2020 was a year of rapid growth for telehealth. Desire for the technology happened so fast, many healthcare organizations jumped on board with various video conferencing and messaging apps without really thinking about the consequences. And that left vulnerabilities.
According to HIMSS’ 2021 State of Cybersecurity Report: The COVID-19 Evolution, 19 percent of respondents said a hack or breach of a virtual meeting or telehealth appointment definitely or likely took place. And 70 percent stated telehealth increases security risks, a service that is now the second most commonly used technology within healthcare.
While the world scrambled, healthcare implemented new platforms as fast as it could. Now that we’re settling into our new reality, consumers are again pushing for higher privacy when securing their PHI. It’s something healthcare organizations will have to focus on heavily in the coming months and years.
Identify your telehealth platforms
What platforms did you start to use? How many different services are you using to reach out and provide care to your patients? If you were still struggling with a strong telehealth plan before 2020, chances are now you may have one or more platforms that are putting you at risk.
Before you select providers to help you create a security telehealth practice, it’s essential to have a clear definition of what that is. Now is the time to get clear on your goals, and define a plan that helps establish strong regulatory protocols. Don’t rely on platforms that say they offer protection; understand what you need and ensure they meet your goals and needs. If you use two or more systems together, do they mesh and ensure data stays safe as it transfers between them?
Evaluate the platforms
Once you have identified the platforms you’re currently using in your practice, evaluate them and perform a security assessment. Ask questions like:
- Are they HIPAA compliant?
- If they offer healthcare-specific platforms, am I using them correctly?
- Do they have certifications, such as HITRUST?
- What are their policies and procedures for hacks and breaches?
- Have they performed risk assessments?
- Are they fully trained in handling PHI?
- What is their incident response plan?
Don’t forget that to be fully HIPAA compliant, you should have a business associate agreement (BAA) with each platform outlining their responsibilities.
This applies to platforms you currently use, as well as those you may be considering.
Create a secure environment
Once you believe you have chosen secure platforms, it’s time to ensure you set them up accordingly within your own practice. The Cybersecurity and Infrastructure Security Agency has created Guidance For Securing Video Conferencing guidelines that, while not specific to healthcare, still offer a valid roadmap for securing any organization relying on video conferencing. Specifically, they state you should have:
Secure connections - ensure your wifi networks and delivery tools are safe and secure. This means from any connectivity point, whether your providers are in the office, at home, or at a patient’s location.
Control settings - be able to set up security and privacy settings to match your needs. Pay particular attention to how patients gain access, and how much control you have over the process. You should also have full control over tools like screen sharing and recording devices, ensuring you are providing only related information during each call.
Update regularly - how often are you notified you have app or systems updates on the technology you use? How often do you ignore them? With your telehealth platforms, it’s a necessity that you update as soon as new systems and patches become available. This is what keeps the technology safe and secure.
Train staff - your systems are only as good as how well your team is trained. If they bypass technology and use things in unattended ways, they open you up to security risks. While it may seem redundant at times, regular training is the easiest way to thwart criminal activity.
How secure are your telehealth platforms?
For IT Strategy, Cloud Conversion, or Help Desk Services reach out to us at Silver Linings Technology 360-450-4759.