Healthcare, Privacy and Your Connected Devices

Healthcare, Privacy and Your Connected Devices

This week of Cybersecurity Awareness Month will cover the steps you can take to secure your information and privacy in telehealth, owning your part and #BeCyberSmart. Your online and offline, work, school and home life may have merged together this year and this is a very good time to start boosting your online security. This year has brought on a lot of  changes, but as you manage your online activities at home, school and work something else to think about is telehealth. You may also be consulting your doctor by video chat or “telehealth.” Living securely in a connected world means that if we connect it, we do have to protect it.

What is telehealth?

Telemedicine or telehealth is the practice of delivering health-related services and information to patients remotely. In lieu of waiting for face-to-face appointments, patients can now communicate virtually with doctors and other medical professionals to receive instant medical advice and diagnosis.

The healthcare industry is increasingly relying on connected devices and internet file storage to keep track of essential health information and transfer that information between various care facilities and providers. Ultimately, the added benefits and convenience of telehealth resources such as electronic health records, interconnected medical devices, and wellness apps, make it easier than ever to manage your private health information online. However, using telehealth services may potentially increase risk to your healthcare data. Fortunately, there are many steps you can take, as well as tools/resources that help you protect your health information across the internet.

Steps you can take to avoid privacy and security issues with telemedicine/telehealth

  • Ask your doctor whether the provider saves the video of telemedicine sessions with patients. If no video is stored, there is no chance of someone other than the patient or provider viewing the visit. If video is stored ask how this data is stored and how long it will be kept.
  • Don't overshare. Don’t send private information about your health or anything else via email or text. Save your sharing for the actual telemedicine appointment.
  • Do a tech checkup. Find out if the video chat technology being used for the appointment uses end-to-end encryption, which mixes up the data while it’s being transmitted and greatly increases your privacy and security.
  • Use a VPN. Virtual private networks (VPN) create an encrypted tunnel between your computer and the website or service you are connecting to. This greatly enhances your security, and protects your connection across the internet.
  • Ask your doctor if the visit is secured and private.
  • Secure your mobile device with passwords or biometric identifiers
  • Be aware of your surroundings. You can do a telehealth visit from almost anywhere, but make sure you are in a place with sufficient privacy, so no one can hear your conversation.
  • Follow the provider’s instructions. Take the security steps that are suggested by your telemedicine application or doctor.

Laws in place that protect your medical information:

Your healthcare provider has much of the responsibility for ensuring that your privacy is protected during a telehealth encounter.

Some of the laws that protect your private medical information include HIPAA (Health Insurance Portability and Accountability Act of 1996) as well as the HIPAA Security Rule (SR).

  • HIPAA (Health Insurance Portability and Accountability Act of 1996
    • This provides data privacy and security provisions for safeguarding medical information. It is designed to reduce healthcare fraud and abuse by setting industry-wide standards for health care information on electronic billing and other processes. It also requires the protection and secure handling of specific patient health information.
  • HIPAA Privacy Rule
    • This rule establishes national standards to protect individuals' medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. IT deals with Protected Health Information  (PHI) in general.
  • HIPAA Security Rule
    • This rule deals with electronic Protected Health Information (ePHI), which is essentially a subset of what the HIPAA Privacy Rule encompasses.
    • The HIPAA guidelines on telemedicine are contained within the HIPAA Security Rule and stipulate:
      • Only authorized users should have access to ePHI.
      • A system of secure communication should be implemented to protect the integrity of ePHI. Insecure channels of communication include, Skype, email and SMS: According to  HIPAA, none of these are acceptable for communicating ePHI at distance.
      • A system of monitoring communications containing ePHI should be implemented to prevent accidental or malicious breaches.

#Do Your Part, #BeCyberSmart. Remember to:

  • Use a strong unique password for your telehealth platforms, and do not use that password for any other account.
  • Always use Multi-factor Authentication (MFA)  if available.
  • Secure your connection with a VPN, and make sure it is enabled during telehealth sessions.
  • Keep your telehealth platform/app updated
  • So set a time to review your devices, get up to date, and make sure you have protection for everything you connect now and in the future.
  • Restrict app permissions to ONLY what is necessary for the app to function. You can find more information about this in the material posted during NCSAM Week 1.
  • Only download apps from trusted online stores such as the Apple App Store, the Google Play Store or the Amazon App Store.
  • Understand how the app is using your data. Check out how the data you share will be used (including storage and destruction) and only disclose relevant information that is essential.