Is Telehealth a Security Risk or Simply a Useful Tool?

IT Security healthcare

Is telehealth a security risk? Easy answer: yes, it is a risk… just as much as any other web accessed private data is. However, that doesn’t mean we shouldn’t take advantage of what telehealth or telemedicine offers us, especially so in this COVID pandemic we are facing.

The Security Risks of Telehealth

First, let’s discuss how telehealth is a security risk. Any time you are putting your personally identifiable information (PII) or personal health information (PHI) into a system, whether public or private, you are risking that information being stolen or corrupted. However, this doesn’t mean we should avoid these tools or become super paranoid about using them.

As long as we are following the security protocols and doing what we can to keep our data safe, we can and should interact with health professionals via the web and telephone as needed. According to hitconsultant.net, “Providers have been eager to adapt to this care delivery method, but many platforms do not meet HIPAA requirements and lack adequate data safeguards. The same connectivity that makes telehealth possible also creates threats to patients. Protecting patient health information (PHI) and providing remote services doesn’t fit together easily. Any data transferred over the internet runs the risk of interception by threat actors, and healthcare has long been a preferred target for cybercriminals. In 2019, healthcare data breaches cost the industry over $4 billion.”

Guidelines to Follow With Telehealth

Here are some general guidelines to follow as you use or think about using any telehealth type of tool.

Ensure HIPAA Compliance

In 1996, the U.S. Department of Health and Human Services (HHS) developed regulations that were put in place to protect the privacy and security of personal health information. This became known as the Health Insurance Portability and Accountability Act or HIPAA. Every telehealth provider is required to be in compliance with HIPAA guidelines. Health providers utilize tools that are HIPAA compliant to connect with their patients; however, the patients’ devices aren’t held to the same standards. What’s important is that you ensure the tool your provider is using is HIPAA compliant. Then do your part to ensure you are on a secure network, and not an open wifi network or home network with weak protection.

Secure Authentication

Utilizing secure authentication on your personal device as well as secure login credentials on your telehealth tool is very important. Everyone, and I mean everyone, that has a smart phone or Internet device, should have multi-factor authentication configured. Two-factor authentication is becoming more prevalent: that is presenting something you are (a fingerprint) and something you know (a password or pin) in order to authenticate. Most smartphones now have biometric fingerprint readers, and that makes it more secure. If the telehealth tool doesn’t present you with two-factor authentication, don’t use it. Better safe than sorry.

User Education is Key

Do you first connect to a VPN before logging into your telehealth website? If not, that could increase the probability of your data being stolen. Do most users even know what a VPN is? Most likely not, and that’s okay – this is in no way meant to be a judgement on tech knowledge. Telehealth companies have a responsibility to educate their users on how to effectively secure their devices and how their HIPAA compliant tools protect their data. On top of VPN usage, another key practice is to only allow apps access to what is absolutely necessary for the usage of that app. When you download an app or install it, and it asks you for access to your microphone, location and camera… stop and think about whether or not that app really needs access to those resources. User education can go a long way in keeping telehealth interactions secure and private.

Telehealth isn’t Going Anywhere

Thanks to the COVID pandemic and the need to stay physically distant from others, the need for telehealth is not going anywhere anytime soon. In fact, I would posture that the usage of telehealth is only going to grow and continue to be used long after the pandemic blows over. Balancing security and usability can be tough for organizations that offer these tools, but with HIPAA compliance in place and keen user security awareness, we can protect our data and ensure our privacy when using telehealth.

Related News

Greg Stuart is the owner and editor of vDestination.com. He's been a VMware vExpert every year since 2011. Greg enjoys spending time with his wife and 3 kids. He has 20 years of IT experience and currently works as an IT Consultant both in the private and public sector. Greg holds a BS in Information Technology and an MBA degree. He currently resides in Southeast Idaho. You can follow him on Twitter @vDestination, read his blog (vDestination.com) and listen to his podcast (vDestination.com/feed/podcast).