Are Workarounds Putting Your Sensitive Healthcare Data at Risk?
In my last blog, I mentioned a global survey of frontline healthcare workers completed January 2013 by HIMSS and Intel on what motivates the use of workarounds, what types of workarounds are being used, and where there may be challenges in privacy and security.One of the most interesting questions from the survey asked healthcare workers was, “How commonly do ‘workarounds’ happen in your organization, which may involve the use of alternative tools such as personal device/apps or social media that may be out of compliance with policy?”.The results found that 22 percent of healthcare workers indicated they use workarounds every day, and 30 percent indicated using workarounds sometimes. Combined these represent more than half of 674 global healthcare worker respondents that acknowledge using workarounds, risking the confidentiality and integrity of sensitive healthcare data. Workarounds may include personal smartphones, tablets, laptops, USB keys, apps, email, texting, social media and others. The interesting thing about these types of risks is that they can happen even with thin client/VDI solutions, and even the most secure platform including corporate provisioned devices can be impacted if the healthcare worker has personal devices on them, is able to install apps, can use social media, do text messaging and so forth.A key take-away of this result is that the use of workarounds is currently real, serious, and should be included in risk assessments done by healthcare organizations. These types of risks are also poised to grow as healthcare workers are increasingly empowered with more exciting and powerful personal devices, apps, social media and tools they can and do use to improve healthcare, but in many cases inadvertently also add privacy and security risk.Stay tuned for more information in my weekly blog series. Next week we’ll look at the specific motivations and drivers that are compelling healthcare workers to use workarounds, ranging from healthcare solutions that are unusable, to IT departments that are too slow to enable new technologies and apps, to cumbersome security controls that are impeding healthcare workers.Are you currently including risks of workarounds used by healthcare workers in your risk assessments?If you will be at HIMSS13 in New Orleans, join us for a workshop panel to explore this concept further. RSVP and reserve your spot.