Cybersecurity in telehealth: Do the risks outweigh the benefits?

Telehealth has made healthcare more accessible, and hospitals are seeing more virtual patients than ever before due in part to the COVID-19 pandemic. For example, the Oregon Health and Science University saw an increase from 1,100 virtual patients in February 2020 to 13,000 virtual patients in March. 

In many cases, telehealth is just as effective as an in-person visit to the doctor. It saves time and is often less stressful. However, some patients are concerned about increased cybersecurity threats. Read on to find out about telehealth cybersecurity and how advanced technology helps mitigate the risks for patients booking telehealth appointments.

The current state of cybersecurity in telehealth

Patient information is protected by the Health Insurance Portability and Accountability Act (HIPAA) law requirements. HIPAA requirements ensure that covered patient data is kept private unless the patient gives specific permission to release the information. 

Hospitals, insurance companies, and other healthcare entities are required to protect patient information, whether the information is online or in-person. If communicating virtually, healthcare providers must use message authentication and digital signatures to ensure that all information is kept safe.

Additionally, healthcare providers must make their policies and procedures available to the government to demonstrate compliance with HIPAA requirements. HIPAA protects:

  • The patient's past, present, and future health conditions; 

  • The treatment and care of the individual; 

  • The past, present, or future treatments of the individual.

Although HIPAA laws aim to protect patients, telehealth is still vulnerable to cybersecurity issues if hospitals and other providers don't use up-to-date, HIPAA-ready tech. Patients can likewise benefit from this technology.

To help healthcare providers transition faster to telehealth methods during the COVID-19 healthcare crisis, many HIPAA laws were relaxed, allowing providers to conduct visits on unsecured personal lines. Unfortunately and understandably, the emergency created a situation in which many people weren’t prepared to defend themselves against data theft.  

In 2020, there were over 41 million patient records breached. Hackers targeted health records because the information is easy to sell, especially if the target is a high-profile patient. Health records also contain pictures, medical records, addresses, and financial data. 

However, the rise of hacked healthcare data has also led to an increase in data protection. As telemedicine expands, patients will be able to connect with their doctors through their smartphones without worrying about security issues.

The future of telehealth rests heavily on the medical industry’s ability to protect patients through the use of tools such as BlueJeans Telehealth, a video conferencing platform that offers a host of security features, including 256-bit encryption, firewalls, and vulnerability assessment. A specialized tool like BlueJeans helps alleviate telehealth cybersecurity risks that users might otherwise encounter.

What risks do you assume when you use telehealth? 

If you and your healthcare provider both take necessary precautions, you’ll assume very little risk as you show up for telehealth appointments. To meet with a doctor virtually, you will need: 

  • Internet access; 

  • Video through a smartphone, tablet, or web camera; 

  • A microphone and speaker;

  • Access to a video conferencing app. 

Additionally, you will need your government ID to verify your identity. The doctor may ask you to wait in a virtual wait room to secure your visit. They may also ask you to use a specific app or send special links with instructions on how to connect with the system.

Patients should follow the doctor’s directions to prevent accidental data leaks and protect their personal information. 

When meeting with a doctor over a virtual meeting app, the patient must accept that there could be risks if their doctor is not using an app with security protocols designed to enforce the HIPAA Security Rule. Telemedicine cybersecurity concerns may include: 

  • A videoconferencing app may be designed for personal, non-medical use; 

  • Doctors may be using personal devices and accidentally save your protected health information (PHI) on these devices; 

  • Telemedicine and identity theft could be related in some instances;

  • At-home networks may not be secure.  

Both patients and doctors can decrease and even eliminate the risk of data leaks by improving their network security as well as connecting on a secure app designed for telehealth meetings. 

Risks vs. benefits

The benefits of telehealth services outweigh the risks. Providers as well as tech companies that administer networks and build customized telemedicine platforms are working hard to ensure patients' PHI is safe.

Telehealth concerns may arise in scenarios when: 

  • There are privacy issues if the patient is conferencing with their provider on an unsecured network or platform; 

  • There is increased cyber liability for healthcare providers who have not yet been able to adopt up-to-date telemedicine solutions. 

The benefits of using telehealth services include: 

  • Increased access to healthcare for many patients;

  • Availability of highly secure tech such as HIPAA-compliant videoconferencing on a password-protected 5G network; 

  • Telehealth makes it easier for those with chronic issues to get regular help; 

  • Reduced infection risk for post-op and immunosuppressed patients. 

Patients should also know when to schedule a telehealth meeting and when to visit an in-person doctor. For example, a patient with a broken bone or chronic pain will get better treatment when visiting in person.

Those who need advice, comfort, or a follow-up appointment with their doctor should consider telehealth options. However, those with more serious issues who are not immunosuppressed should consider visiting the doctor's office for a full checkup.

How to decrease your cybersecurity risks while using telehealth

Patients can increase their cybersecurity protection by following these three safeguards for telehealth: 

Understand your rights and protections

If you suspect that your healthcare provider isn’t protecting your information or following HIPAA laws, you can report the hospital or entity by filing a complaint with the Office for Civil Rights (OCR). OCR will investigate the hospital and ensure that they are following HIPAA requirements. 

If the OCR finds that the hospital, business, or entity violated HIPAA Rules, the entity must immediately: 

  • Comply with HIPAA rules; 

  • Take corrective action; 

  • Agree to a settlement with those affected. 

HIPAA laws protect patients and their private data. Healthcare professionals are unable to discuss patients by name without permission from the patient. As a patient, you need to be keenly aware of your privacy rights.

Enable security measures on your devices

Your device might be the reason why your information is unsafe. You should install security measures on your devices to ensure your privacy while in a telehealth appointment.  

Patients using telehealth should consider installing biometric authentication. This type of security uses fingerprints, voice recognition, iris scanning, and face recognition to unlock smart devices. Biometrics scanners help protect smart devices because a hacker is unable to use your face or fingerprint. 

Another option for telemedicine security is two-factor authentication. Two-factor authentication protects your data and information by requiring a second form of verification. For example, after logging in with your correct password, the device will send a second code to your email or phone. Without the correct email and phone number, hackers can't access the data.

Work with a trusted internet provider

You can ensure that your internet is safe by using a trusted internet provider. Using a trusted internet provider to conduct your healthcare-related meetings is one of the best telemedicine security safeguards. 

Verizon's Healthcare Enabled Services, including Verizon Cloud and Data Center Service, enable end-to-end, HIPAA-compliant protection for telehealth. Moreover, if your provider is using BlueJeans Telehealth videoconferencing to meet with you, you can be assured that your protected health information is completely safe.

Este contenido se comparte solo con fines informativos. Toda la información que se incluye en esta página está sujeta a cambio sin aviso. Verizon is not responsible for any direct or indirect damages, arising from or related to use of or reliance on the above content.