NR 512 Week 7 Discussion Activities: Safeguarding Health Information and Systems

NR 512 Week 7 Discussion Activities: Safeguarding Health Information and Systems

NR 512 Week 7 Discussion Activities: Safeguarding Health Information and Systems

A new concept for some organizations is to allow nurses to bring in their own devices known as bring your own devices (BYOD) to use at work. What are some of the security issues you might encounter if this were allowed? How would you address these issues? 

My workplace would never allow for us to bring our own devices into the facility! I was quite surprised to find out that this was a thing!
Upon doing some research on this topic I found out some interesting facts. I found it interesting that BYOD encompasses more than just computers. It also means that employees may use smartphones, tablets, kindles, and more for their work. The concept of BYOD includes personal software and services, as employees use iCloud services and other tools on the web (Eschelbeck & Schwartzberg, 2017). 

To begin, I will discuss the security issues that would be encountered. It’s risky to assume that prohibiting the use of personal devices solves the problem. I say this because the average employee ends up using their own device anyway because it is not monitored by work place security policies. But, regardless of what you think about BYOD and however workplaces choose to

implement it, IT managers should treat it the same way as any introduction of innovative technology: with a controlled and predictable deployment of security (Eschelbeck & Schwartzberg, 2017). 

When it comes to devices being introduced into the workplace, a few questions should be addressed. 

1) Who owns this device?  

Is this a trustworthy person? In the past, the company owned the devices, whereas in this case. the employee owns the device (Eschelbeck & Schwartzberg, 2017). 

2) Who manages this device? 

How is security going to be managed, if the employee is in charge (Eschelbeck & Schwartzberg, 2017)? 

3) Who secures this device? 

Accountability is not something that goes away for an employee just because they personally own the device (Eschelbeck & Schwartzberg, 2017). 

All organizations have the flexibility to embrace BYOD as much as they feel reasonable. But, there are companies who have decided the risk is too great and choose not to implement a BYOD program (Eschelbeck & Schwartzberg, 2017). 

In May 2012, a facility banned its 400,000 employees from using their own devices and their own applications because of the concerns about data security. The facility also banned cloud storage services such as Dropbox, as well as Siri. Since Siri listens to spoken requests and sends these requests to Apple’s servers where they are deciphered into text they found this could be a HIPAA violation along the line. They also banned Siri because she can create text messages and emails on voice command, but some of these messages could contain sensitive and private information (Eschelbeck & Schwartzberg, 2017). 

Ultimately, the success of the BYOD program is measured by the employees’ willingness to use their personal devices within the rules set for them. The organization’s security procedures and policies should determine whether and how BYOD is utilized. If adopted into a company, BYOD users need to have the ability to enforce security policies on their device and protect their property if that device is ever lost or stolen (Eschelbeck & Schwartzberg, 2017). 

A couple other security concerns include: 

-Being able to register employee devices with the company for monitoring purposes (Matteucci, 2017). 

-Implementing password protection, antivirus and back-up software for all devices (Matteucci, 2017). 

-Preventing the use of public WiFi networks (Matteucci, 2017). 

-Downloading company information on home computers (Matteucci, 2017). 

-Cleaning/resetting the devices entirely when employees quit or are terminated (Matteucci, 2017). 

References: NR 512 Week 7 Discussion Activities: Safeguarding Health Information and Systems

Eschelbeck, G., & Schwartzberg, D. (2017). BYOD Risks and Rewards: How to keep employee smartphones, laptops and tablets secure. SOPHOS,2(10), 1-7. 

Matteucci, G. (2017, April 21). The Pros and Cons of Bring-Your-Own-Device (BYOD) for Your Mobile Field Workforce – Field Force Friday. Retrieved April 09, 2018, from http://www.msidata.com/pros-and-cons-of-byod-in-mobile-field-workforce 

highlights the success of BYOD relying on staff willingness to use their personal device. If a device is required to complete the functions of your job should the organization be accountable to this cost? Defend your perspective. 

I feel the employee should be compensated to some extent for being required to use their own personal device at work. Also, if an employee is required to use their own personal device are they in jeopardy of having their personal information contained on the phone made public to the employer? Basically, by using their personal phone at work and accepting compensation for it, have they given up their right to personal privacy? I guess it all depends on the agreements made with the employer and this agreement should be carefully consider by the employee. There is no doubt that employers will save time and money by allowing employees to use their own devices but is this best for the employee? 

A recent article mentions that expense reimbursement for use of personal cell phones for work activities is required depending of which state one lives in (Lannon & Schreiber, 2018). This same article goes on to discuss a law in California that requires employers to pay at least part of an employee’s wireless voice and data plan if it is required at work (Lannon & Schreiber, 2018). After further research I found the actual California Labor Code 2802 (a) that basically states that the employer is responsible for all expenditures or losses incurred by the employee in direct consequences of discharging their duties (leginfo.legislature.ca.gov). This means employers need to seriously research this topic depending in which state they reside before they end up in trouble for non-compensation. While employees need to fully understand if their personal right to privacy can be breached by their employer.    

Code Section. (2016, January 1). Retrieved April 10, 2018, from https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=LAB§ionNum=2802. 

 Lannon, P. G., & Schreiber, P. M. (2018, March 30). BYOD Policies: What Employers Need to Know. Retrieved April 10, 2018, from https://www.shrm.org/hr-today/news/hr-magazine/pages/0216-byod-policies.aspx 

I agree with you that employees should definitely be compensated at least in part if requiring BYOD for work purposes. I personally would not want to use my own device at work due to the fact that the device would likely have to stay with the IT department and be canvassed and scanned for security purposes. While I understand the benefit of using these devices at work in terms of work flow, I do not wish to subject my information and privacy to the public, especially since often tax information, etc., is saved onto personal devices. I think one thing to take into consideration is the right of the employee’s privacy and protection in this particular situation, we have rights as well, and employers need to have a very specific and ethically sound position in their BYOD policy if they want to require this of workers. 

I also agree that the risk to using my personal device at work pose a conflict of interest if I am using my work computer for home use also. My personal computer stores my and my kids activities, pictures, Facebook, email, and so much more. I would hate to feel like my personal life if need be would subject to security checks and probing. My children also often times use my laptop and tablet if they need to do homework, play games, or just surf the internet which also places my computer many times to virus and lost data. BYOD is a convenient form of having 24 hour access to work if needed but the cost of personal and professional privacy must seriously be assessed and monitored. Healthcare workers today are eager to use their personal devices on the job but studies have should that the implications to doing so allows a platform for businesses to push corporate policies and mandates to private devices (Williams, 2014) 

Reference: 

Williams, J. (2014). Left to their own devices how healthcare organizations are tackling the BYOD trend. 

     Biomedical Instrumentation & Technology,48(5), 327-399. 

your post makes a very good point about the safety and security of personal devices in the work place.  I never considered being subject to privacy invasion by a company’s IT department until I read your post. This is the double-edged sword of technology.  Technology is helpful in our busy world but at what cost?  I would like to ask, how do you think compensation should be determined for using personal devices at your place of employment?  I would think the individual could be compensated using a tax write off or the compensation could be in the form of replacement insurance if the phone is lost, stolen or damaged.  It seems the BYOD may pose more questions than answers.  I am glad I learned about this trend in healthcare, perhaps I will be able to research more in order to make an informed decision should I want to BYOD in the academia setting. 

Read Also: NR512 Second Life (SL) Scavenger Hunt Work Sheet