FAQ – Telemedicine, Remote Connectivity
March 15, 2020
What are some security and privacy concerns that telehealth providers should take into consideration?
- Rushing to establish new telehealth applications or expanding existing ones to meet urgent demands can lead to overlooking important controls necessary to maintain security and privacy of information
- Ensuring the transmission of information sent over the internet is encrypted
- Ensuring the endpoint where telehealth transmissions begin and end are secured
What are some telehealth privacy and security issues that patients should consider?
- Shared telehealth devices should be properly sanitized; patients should ensure that sanitation measures were followed prior to use (i.e., disinfecting keyboards, touchscreens, pens, and the like, etc.)
What technical assurances should be considered to meet increased remote connectivity demands on the health provider’s network?
- Performance or availability of telehealth technologies could be negatively affected if it shares the same internet connection as remote workers
- Spike in data traffic due to remote workers could impact the quality of service of the organization’s internet connection
- Capacity planning becomes more important in this situation
What additional data security risks might arise from the rapid recent increase in telecommuting?
- Telecommuters may need to print something. The organization may have provided them with a laptop, but not a printer. Therefore, files containing PHI or PII may be moved from the organization-owned laptop to portable media allowing the file/document to be printed on a printer attached to their personally-owned computer.
- What happens to the file/document containing PHI or PII after the document is printed? Is it deleted?
- Is the portable media encrypted?
- A telecommuter may forward organization emails to their personal webmail account so they can print an attachment. “Free” webmail may be data mined, which means that PHI or PII could be ‘read’ by the webmail hosting company.
- Personally-owned equipment may lack the same security controls and settings as the workstations within the organization
- For example, in the workplace, workstations may timeout or activate screen savers after a period of inactivity. Is that true within the telecommuter’s environment at home?
- Wireless networks (Wi-Fi) within the telecommuter’s residence may not be properly secured.
- Drastic times means that people will take drastic measures to accomplish what they feel is necessary, even if their actions violate policy or HIPAA.