Considering Telehealth Security


More than half of U.S. hospitals now use some form of telehealth.1

Providers are recognizing how telehealth can help expand their reach to patients with potential healthcare access challenges or to those who want the convenience and cost benefit of accessing care from their home computer.

Providers are also realizing how telehealth can help them cost-effectively manage populations of patients. For example, care managers or other providers can perform numerous “virtual” in-home patient visits in a day much more efficiently than conducting these appointments in person. For these reasons and others, reimbursement for telehealth is being addressed and expanded by federal and state government as well as commercial payers.2

What providers may not recognize, although health information professionals are likely aware of, is that protected health information (PHI) disclosed during telehealth encounters requires the same high level of security as patient records. That is why when selecting telehealth technology, such as a video web conferencing platform, security is an important consideration.

Protecting data, however, does not necessarily need to sacrifice usability or video quality. Ideally, the chosen web conferencing technology would offer high-definition video and audio quality to facilitate the same level of intimacy as an in-person visit, which can help build trust and encourage patient engagement.

Risk of Data Breach

In 2015, cyberattacks were for the first time the most common cause of healthcare data breaches, according to a survey by the Ponemon Institute.3 Costs of these attacks for healthcare organizations averaged $363 per record lost or stolen, more than twice the average for all sectors.4

While providers are well aware of the threats to electronic health records (EHRs) and financial data from cybercriminals, they may not be aware of the threat to telehealth technology. For example, in 2013, a network of hackers known as GhostNet accessed 1,295 webcams in 103 countries.5 If such an incident occurred during a web-based patient encounter, and the provider’s technology was identified as the cause, then the provider could be liable for a breach.

Under HIPAA, breaches are punishable with financial penalties of as much as $50,000 per incident up to a maximum of $1.5 million a year.6 Cybercriminals, however, can gain access to PHI through unsecured video conferencing platforms by means other than a webcam. A properly secured, cloud-based video web conferencing platform can help prevent these cyberattacks.

SEE ALSO: Data Collection From Mobile Devices

Safeguarding PHI

Protecting PHI is essential, regardless of whether it is spoken or viewed during a web encounter or shared through discrete text displayed on a screen. Cloud-based video web conferencing technology appropriate for patient encounters and care-team consultations can include safeguards such as:

• Encryption of video and audio streams. Technology that offers end-to-end encryption using the industry-standard SSL/TLS protocol and that can provide proxy and firewall traversal capabilities are recommended for healthcare organizations. The proxy and firewall traversal feature can make connecting with patients more simplified by routing all encounters through a single, secure port, without additional configurations required by the healthcare organization.

• Required secure-conference connection. In traditional, hardware-based video conferencing installations configuration settings can be changed by remote employees without system monitoring, allowing sensitive information to be sent unprotected over the Internet. Required, secure-conference connection delivered over a cloud-based platform can prevent unsecured data from being disclosed.

• Robust, flexible password controls. With healthcare-suitable platforms, providers can select conference passwords, and make them required for “virtual visit” entry. If providers choose, passwords can also be required to download shared documents and meeting recordings when distributed from the cloud. In addition to password authentication and other technical measures, providers can have the ability to personally verify each attendee, which is especially helpful during care-team collaborations or group patient encounters.

• Private cloud option. This option is recommended for web conferences where PHI is disclosed because it offers an additional level of security. The private cloud would be installed behind the provider’s firewall, offering maximum protection and control for the organization. This added level of security also allows providers to “lock” the meeting, meaning even if an additional person would be able to access and enter the required password, that person would not be allowed entry to the web-video encounter without the provider being notified and granting permission.

Eliminate Distractions and Build Trust

Even with rigorous security, video web conferencing that is easy and intuitive to use helps eliminate distractions during patient care or team collaboration. Distractions can be further reduced through advances in video and audio processing that allow providers to begin a session with one click or to pre-set controls so they only need to configure them once.

Eliminating technology-based distractions and enabling clinical intimacy between provider and patient is what effective telehealth is all about. These qualities help encourage the same level of trust between the patient and provider as an in-office visit. Protecting the patient’s privacy and personal information with several levels of security during telehealth encounters can deepen that trust and encourage continued patient engagement.

Tom Toperczer is director of product management at Brother.

About The Author