Arbitrary Hospital IT Security

A really great quote came out of the mHealth Summit this week that’s worth sharing with this audience:

My favorite example of this is when a hospital makes it a policy that Facebook is not allowed in the office. The problem with this policy is just as the tweet above states, employees will find a way to work around the policy. Sure, you can block Facebook on your local network. However, pretty much every employee has a cell phone in their pocket which they can use to access Facebook if they want to access it. Do you really want to relegate your staff to taking their cell phone in the bathroom to check Facebook?

Instead of trying to control your workers which usually backfires with them working around your policies, I like to look at ways to empower your workers. In this case, instead of banning Facebook, you teach them appropriate and inappropriate use of Facebook during work hours. This empowers your employees to do the right thing as opposed to trying to control their actions through some arbitrary security policy which is impossible to enforce.

About the author

John Lynn

John Lynn

John Lynn is the Founder of, a network of leading Healthcare IT resources. The flagship blog, Healthcare IT Today, contains over 13,000 articles with over half of the articles written by John. These EMR and Healthcare IT related articles have been viewed over 20 million times.

John manages Healthcare IT Central, the leading career Health IT job board. He also organizes the first of its kind conference and community focused on healthcare marketing, Healthcare and IT Marketing Conference, and a healthcare IT conference,, focused on practical healthcare IT innovation. John is an advisor to multiple healthcare IT companies. John is highly involved in social media, and in addition to his blogs can be found on Twitter: @techguy.