DATA PRIVACY AND SECURITY IN TELEHEALTH

To realize telehealth’s full potential, patients and providers must trust telehealth systems to keep personal information private and secure.

TIPS FOR HEALTHCARE PROVIDERS

Data privacy protection: HIPAA

Privacy risks involve a lack of controls or limits on the collection, use, and disclosure of sensitive personal information. HIPAA privacy regulations provide protections for identifiable health information. HIPAA’s privacy regulations establish limits on the use and disclosure of identifiable health information, and technical, physical, and administrative safeguards to be adopted to protect electronic identifiable health information. Meaning, the data may be equally sensitive, but information or analytics derived from sources not subject to HIPAA is not legally protected by HIPAA safeguards.

There are some options for doctors who want to provide a HIPAA compliant telehealth service for patients, but these tend to be both complicated and expensive. The cost of using the service ($30-$50 per user per month) may deter some patients from wishing to use a HIPAA compliant telehealth service. Although cheaper options exist, they generally tend to be of insufficient quality for doctors to accurately diagnose patients.

Example 1: consider a doctor who uses a company such as Facebook’s online video and chat platform to consult with patients. Notably, care may be delivered by a professional that is ordinarily subject to HIPAA, but the health information provided through Facebook may be regulated under Facebook’s privacy policy, and therefore subject to relaxed standards.

Example 2: sensors that are located in a patient’s home or that interface with the patient’s body to detect safety issues or medical emergencies may inadvertently collect sensitive information about household activities. For instance, home sensors intended to detect falls may also transmit information such as interactions with a spouse or religious activity, or indicate when no one is home.

Example 3: in 2011 the popular fitness device Fitbit inadvertently exposed users’ self-reported sexual activity, failing to acknowledge that some forms of physical exertion may be sensitive information.

Data security control: encryption

All communications including images, videos and documents – are encrypted to make them unreadable and unusable communication over a public Wi-Fi service, or private network – either accidentally or maliciously. All activity on the network is monitored by a cloud-based platform to ensure secure messages policies are adhered to.

TIPS FOR PATIENTS

Be aware of updated privacy and security practices from your healthcare providers

Contact your healthcare provider with any questions or concerns you have about the privacy and security of the information shared during your telehealth session.

Always ask your healthcare provider if your telehealth session is protected and secured

Unauthorized parties should not be able to listen in on the communication. Communication between you and your healthcare provider should be encrypted.

Pick a private location for your telehealth appointment

Hold your telehealth session in a location away from others, such as a room with a door, so that you can control who hears your conversation.

Be aware of scams

Know how and when you will be contacted for your telehealth visit or any follow-up information. If you receive a suspicious call or email about your telehealth visit, contact your healthcare provider. Better safe than sorry.

Be aware of what’s behind you

Be aware of what will be displayed in the background during a video call and remove any identifying information you do not want to share.

Keep your computer or mobile device patched and updated

Most provide an option to check and install updates automatically. Enabling that option can be a good idea if you don’t want to check for updates periodically.

Avoid using public Wi-Fi Networks for your telehealth appointment

Use private Wi-Fi networks whenever possible when exchanging any kind of sensitive information with your healthcare provider.

Turn off nearby devices that may capture your conversation

Remove or turn off nearby items such as home security cameras, voice assistants, or other devices you are not using to contact your healthcare provider to make sure they do not capture potentially sensitive information.