There are many statistics supporting that telemedicine is on the rise. Being able to overcome distance barriers and speak to a medical professional no matter how remote the patient’s location have improved access to medical services and to save lives in emergency situations. According to the Healthcare Trends Institute, the number of telemedicine patients is expected to increase from 350,000 patients who used the services in 2013 to upwards of 7 million in 2018. Additionally, about 90% of healthcare executives surveyed report that their organizations have begun developing or already implemented a telemedicine program. And their plans are supported by potential patients: three quarters of consumers indicate they are comfortable with the idea of communicating with doctors using technology instead of seeing them in person.
Telemedicine is a product of telecommunication and information technologies. These technologies allow for the transmission of communications between patient and medical professionals, as well as the transmission of medical, imaging and personal health information (PHI) from one location to another.
But with the growth of this sub-industry comes the spotlight of Federal enforcement agencies, such as the Office for Civil Rights (OCR), to ensure that healthcare providers are protecting the security and privacy of patient information according to the Health Insurance Portability and Accountability Act (HIPAA).
Because telemedicine providers no longer need to be in the office to see a patient, many are shifting to work from home programs. A patient could be in a remote area, a pediatrician could be working from home on-call, or a nurse practitioner could start a telemedicine video chat in the office but plan on bringing his laptop home to follow up with the patient later. The ability for both patients and medical professionals to discuss patient care from literally anywhere with a quality internet connection has its benefits. However, it also introduces new challenges and security risks. According to Lexology, this increases the mishandling of PHI because many telecommuters must be able to access patient information remotely to perform their job duties.
To avoid the risks that telemedicine creates, healthcare organizations can proactively take five easy steps to secure and protect the PHI being shared in telemedicine transactions.
Endpoints such as laptops and tablets represent huge data risk for healthcare organizations. While these devices allow telehealth providers to be productive from any location, it’s vital to secure and control the data being accessed from that device. Because this is healthcare, it’s also important to ensure that all endpoint devices being used to access PHI are HIPAA compliant.
The security, policies, procedures and enforcement required to adhere to HIPAA HITECH can be extremely complex, with hefty fines being the consequence PHI breaches. Leverage solutions and vendors with independent HIPAA compliance validation and Business Associate Agreements (BAA), which can help you achieve compliance and handle audits more easily.
Technology or SaaS partners can help provide HIPAA compliant infrastructure and expertise to support a strong compliance and security posture. Leverage their administrative, physical and technical safeguards to ensure ePHI is secure within telemedicine.
Learn about Dizzion’s HIPAA compliant virtual desktops.
Telemedicine uses video conferencing and soft phone integrations in nearly every patient interaction. Look for solutions that work well with the telehealth tools being utilized – with special attention to speed and uptime on the infrastructure you are utilizing. Customizable options along with HD video and VOIP softphone integrations that deliver a seamless user experience should be paramount.
Establish policies and training to address handling PHI that is taken offsite on employee personal devices and utilize security controls to prevent the use of unauthorized functions such as printing, copying/pasting, local saving or USB drive access. Saving documents or information to the local desktops should be a particular concern because it exposes data in cases where the device is lost or stolen.
The top three causes of PHI breaches are lost or stolen computing devices, unintentional actions or mistakes by employees, and irresponsible third parties. In fact, many breaches are caused by a combination of these things. The five considerations above are steps in the right direction to prevent the loss of PHI and avoid being caught in fines or a media storm. The takeaway? The remote access element that makes telemedicine so innovative requires even more attention to compliance and security than traditional healthcare.
Telehealth is a powerful industry, promoting a new culture of remote work for the healthcare industry. Consumers want the freedom that telemedicine provides, which stimulates industry growth. But with 1 in 3 Americans impacted by a healthcare data breach in 2015, ensuring consumer trust is vital. It does seem that an ounce of prevention is worth a pound of cure after all.
Nov 08, 2018
Learn how Dizzion helped Mindseeker create a secure, HIPAA compliant, easily scalable environment for remote medical coders. READ MORE
Nov 01, 2018
Virtual desktops benefit everyone in an organization, but these three personas stand to gain the most and should be the biggest proponents. READ MORE
Oct 23, 2018
Schools hold a lot of payment care data and personal health information, but being PCI and HIPAA compliant doesn’t have to be difficult. READ MORE