Litcius/Paper detail

Status of bring-your-own-device (BYOD) security practices in Australian hospitals – A national survey

Tafheem Ahmad Wani, Antonette Mendoza, Kathleen Gray, Frank Smolenaers

2022Health Policy and Technology21 citationsDOIOpen Access PDF

Abstract

The use of personal devices for work purposes (BYOD) is in high demand among healthcare professionals as it improves productivity. However, it can also lead to an increased risk of leaking sensitive patient information, being a major challenge for hospital management. The authors identified a dearth of empirical studies concerning BYOD security practices in hospitals. Hence, the aim of the paper was to report BYOD security practices in Australian hospitals through a national survey, first of its kind. Online survey was conducted among hospital IT personnel, enquiring about BYOD security practices. 28 responses were collected (21 hospital groups; 7 standalone hospitals), representing approximately 100 public hospitals. Descriptive statistical analysis and cross-tabulation were carried out on survey data. BYOD was generally allowed across most device types (smartphone:100%; tablet:70%; laptop:70%) and operating systems (apple:100%; android:96%; windows:74%), but generally for the use of basic services such as email (100%). Majority of hospitals use generic security technologies (firewall:87%; two-factor authentication:70%; VPN:65%), whereas BYOD specific technologies (MDM:43%; containerisation:39%; UEM:4%) haven't been widely adopted. Less than half of the surveyed hospitals have a BYOD policy (45%). Staff education though provided in majority of surveyed hospitals (60%), is not comprehensive and regular. Lack of engagement with clinical staff for BYOD strategy development was also found (23%). This research provided a comprehensive view of socio-technical BYOD security practices in Australian hospitals, highlighting its strengths, weaknesses, and the consequential implications, which can therefore provide useful insights for hospital IT executives and health departments.

Topics & Concepts

Bring your own deviceLaptopBusinessHealth careAndroid (operating system)Mobile deviceInternet privacyMedicineComputer securityComputer scienceWorld Wide WebPolitical scienceLawOperating systemElectronic Health Records SystemsPrivacy, Security, and Data ProtectionMobile Health and mHealth Applications