By Blaise Wabo, associate director, A-LIGN.
As technology continues to improve, using virtual connections in place of face-to-face meetings has surged in popularity. The healthcare industry is no different – the telehealth industry is predicted to be worth more than $130 billion by 2025. While telehealth offers many benefits to patients, particularly those who are unable to leave their homes, the technology raises several serious security concerns.
These problems primarily stem from the lack of security controls when it comes to the collection and sharing of data. During a conversation between a patient and doctor, for example, sensitive, personal patient data is often shared. When the connection between patient and doctor is virtual, it is possible that an unsecured connection could be interrupted, and patient data leaked. Home telehealth devices and sensors may also collect data that a patient would prefer to keep private, including times that the home is unoccupied. If devices are storing and transmitting this data, it is possible that it could be accessed by third parties.
These concerns have left a lingering question: how can patients still reap the benefits of telehealth while ensuring their connections and data remain secure? The answer may lie in another technology that healthcare providers have only started to adopt – blockchain.
Enabling Secure Data
Blockchain at its most basic level simply enables secure, immutable and anonymous transactions, allowing cross-network communications to take place through mutually agreed upon interactions between parties. For healthcare providers, this opens up an efficient means of transferring data and communicating between different organizations that handle patient data. Medical records can also be stored using blockchain, allowing providers to create a more complete patient history by keeping larger amounts of data and information securely encrypted in fragmented systems.
The ability to securely share data and control who has access to it will surely help to increase consumer confidence when it comes to telehealth. Blockchain requires that data is approved by both the patient and doctor before it is entered into a computer. The data must also be verified against a previous ledger, so no single party ever has total control. This ensures multiple checks are in place and reduces the chance that an unauthorized party could access sensitive patient data, which is one of the main concerns when it comes to using telehealth.
Regulating Sensitive Communications
While it offers many solutions, federal organizations have not officially decided how regulations would apply to blockchain, including the Health Insurance Portability and Accountability Act (HIPAA). HIPAA outlines rules for ensuring the privacy and security of patient data, as well as the secure transfer of data, but it does not apply to patients; ensuring blockchain users remain compliant will be the responsibility of healthcare providers.
HIPPA guidelines for telehealth require that healthcare organizations communicate electronically protected health information (ePHI) through regulated channels to ensure security. This means that tools like Skype or unencrypted email cannot be used to communicate ePHI, limiting what could be used for cost-effective telehealth.
Although there is no single communications tool that currently exists for cost-effective, compliant telehealth, it is expected to lower costs overall throughout the healthcare industry and increase efficiency in providing patients with remote access to healthcare. To ensure its vulnerabilities can be addressed, healthcare professionals should proactively manage its risks; using emerging technologies like blockchain is simply a step in the right direction.
Smart Security and Compliance Planning
Healthcare organizations may not have a single answer to turn to when it comes to increasing security in telehealth, but there are many precautions they can take that will mitigate risks outside of adopting emerging technologies like blockchain. One simple thing that all healthcare providers should do is to create a security plan. These plans should identify current methods of securing data, establish team members responsible for responding to a breach and put an evaluation process in place to determine if the system is functioning properly.
Every organization should have a security plan, as they are vital to preventing hackers or malicious parties from obtaining sensitive data and help to maintain transparency with stakeholders. Building a compliance program can also help to ensure security resources are up to date and functioning properly, as well as demonstrate an organization’s commitment to meeting industry and federal regulations. Having security plans and compliance programs in place will reduce risks in and outside of telehealth, and also represent an organization’s commitment to maintaining security and patient privacy.
Security and compliance plans can also help an organization identify internal and external risks and develop steps to appropriately address them. Healthcare organizations must also ensure that staff and IT members are effectively trained in digital health communications, as their understanding of security and compliance will determine their ability to handle sensitive data, including ePHI interactions.
Telehealth will only continue to grow in popularity. Healthcare providers and patients will soon be able to rely on virtual visits, but only after security and compliance challenges are addressed. By using emerging technologies like blockchain, as well as creating robust security and compliance plans, healthcare providers can begin taking steps to embrace telehealth as a viable solution to expanding patient access to healthcare.