Is Telehealth Posing Cybersecurity Risks?
What is Telehealth?
As defined by the Health Resources Services Administration (HRSA, 2017), telehealth is “the use of electronic information and telecommunications technologies to support long-distance clinical health care, patient and professional health-related education, public health and health administration. Technologies include videoconferencing, the internet, store-and-forward imaging, streaming media, and terrestrial and wireless communications.”
The Security Challenges in Telehealth
With the increased adoption of telehealth in medical practice due to the COVID-19 pandemic, the use of networks, streaming media, store-and-forward technologies, and personal devices create privacy and security issues that put patient health information at risk. Reasons for the unique vulnerability of healthcare information include:
- Inconsistent or outdated use of technology
- Staffing issues
- Inconsistent access to the internet
- The hands-on nature of the medical practice
- Inadequate reimbursement for telehealth services
- Patients’ lack of skill with digital technologies
Experts predict that in 2021, healthcare cybersecurity risks will increase, especially in telemedicine. This year, at the American Telemedicine Association’s EDGE policy conference, industry leaders warned about the looming cybersecurity threat and referred to it as a patient safety issue. “We’ve been measuring the risks and the threat for telemedicine-type services for many years,” said Christopher Logan, director of healthcare industry strategy at VMWare. Logan said that the cybersecurity dangers to the industry existed before the pandemic, when “healthcare already had a cyber target on its back.”
Although patients with less digital aptitude or less secure access to technology can be a factor in cybersecurity breaches, responsible healthcare organizations acknowledge that digital security is a patient safety issue and must therefore be a shared responsibility. Technology, whether it’s used in a patient’s home or at a medical facility, is always prone to failure. This is why security measures are vital to protecting patient information.
It can be challenging for organizations to apply security measures to telemedicine since technology constantly evolves and is largely unregulated. However, cybersecurity is essential to keep patients safe and protect providers and organizations from liability. Without adequate safety measures, such as security services and risk management, cyberattacks can be disastrous. Ransomware attacks, for example, have recently led to network shutdowns, high ransom payments, locked patient records, and even patient death.
The Sixth Annual Benchmark Study on Privacy and Security of Healthcare
Although telehealth provides many advantages such as convenience, increased access, and reduced costs, increased use of telehealth raises the risk of exposure to cyberattacks. The Sixth Annual Benchmark Study on Privacy and Security of Healthcare found that nearly 90% of healthcare organizations have experienced data breaches. Further, 50% of data breaches in healthcare are from criminal attacks, and the other 50% result from human error, such as employee negligence, stolen computers, or incidents involving a third party.
According to the Ponemon Institute, these security breaches happen because many healthcare organizations and their third-party business associates are negligent in the handling of sensitive patient information and “lack the money and resources to manage data breaches caused by evolving cyber threats, preventable mistakes, and other dangers.”
The American Medical Association recognizes the growing cybersecurity threat and has established guidelines to help healthcare organizations guard against it.
- AMA recommends that healthcare organizations contact state medical associations for guidance on trusted platforms and vendors.
- AMA suggests establishing a specific team to facilitate establishing and maintaining a telehealth service.
- AMA recommends checking with malpractice insurance carriers to make sure that telehealth services are covered.
AMA has also developed resources with information to help physicians and organizations maintain better cybersecurity, including current cybersecurity threats, best cybersecurity practices, and providers’ responsibilities to protect patient privacy.
How Verisys Can Help
When you’re hiring a provider, you want to know that they will protect patient health information and keep your patients safe. The recent increase in telehealth services and the high number of data breaches resulting from human error mean that it’s more important than ever to hire and retain providers who carefully protect patient privacy. With its real-time, nationwide secure monitoring of provider data, Verisys can verify that your providers are properly credentialed, in good standing, and not excluded from practice so that you can utilize telehealth services with confidence.
|Written by Juliette Willard
Healthcare Communications Specialist
Connect with Juliette on LinkedIn