When the average American thinks of March, the first thing that pops into their mind is the beginning of spring. Unfortunately, in March 2020, life as we know it has changed completely due to COVID 19. While only essential employees are allowed to continue work as usual (with additional regulations), anyone and everyone who is able to work remotely has transitioned from the office to home in order to keep things on an even keel. This new remote lifestyle has changed the way we live, work, interact with people, and how we approach doctor appointments as well. The healthcare sector quickly implemented changes to provide a more remote experience to comply with social distancing regulations.
In order to decrease the amount of face-to-face doctor appointments, on March 17th the Department of Health and Human Services (HHS) announced they “will not impose penalties for noncompliance with the regulatory requirements under the HIPAA Rules against covered health care providers in connection with the good faith provision of telehealth during the COVID-19 nationwide public health emergency.” This popular move has allowed different healthcare providers to implement some of the most popular communication applications such as Zoom, Skype, WebEx, GoToMeeting, and others. Is this move to provide a remote option for patients the right decision for the current situation?
With the increasing rise of social distancing limitations and regulations, telehealth services are seeing an overflow of patients requesting a remote doctor appointment instead of face-to-face. As hospitals and governments are urging patients to avoid visiting emergency rooms, many are turning to the online option of telehealth. The online option allows patients to consult with their doctors and specialists over the phone, video or chat as a feasible option. Telehealth video visits can be a successful tool for remotely monitoring and treating patients with mild symptoms who are staying home. Telehealth providers are easily able to monitor a patient’s symptoms and quickly decide whether they should stay home, go to the hospital, or meet their general practitioner.
While telehealth has many benefits for patients, it comes with its challenges for healthcare providers – especially the traditional healthcare companies that did not have a telehealth program in place. Similar to scaling an entire company remotely, implementing telehealth programs takes time to establish the necessary technology, recruit doctors, train doctors about the best virtual practices and teach the patient how to use the platform. Healthcare providers that have not implemented a telehealth program yet should educate their patients with internal resources to learn more about moving to digital doctor appointments. In order to allow patients to take part in telehealth visits instead of in-person, providers should frequently provide medical best practices through their website, blog and social media to keep their patients engaged and informed.
Due to surging increase of patients who are turning to telehealth services it comes with many privacy risks. Instead of doctors having previous knowledge of the patient’s medical history, the patients will need to explain more in-depth to their new doctors due to the lack of medical records on hand. The lack of updated records on patients creates a massive privacy issue between the doctors and the telehealth platforms which they are using. Due to the history of healthcare’s super sensitive regulations for sharing records and the restriction of sharing patients’ data, this presents a problem for telehealth platforms. By sharing sensitive data over a communication app it creates an opportunity for hackers to be a fly on the wall of these more vulnerable conversations between doctor and patient, since communication apps may sometimes be easily breached and represent a trove of valuable patient information. Additionally, hospitals and healthcare providers need to double down on IT and cybersecurity to fight off potential privacy risks. This is where HIPAA comes into play.
Over the years, healthcare has been an attractive target for hackers trying to breach patients’ sensitive records. While medical data and records are some of the most delicate pieces of information out there, the healthcare industry has the right compliance regulations in place. HIPAA and other regulations have been around for years but since the HHS weakened the previous compliance regulations, telehealth is now a more attractive target for hackers. Now that the government has become more lenient with telehealth regulation rules, enforcing HIPAA with telehealth communication is the right move to provide better privacy for patients. The Health Insurance Portability and Accountability Act (HIPAA) requires medical providers to adopt data security in order to protect their patients’ information from disclosure. The HIPAA regulation requirement of encryption initially sounds a bit confusing, however, it’s much more simple than suggested. The HIPAA encryption requirements for transmission security state that covered entities should “implement a mechanism to encrypt PHI whenever deemed appropriate.” In other words, majority healthcare organizations are required to be HIPAA compliant and each provider needs to have some level of security for PHI. Healthcare providers are required to encrypt their data unless they can justify why they can’t implement encryption and can provide an equal alternative.
Tasked with choosing the best way to store, access and back up electronically protected health information, many healthcare technology companies and providers are looking at cloud computing. Adopting cloud-based Network as a Service technology is a great choice in comparison to traditional hardware-based solutions, as it offers scalability, affordability and increased compatibility with cloud storage environments. But remember, the security service you choose must be SOC 2 type 2 compliant and ISO 27001-compliant and have signed multiple HIPAA BAAs. With these checks in place, a Network as a Service solution like Perimeter 81 for healthcare can offer a highly effective solution for any organization’s HIPAA compliance needs.
As we are experiencing a global social distancing, telehealth is quickly evolving, as is the way that it presents a remote option for healthcare services. However, potential privacy and security risks could decrease its value moving forward. Soon, we should begin seeing more government bodies authorize and create federal telehealth privacy and security protocols which will help healthcare providers avoid risks to their patients and better show the numerous benefits telehealth has to offer. With the help of the government and best privacy and security in place telehealth will have that added security to fight off hackers, and be able to shrug off questions about its security.