ISACA Journal Author Blog

ISACA > Journal > Practically Speaking Blog > Posts > Health Care: The Perfect Storm

Health Care:  The Perfect Storm

| Published: 10/6/2014 3:47 PM | Category: Risk Management | Permalink | Email this Post | Comments (0)
Giuliano PozzaGiuliano Pozza
I believe discussions about bring your own device (BYOD) should take cultural and organizational context into account. There is no right or wrong BYOD-related decision in an absolute sense; you must put it into the right perspective. That is why I will start setting the context. I am working as a health care chief information officer in Italy, where IT spending, IT staffing and IT governance are chronically underestimated. Our health care model is fragmented at the regional level, with little coordination and supervision at the national level; this is the reason why international health care IT players are basically not present in Italy. The consequences are beginning to be evident. Our information systems are often outdated legacy systems. From the cultural point of view, I must say health care is one of the most stimulating fields in which to work. Diverse cultures (doctors, nurses, staff, social operators, and information and communications technology professionals) are working together, and this provides an absolute value and richness. But I cannot avoid noticing that, up until now, I have not seen an “IT-savvy” culture emerge in any of the institutions I know.

On the other hand, innovation is pushing its way into health care, above all in the clinical engineering field. Again, this is extremely positive, since new medical devices and better technologies for the operating theaters mean better outcomes for patients. Pervasive innovation also means better lifesaving devices, such as new-generation wireless-enabled pacemakers. Mobile health is a reality in many hospitals, albeit often built on the weak foundation of high-risk legacy systems. New regional electronic health record systems are under construction in many areas, and health care applications are spreading fast.

My recent Journal article gives readers a glimpse into the dynamic and complex health care setting. Viewed in this context, BYOD could be an opportunity or a risk at the enterprise and patient level. In my article, I explain the key questions to be asked before implementing a BYOD strategy in a hospital or before deciding not to implement a BYOD strategy, which is a challenging option as well.

An ineffective BYOD strategy could end up opening information systems to data thieves; data breaches in health care are growing exponentially. For example, the US Federal Bureau of Investigation (FBI) warned those in the health care industry about hackers, and in August, Community Health Systems in Franklin, Tennessee, USA,  announced that hackers stole data on approximately 4.5 million patients. Even worse, if you do not plan well and better execute your BYOD or lack thereof, you could end up with life-threatening situations for your patients, as I explain in my Journal article.

Health care, as mentioned in the FBI private industry notification, is more fragile than other industries. That is striking since, as a consumer, I would put more trust   in a setting where I risk my life, such as in health care, than in banking. I think this is the time to wake up and to review how we deal with information systems in health care. It is not only a matter of BYOD; it is a matter of protecting our sensitive health care data and, in extreme situations, our lives.

Read Giuliano Pozza’s recent Journal article:
Beyond BYOD,” ISACA Journal, volume 5, 2014.


There are no comments yet for this post.