By Tom Toperczer, Director Product Management, OmniJoin, Brother International Corporation’s Web Conferencing Service
Twitter: @OmniJoin
Criminal attacks are the leading cause of protected health information (PHI) breaches, according to a Ponemon Institute study sponsored by ID Experts. The data security firm reports that breaches cost the healthcare industry $6.2 billion in 2016, while HIPAA Security and Privacy rule violation penalties for providers range from $50,000 per breach incident up to $1.5 million.
Protecting patient privacy and data security can be even more of a challenge for telehealth. In these online encounters, not only is PHI exchanged, but also live video and audio of patients. A reported breach of this sort would likely result in financial consequences, but also damage to the provider’s reputation and irrevocable harm to the patient and provider relationship.
Despite the challenges, providers still find telehealth a worthwhile investment considering the many benefits for offering telehealth, such as expanding patient access to care. Fortunately for providers, the right tools and security features can help providers protect their patients during web conferencing telehealth visits. Using highly intuitive, but powerful technology fortified with security features and other safeguards can block cybercriminal attacks and prevent accidental breaches, building trust between providers and patients and delivering peace of mind to everyone involved.
Growth of healthcare cyberattacks
According to the previously mentioned study, medical identity theft is driving the increase in healthcare cyberattacks. In fact, 38 percent of healthcare organizations and 26 percent of business associates surveyed revealed they were aware of medical identity theft cases affecting patients and customers.¹
Medical records contain not just social security numbers, but also credit card, demographic, family and medical histories. Records on the internet black market or “dark web” sell in bulk for much more than credit card information alone. As Ponemon points out, though, not all data breaches are due to cyberattack. “Unintentional employee action,” was a cause of breach for 36 percent of healthcare organizations and 55 percent of business associates, which means providers and staff can almost be as much of a PHI risk as cybercriminals.²
Among the methods that physicians can protect patients and themselves when delivering care, one of the most critical is to use technology with powerful and flexible security features.
Essential web conferencing technology security features
Despite growing risks, offering telehealth services is no longer a matter of if, but rather when. According to the National Business Group on Health survey, 90 percent of employers will make telehealth services available to employees in states where it is allowed next year, a sharp increase from 70 percent this year. By 2020, virtually all large employer respondents will offer telehealth. Employee utilization still remains low, but is increasing steadily.
Protecting this rising telehealth patient volume will require safeguards. Take end-to-end encryption, for example. The industry-standard SSL/TLS protocol incorporated with the Advanced Encryption Standard (AES) 256 is advisable for telehealth care delivery. This encryption level is the same standard used across the country to protect financial and government information, as well. Encrypting electronic PHI (ePHI) is also required in the HIPAA Security Rule.
A secure connection verification can also be another importance security measure. If a secure connection cannot be established, web conferencing technology that automatically prevents the unsecured encounter from occurring is a safer option. This is an advantage over traditional, hardware-based video conferencing installations that could be accessed remotely causing an inadvertent or deliberate breach.
Passwords and user-activated safeguards also offer protection
Not all methods to protect ePHI are built into the software and hardware. Other safeguards require preventive action, but can be streamlined with the right web conferencing telehealth platform.
For example, a healthcare organization’s data governance policy typically includes requirements to change passwords after a pre-determined number of days and that passwords should include a minimum length, upper/lower case and numeric content. Secure web conferencing platforms can support password rules like these, as well as the ability to offer temporary passwords that expire after a telehealth session. This also alleviates risk when passwords are lost or accidentally revealed.
A lockout option is also effective at deterring inadvertent access to online encounters. Some web conferencing platforms allow providers to “lock” the sessions. That means even if an additional person would be able to access and enter the required password, that person would not be allowed entry to the session without the provider being notified and granting permission.
Creating an emotionally secure environment
While not a security measure, high-definition video and audio is likely to positively influence the patient experience, resulting in improved patient engagement. The patient feels confident that the provider understands her or his concerns and questions with clear video and audio. On the provider side, a clearer picture and sound can support better communication and clinical decision making.
Ensuring a positive patient experience through telehealth means more than just listening and carefully explaining treatment plans. Patients need to feel assured that their privacy and data are protected. High-definition video and audio offer comfort on the front-end, but the software’s design and security features on the back-end deliver true protection from cyberattacks and human error.
¹ Ibid.
² Ibid.