The demand for using personal devices in hospitals (BYOD) has increased rapidly over the years. However, BYOD also means that healthcare organisations are at great risk of leaking sensitive information assets like Personal Health Information (PHI) of patients, given that personal devices are outside the control of hospital IT management and may lack important security measures. Hence, the aim of this research is to develop a mitigation strategy which can cater to such security issues.
A comprehensive literature review was conducted to identify BYOD security issues and mitigation solutions. This was followed by using two existing security frameworks, the BYOD security framework and People Policy Technology (PPT) model to shape a stepwise mitigation strategy. Technical, managerial and social issues were identified which include unsecure user behaviour by hospital employees, lack of security awareness, usability issues, legal requirements and lost devices.
The mitigation strategy elucidates that while information and communication technologies allow better enforcement of security measures; policies and training provide the desired guidance to influence positive user behaviour among employees. The paper also discusses the need for a balance between usability and security in the success of BYOD in hospitals and hence provides systematic guidelines to curb BYOD security risks in hospitals.