Accepted for/Published in: JMIR mHealth and uHealth
Date Submitted: Feb 9, 2020
Date Accepted: Apr 9, 2020
Warning: This is an author submission that is not peer-reviewed or edited. Preprints - unless they show as "accepted" - should not be relied on to guide clinical practice or health-related behavior and should not be reported in news media as established information.
Hospital BYOD Security Challenges and Solutions: A Systematic Review of Grey Literature
ABSTRACT
Background:
As the familiarity and convenience of using personal devices in hospitals helps in improving productivity, efficiency and workflow of hospital staff, the healthcare BYOD market is growing consistently. However, security concerns due to lack of control over personal mobile devices of staff, which may contain sensitive data such as personal health information of patients makes it one of the biggest healthcare IT challenges for the hospital administration.
Objective:
Given that hospital BYOD security hasn’t been adequately addressed in peer-reviewed literature, the aim of this paper is to identify key security challenges associated with hospital BYOD use as well as relevant solutions which can cater to the identified issues by reviewing grey literature. This research will therefore provide additional practical insights from current BYOD practices.
Methods:
A comprehensive grey literature review was conducted which followed the stepwise guidelines and quality assessment criteria set out by Garousi et al.(2018). Searched literature included tier 1 sources such as healthcare cybersecurity market reports, whitepapers, guidelines, policies and frameworks as well as tier 2 sources such as credible and reputed health IT magazines, databases, and news articles. Moreover, a deductive thematic analysis was carried out to organise the findings based on Schlarman’s (2006) People Policy Technology (PPT) model, promoting a wholistic understanding of hospital BYOD security issues and solutions.
Results:
A total of 51 sources were found matching the designed eligibility criteria. From these studies, several socio-technical issues were identified from the literature. Major challenges identified were use of devices with insufficient security controls by hospital staff, lack of control/visibility for management to maintain security requirements, lack of awareness among hospital staff, lack of direction or guidance for BYOD usage, poor user experience, maintaining legal requirements, cybersecurity skills shortage and lost devices. While technologies such as Mobile Device Management (MDM), Unified Endpoint Management (UEM), containerisation, and Virtual Private Network (VPN) allow better BYOD security management in hospitals, policies and people management measures such as a strong security culture and staff awareness and training improves staff commitment in protecting hospital data.
Conclusions:
The findings suggest that in order to optimise BYOD security management in hospitals, all three dimensions of the security process (People, Policy and Technology) need to be given equal emphasis. As the nature of cybersecurity attacks is becoming more complex, all dimensions should work in close alignment with each other. This means that with modernisation of BYOD technology, BYOD strategy, governance, education and relevant policies and procedures also need to adapt accordingly.
Citation
Request queued. Please wait while the file is being generated. It may take some time.
Copyright
© The authors. All rights reserved. This is a privileged document currently under peer-review/community review (or an accepted/rejected manuscript). Authors have provided JMIR Publications with an exclusive license to publish this preprint on it's website for review and ahead-of-print citation purposes only. While the final peer-reviewed paper may be licensed under a cc-by license on publication, at this stage authors and publisher expressively prohibit redistribution of this draft paper other than for review purposes.