What: At Penn Medicine, the emerging trend of bring your own device (BYOD) was not so much about the “if” as it was about the “when.” With almost 20,000 employees, the organization knew it would not be able to provision enough Penn Medicine-funded cell phones for all essential staff. Additionally, many of the key personnel, particularly clinicians, began carrying their own devices and using them as necessary for several kinds of work functions in addition to their personal use. The main tenets associated with Penn Medicine for security and privacy include IT controls, compliance, identity management and user education.
Their strategy covered three main areas:
1. The first part of the strategy focused on developing a method to support a full range of mobile devices
2. The second part of the best practice strategy involved developing policies to govern the appropriate corporate use of the mobile devices
3. The last part addressed configuration standards designed to secure the device and protect Penn Medicine information
Why: Balancing the appropriate security and privacy requirements with the delivery of clinical care and research is a fundamental need to consider in introducing certain types of emerging technologies into an academic medical center. As in Penn Medicine’s situation, most practices will discover that they cannot prevent staff from bringing their own devices and must act preemptively to ensure the integrity of their IT infrastructure.