Telemedicine is a way of digitizing our bodies. Conducting physical examinations over remote digital connections such as video calling literally exposes our most sensitive information to the wilds of the internet.
As we’ve all no doubt seen and heard by now, hacks of even the most seemingly impenetrable governmental, social media, and big business websites and data vaults are not only possible but starting to feel a little common.
If telemedicine is going to win broad public support–and there is evidence that the majority of us are in favor of the concept even if we’ve never actually tried it–then airtight privacy and security is going to be paramount.
In telemedicine, meeting the requirements of HIPAA standards is the responsibility of the video conferencing vendor.
HIPAA compliant video conferencing software is the starting point. Less frequently known as the Health Insurance Portability and Accountability Act, HIPAA was enacted largely to ensure the privacy of personal patient information, and it provides strict guidelines for the transfer and storage of sensitive patient data across digital channels. In telemedicine, meeting the requirements of HIPAA standards is the responsibility of the video conferencing vendor–and the responsibility is critical.
Accordingly, if we are to benefit from the advantages offered by telemedicine, the technology we use must be as private as a room at the local doctor’s office.
Meeting HIPAA Requirements
Telemedicine is no longer science fiction. The debate around its use is no longer about its efficiency or effectiveness. Research across a range of medical fields has found that remote consultations can be as reliable as in-person appointments in the fields of mental health, addiction treatment, optometry, outpatient care, and dermatology.
All these telehealth services must comply with HIPAA guidelines.
The most familiar uses of telemedicine at the moment are of the doctor-to-doctor variety (in which a general practitioner consults with a specialist), and the kind of doctor-to-patient consultation offered over some telehealth apps.
All these telehealth services must comply with HIPAA guidelines; that includes the following physical and technical standards:
- Limited and authorized access to servers and facilities
- Data encryption and decryption safeguards
- The use of unique identification across all processes
- Audit reports and tracking logs for hardware and software
- Restrictions on transferring, storing, removing, disposing of, and re-using data
Meeting all those standards requires more attention to security than just password protection. The good news is that there are many video conferencing providers that have passed the test.
Finding HIPAA Compliant Video Conferencing Software
Meeting HIPAA standards is the responsibility of video vendors. Before any telemedicine network can be established, the vendor must provide a HIPAA-required Business Associate Agreement (BAA). This binds the vendor to secure all patient information and report any breaches of security.
As such, there’s no overriding list of HIPAA-approved vendors available from which a telemedicine startup could simply choose a partner. Instead, HIPAA compliance is assessed on a project-by-project basis and has more to do with a provider’s willingness to abide by the rules rather than their ability to technically do so. There are, however, examples of vendors that have and haven’t embraced their HIPAA responsibility.
Each telemedicine project or network is assessed individually and each vendor must agree to a BAA whenever it undertakes such a partnership.
Apple, for instance, has not agreed to subject FaceTime to HIPAA regulations, but Zoom did in 2017 before launching its cloud-based telehealth service. And it gets even more complicated once you drill down into specific services offered by video vendors. Skype, Teams, and Office 365, for instance, are all treated as separate entities when it comes to HIPAA regulations, despite their common parentage.
The bottom line is that each telemedicine project or network is assessed individually and each vendor must agree to a BAA whenever it undertakes such a partnership. This agreement is less a license to dispense virtual medicine than a promise to be held accountable should HIPAA breaches take place.
Regardless, it’s a responsibility that is critical to the future of telemedicine.
Are You Telehealth Confident?
The results of a survey undertaken by Cisco reported that only about 40 percent of consumers in the U.S. believe that data protection is sufficient to keep their medical information private. Skyhigh Networks reports that healthcare companies often use multiple cloud services, which can increase the risk of a data breach.
Telemedicine, of course, is particularly susceptible to online attacks and data breaches, which means that increasing adoption of telemedicine is only possible if users are convinced that the technology is safe and secure.
That starts with the implementation of more advanced video security features. Digital security company Theta Lake, for example, has released video conferencing-compatible compliance software that uses artificial intelligence to scour recordings of video meetings in search of potential data integrity risks. The app uses machine learning to detect spoken and visual compliance risks in media sources such as meetings, marketing materials, social media content, and workflow messaging and exchanges.
Provided Theta Lake can deliver on its promises, that kind of initiative could go a long way toward showing the public that the technology of communication is backed up by new technological ways of securing privacy.
Just as companies are finding new ways to bring virtual medicine to rural and remote areas, into schools and offices, and every available minute of our lives, they should be developing new ways to keep us safe.
Digital innovation made telemedicine possible, and digital privacy can make it popular.