Prior to COVID-19, telemedicine usage had record levels, with about 76% of hospitals in the US either fully or partially implementing telehealth security services.
Over the last few months, however, telehealth has quickly become an invaluable care delivery channel reduce strain on healthcare systems and providing care to patients of all types.
Telehealth offers so many benefits to providers and patients alike. However, this rush into existence must be balanced with protecting patient health information (PHI). Hospitals are frequent targets for cybercriminals. Through shifting focus to remote services while also integrating new products that may not have been properly vetted, providers may be putting PHI and patients themselves in danger.
Here are the five pillars that all providers utilizing telehealth must embrace to ensure both the current safety of patients and the long-term viability of this revolutionary care modality.
1. Encryption
If there is one word that should always be on providers' minds, it’s encryption. Encryption is the process of converting data into indecipherable code. To access the data, one must have the key (usually a password).
With strong encryption, it’s nearly impossible for even the most skilled threat actors to get a hold of PHI.
You want encryption everywhere you can have it, but the first place to implement it is your internet connection by using a VPN. VPNs or virtual private networks encrypt your network connection and anonymize your IP address to make it difficult to track activity back to specific devices.
VPNs provide an excellent base layer of coverage that you can deploy across all internet usage, including accessing protected health information.
You can add encryption in additional places as well as file encryption software you can use to block unauthorized access to confidential data and password managers, which create secure digital vaults where you can safely access account credentials.
2. Device
This doesn’t refer to disinfecting your smartphone and tablet with a UV light—though that’s never a bad idea. Device management is enhancing the security of devices like smartphones, laptops, tablets, health monitoring devices, wearables, and other IoT products.
Each products will have varying levels of built-in security, but these steps always apply:
- If available, enable authentication like PIN codes, passwords, and biometrics to unlock devices and access stored data
- Require authentication when devices are close or inactive for 2 minutes or less
- Never leave devices unattended especially those that do not have password protection
- Enable theft/loss prevention apps like “Find My Device” on Windows or “Find My” for Apple products and other third-party tools.
3. Focus On Data Integrity And Data Confidentiality
So much of telehealth involves sensitive PHI traveling over the internet. Cybersecurity begins with data integrity and confidentiality policies that ensure data is secure both at rest and in transit. Further, only people who are authorized to view or modify data should have the privilege to be able to do so.
Nowhere is this more important than remote patient monitoring, which gives providers a direct look into patients' homes.
You have data flowing between three environments—homes, the platform, and the healthcare provider. You need to make sure data is safe every step of the way, even when it’s not being used or modified.
4. Recognize What Types Of Devices Are Vulnerable
Just as in every other aspect of healthcare in the physical world, there are risks in delivery care via telehealth. But some devices have more risks than others, and this is especially true when it comes to IoT products.
This is actually a problem in the IoT industry as a whole. Products like smart lights and fridges and medical counterparts like pacemakers, monitoring devices, and glucose monitors do not have the same security defenses you find in smartphones or computers.
All it takes is one vulnerability to put patients at risk. You need to vet the vendors you work with to verify they adhere to the latest security protocols. Meanwhile, as you develop telehealth services, you must find ways to leverage and extend your existing framework's strength to compensate for these device shortcomings.
5. Educate Your Patients And Staff
Just as you educate your patients on how to care for themselves and manage their health conditions, so too must you help them understand the cybersecurity challenges telehealth faces. Even as device manufacturers work to create more secure products, hackers will always find new ways to target healthcare systems. This happens everywhere in the digital world.
However, educating your patient and staff will go a long way to not only immensely reduce the risk of cyber-attack, but also minimize the damage one can do.
Go through this checklist with everybody involved in your telehealth platform:
- Protect your internet connection with a VPN
- Lock all your devices with passcodes and enable loss/theft prevention apps
- Never leave telehealth devices unattended
- Regulate who has access to you home and your personal internet network
- Protect your internet connection with a VPN
- Secure all your online accounts with unique, complex and length passwords
- Learn to recognize suspicious emails and social engineering scams
- Encrypt and backup data often
- Ensure all devices, apps, and operating systems are always up to date
There has never been anything as comprehensively and holistically groundbreaking in the history of medicine as telehealth. Ensure the safety of your telehealth services and begin integrating these cybersecurity pillars now.
