Telehealth services are on the rise — and with them, concerns over patient privacy.
There is no doubt that telemedicine has played an invaluable role in keeping Americans safe and healthy over the last year. Virtual health platforms gave anxious patients when they might have added pressure to already-overloaded hospital facilities or avoided care altogether. The support these services offered proved to be so instrumental to the public health response that regulators began relaxing digital care restrictions within the first month of the pandemic.
Telehealth has earned its place in mainstream healthcare. However, its emergence does pose a few key considerations when it comes to patient privacy and trust.
“We know from weekly incidents in the media and studies of the industry that privacy and security are lagging in the healthcare sector,” Roy Wyman, a lawyer with Nelson Mullins Riley & Scarborough, wrote for Lexology. “While patients are ready to embrace telehealth, providers most prioritize privacy and security when rolling out phone or other virtual services. If they don’t, they run the risk of potential breaches of sensitive and often legally protected patient information.”
Wyman’s point was made clear as early as 2014, when researchers Joseph L. Hall and Deven McGraw published an article in Health Affairs noting the potential for security gaps and trust erosion among patients. The pair make the point that sensors located in a patient’s home could “inadvertently transmit sensitive information about household activities.” Alternatively, they write, routine data transmissions from common medical apps or devices could be shared with third-party advertisers.
“Without adequate security and privacy protections for underlying telehealth data and systems, providers and patients will lack trust in the use of telehealth solutions,” Hall and Deven conclude. Their predictions appear to hold true today. One recent survey conducted by CynergisTek reported that a full 48 percent of respondents said they would be “unlikely to use telehealth if their personal health data was compromised.”
These fears are well-established — and before the pandemic made telehealth a necessity, they underpinned the stringent restrictions around digitally-facilitated healthcare. In 2018, only 13 states allowed the home to serve as an originating site for telehealth, and the vast majority did not reimburse home-based telehealth services. Providers were also limited in their outreach methods. All but one state reimburse for live video, only 20 state Medicaid programs reimburse for remote patient monitoring, and eleven reimburse for store-and-forward.
The Covid-19 crisis forced regulators to relax these restrictions temporarily. However, the privacy fears that prompted them still persist — and will need to be continually reckoned with as telehealth becomes a more prevalent method of healthcare delivery.
Consider the opportunities and challenges posed by cloud-based telehealth environments as an example. At first glance, the cloud offers an ideal solution to healthcare providers’ privacy concerns. Delivered through third-party vendors, these platforms provide scalable computing services and take responsibility for securely storing scoring user data in offsite infrastructure.
“The cloud is more secure than your data center, because these cloud providers offer security for millions of consumers, so they’re better at it than a hospital CIO can be,” cloud expert Gerry Miller told Health Tech Magazine.
However, Miller also points out that blindly relying on cloud-based environments to secure data would be a mistake, as organizers are responsible for building firewalls, securing local operating systems, and assigning access and privileges. To borrow another quote from Miller: “There’s no magic HIPAA dust that’s sprinkled over the cloud to ensure you’re safe.”
The uptick of telehealth will naturally lead to the collection of more — and more sensitive — patient data. Organizations need to know where protected data flows in their internal systems and ensure that it remains secure before and during its transmission to the cloud. Organizations should continually perform penetration testing, conduct security assessments, and collaborate with their cloud providers’ security team to confirm data safety.
Amid the telehealth boom, it has become more crucial than ever that patients know their information is protected. If care organizations can provide that reassurance, they will smooth the way towards the convenient, safe, and digitally-supported future of healthcare.