Although an interesting concept, there could be many challenges and security breaches with this new idea. We are not supposed to have personal cell phones in patient sight at my hospital, but the computers have blocked all websites. I use my phone at work to look up BiliTool for jaundiced babies, I calculate medications if I think a dose looks funny, and I occasionally use my phone to text the attending if it does not require an urgent phone call. Having phones out may seem unprofessional, but it may become the new normal.

For the longest time, physicians have had access to patient information at home. The concept is similar to BYOD. The first issue and most important is the security of mobile devices/personal telephones with the patient information on it. Operating systems do not provide adequate security to protect data from threats (Armando, Costa, Merlo, & Verderame, 2015). If the system is exploited, the phone itself and data may become compromised (Toperesu & Van Belle, 2017). Patient information may get stolen and shared. Fortunately, this issue can be addressed by the safeguards of mobile device management, controlling who can have access to the information, and wiping patient data from the device (Toperesu & Van Belle, 2017).

I would address the issue by making everyone have locks and passwords or fingerprint access on their personal devices. This ensures only the person owning the phone could gain access to personal information if the phone were in plain sight or stolen. It is also up to the management or hospital organization on what conditions the information works (Armando et al., 2015). This could potentially mean the nurse cannot have access to the internet or social media while patient information is downloading (Armando et al., 2015). I do not think patient information is ever 100% confidential. Once things are on the computer or internet, they are out there forever. There are many hackers and viruses out there, but these ideas could potentially protect patient details a little more than an everyday cell phone.

Armando, A., Costa, G., Merlo, A., & Verderame, L. (2015). Formal modeling and automatic enforcement of bring your own device policies. International Journal of Information Security, 14(2), 123-140. doi:10.1007/s10207-014-0252-y

Toperesu, B., & Van Belle, J. (2017). Organisational capabilities required for enabling employee mobility through bring-your-own-device concept. Business Systems Research, 8(1), 17-29. doi:10.1515/bsrj-2017-0002