New telemedicine programs may be popping up faster than superhero movies, but the challenges that come with them are entirely too familiar.
The adoption of telemedicine services in inpatient settings has skyrocketed 31 percent since 2014, leaving many providers playing catchup and facing pressure to expand telemedicine programs. Meanwhile, growing cybersecurity issues, shifting regulations, and persistent misunderstandings around how telehealth works continue to challenge the industry.
Still, telehealth and telemedicine offer unmatched answers to many access and cost challenges. To take advantage of the latest developments, healthcare organizations are looking to their healthcare IT leaders to support the convenience and flexibility of telemedicine options and balance them with privacy and security considerations to keep their organizations and patients safe.
Telemedicine Security Challenges Press On
Telehealth and telemedicine have been credited with improving the patient experience, extending the reach of healthcare services to rural and urban areas, and connecting patients with providers around the globe—but these expansions can cut both ways.
A broader network means more opportunities for modern mal actors to gain access to sensitive networks, PHI, and financial information due to the rich array of devices and endpoints that successful telehealth initiatives require. For all the good it does, telemedicine does make security harder.
What would be a simple exchange of healthcare information in a traditional setting now involves videos, files, and real-time voice communications—all of which may be transferred electronically between a provider’s location, contractors at a call center, and even caregivers in remote locations. HIPAA has an opinion.
The HIPAA Security Rule tasks providers with implementing technical safeguards that protect against unauthorized access to their electronic networks. In a telemedicine dynamic, that network is a lot more complex—and patients may not be concerned about that fact until it affects them personally.
Encryption is understood and accepted by employees of provider organizations, but the same patients who care about the safety of their PHI tend to prefer unsecured options like text, email, and video that generally aren’t encrypted. Even between providers, telemedicine partners may opt to share endpoints like printers to ease communication and collaborate on patient care, which may introduce security gaps.
But while some patients might be willing to sacrifice some privacy for increased convenience, that doesn’t leave providers off the hook.
Keeping up with Telemedicine Best Practices
Telemedicine regulations are a bit of a mess. State laws, regulations, and safety requirements vary widely by state, and while maps like this can be helpful, aligning IT practices with other telehealth concerns is tricky. In 2017, multiple states that previously had very little regulation began adopting comprehensive regulatory schemes. At the same time, Texas was loosening its regulatory grip to help increase competition.
Even if the dust hasn’t settled in your state, you can still launch and upgrade your telemedicine services with a few best practices in mind.
Communicate with your implementation teams and committees
Telehealth and telemedicine programs are new, shiny, and exciting, but the increased risk to security and patient safety information could be overlooked by leadership. It will likely be the job of healthcare IT professionals to create awareness so their organizations remain aware of the risks that come with expansion.
Talk to your partners
Launching telemedicine services requires coordination with local organizations and other healthcare entities. Acknowledge that everyone is protective and wants the best for their patients, but be ready to have in-depth conversations with your business associates and partner organizations around regulatory compliance, encryption practices, storage policies, and overall security posturing.
Keep up with regulations
State regulations and regulatory guidance are different in every state, so be aware that contracts that work in one state might not fly in another. HIPAA is just the start, and many states have their own privacy requirements, so cross-checking will be critical.
Whenever possible, consider making in-person visits to partner organizations to get a clear picture of developments around devices, wireless capabilities, and network security.
Both patients and providers are understandably excited about telemedicine—who wouldn’t jump at the opportunity to skip sitting in a waiting room? The telehealth movement has amazing potential, and the last thing it needs is a bad reputation from a disaster caused by loose standards or an unsecured printer. You’re the first line of defense against bad PR for tomorrow’s telemedicine services, so make sure your network and security practices are ready.