RESUMEN
OBJECTIVE: Healthcare professionals are known to use their personal devices extensively for work purposes (Bring-Your-Own-Device). However, it is also a source of major concern for healthcare organisations, given the heavy reliance of patient data privacy on clinician's usage behaviour and higher risk of data breaches. Previous research into hospital BYOD security has been scarce and fragmented. Therefore, the aim of this paper is to understand the preferences, behaviour, and knowledge of Australian hospital clinical staff with respect to BYOD security through a survey. METHOD: An online survey was conducted among clinicians working in Australian hospitals, asking them about their BYOD related user behaviour, knowledge of best practices, and support received from their hospitals. Descriptive statistical analysis and cross tabulation were carried out on the survey data. RESULTS: Majority of the surveyed clinicians used BYOD (87%). Some of the good behavioural practices found included use of passcode: (91.95%), never disclosing password (67.82%); strong passwords (63.22%) and no storage of patient data (59.77%) on BYOD devices. However, several risky practices were also found, particularly when usability or clinical workflow mattered to clinicians including use of personal/social apps for clinical communication (e.g. SMS: 57.47%, WhatsApp: 39.08%); connecting BYOD devices containing patient data to public hotspots (40.23%) and use of a common data backup platform for personal and patient data (79.93%). A large proportion of surveyed clinicians were either unaware or didn't receive BYOD related security training (74.71%) or policy (39.08%), but those who did were more confident across all aspects of BYOD security asked in the survey, indicating their importance. CONCLUSION: By taking a wholistic and socio-technical view, this study helps us to better understand BYOD related security behaviour of hospital-based clinicians and its consequential implications. It can therefore provide important insights for both technical and clinical stakeholders of BYOD within hospitals.