Strategy Analytics claims the number of smartphones has exceeded the 1 billion mark as of the third quarter in 2012. Tech Crunch predicts the number of new smartphones and tablets to be purchased in 2013 alone to be 1.2 billion. The speed at which these devices have been adopted and embraced is nothing short of stunning. Just as most of us can barely remember the days before the Internet, we are quickly approaching a time when we can’t imagine how we managed without smartphones and tablets.

Instant accessibility, portability and ease-of-use are key factors in making mobile devices increasingly popular with medical professionals. Because of the phenomenal growth in the number of personal mobile devices as well as their convenience, the bring-your-own-device (BYOD) movement is spilling over into the healthcare field. As with any emergent technological trend, IT departments would be wise to examine not only the good, but the bad as well as the ugly.

The good

While social aspects contribute to our need for connectivity, home and remote offices are now even easier to realize and implement because with mobile devices we’re never that far away from our work and, more importantly, never too far away (virtually) from our colleagues.

With synchronization utilities, you can take your files with you – your desktop files are accessible from all your synced devices. Many features of EMR systems are becoming increasingly available for mobile devices as well. And with a mobile device, colleagues can collaborate anytime, anywhere. Researchers can easily share data.

Mobile devices give workers flexibility that can’t be found being tethered to a desktop. An internist can take a photo of a rash and send it to a dermatologist immediately, while still adhering to HIPAA requirements. Physicians can receive lab results and view them on iPads while they’re doing their rounds or are out of the office.

The bad

While a few EMR vendors have developed apps for portable devices, it is important for users and administrators to remember that it took years – decades, even – to develop those systems. In the rush to market, these new apps have not had the advantage of such extensive and thorough R&D, and one of the biggest issues with them is security of confidential information.

Until that is resolved, professionals using mobile devices must still adhere to not only organizational policies but also to state and federal mandates regarding electronic protected health information.

The ugly

With the plethora of devices available, not all of them will be compatible with the software or tools you use to manage security. For larger organizations, this can be a major headache – and take up significant support time.

It is no secret that user-owned smartphones and tablets can make the work of the IT department that much more challenging. How IT incorporates these devices into their network and data repositories can affect the overall security of the organization. Some companies and organizations do have policies and procedures around employees using their personal phones and tablets for work. But once you allow personal devices access to corporate networks and data, you’ve added a new potential outlet for confidential information.

As files and other work-related information are accessible through our devices, the more likely we’re going to use them. And the more we use and carry mobile devices, the risk of losing them also grows. The potential for losing your cell phone inadvertently or by theft, according to some reports from Pew Research and Mashable, are as high as 50 percent in certain areas, especially for certain age groups. Beyond physically losing a phone, there’s also the virtual loss of data, which is the more critical aspect – loss of sensitive email and confidential files can lead to identity theft as well as possible compliance or regulatory violations and fines.

Some advice
For many organizations, BYOD is here to stay, so at some point, if you haven’t already, you will need to map out your strategy for accepting personal devices into your organization. For those whose organizations are allowing personal devices to be used, here a few parting thoughts:

1. Set expectations around security and whether additional software must be installed to lock down and protect the device. For example, if someone loses a device that contains corporate data, the company may want to wipe the device.
2. Create a written policy detailing what type of work-related activity is allowed on the device – whether certain information can be accessed, e-mail, files, etc. And make sure you train all your users so that they fully understand the policies and know what type of suspicious apps or activity they should watch out for.
3. Enable as much security as possible in the device. Require PINs or passwords when unlocking the device, install mobile device management software, and choose apps that encrypt data at rest.
4. Look for apps that provide auditability, reporting tools and centralized control. Apps that include these features help with visibility and management for the IT team.

Overall, BYOD can be a very positive change, enhancing workers’ productivity, but it can make the work of your IT department more challenging. Portability, ease-of-use and anytime access are but some of the benefits.

It’s important, however, for your organization to understand the security risks involved. If your organization decides to allow the use of personal devices, be sure to have your strategy in place from the start – having to go back and change policies or expectations can be difficult once a behavior has been established. A solid base of rules and regulations will hopefully provide unambiguous guidance and meet all present security requirements, but keep in mind that the technology and how devices are used will continue to change.

We’re in the early stages of this mobile device revolution and I think we have yet to see the full potential of the good, bad, and ugly aspects of mobile devices.

Bill Ho is president of Biscom, an enterprise secure file transfer and fax solution provider with an extensive healthcare practice.