The use of employee-owned devices in the business setting - often referred to as "bring-your-own-device" or "BYOD" - presents data security challenges for all businesses. In addition to worrying about loss or theft of intellectual property and trade secrets, companies doing business in the health care sector must also ensure compliance with security standards under HIPAA as well as the HITECH Act. As demonstrated by two settlement agreements related to data breaches in the health care context, the risks presented by employee use of personal devices for business purposes are real. If you are interested in learning more about this issue, I encourage you to read an article in HealthData Management written by Stephen Bentfield and Dianne Bourque. It examines the risks associated with BYOD programs in the health care setting and provides tips on development and implementation of compliant policies and procedures.
Karen S. Lovitch is a Mintz attorney who represents health care companies in regulatory, transactional, and operational matters. She advises them on health care regulations such as the Stark Law and the Clinical Laboratory Improvement Amendments of 1988.