New technologies come with new security challenges
If you saw the end of Super Bowl LVI, you know that defense matters. With less than a minute to play, Rams’ star defensive tackle Aaron Donald barreled past two Cincinnati Bengals and spun quarterback Joe Burrow to the turf, sealing his team’s 23-20 victory.
In healthcare, defense is also key. A practice can have a superb lineup, a strong budget, and all the latest tools to deliver quality care, but if they can’t defend themselves against threats to their digital infrastructure, they could wind up losing reputation, patients, and revenue.
Telehealth — including live, one-on-one remote visits and remote patient management (RPM) through wearable devices and health monitors — ranks among the most powerful technologies available to providers today. It gained new importance when the COVID-19 pandemic forced medical offices to curtail hours or close for weeks or months, leading to a surge of new users and expansion among existing users.
But remote medicine and RPM also pose risks that must be addressed.
Identifying security concerns and risks
As Milan Shah, CTO of Biofourmis, explained to HealthITSecurity recently, there is a major difference, from an IT security perspective, between being in a hospital and using telehealth technologies.
Within the hospital, everything is behind the hospital’s firewall and in a “tightly controlled technology IT environment,” he said. But telehealth technologies establish connections between medical facilities and patients through connections that offer many additional potential points of entry for those who might be seeking to obtain PHI.
The HealthITSecurity article cited a survey by Arlington Research that found:
- More than 80% of responding providers are concerned about data security and privacy
- More than 50% of respondents have patients who won’t use telehealth because of privacy and security concerns
- 70% of respondents work with outdated systems with security vulnerabilities
Protecting PHI in the telehealth process
eClinicalWorks and healow recognize the vital role that security must play in all areas of healthcare IT. And we recognize the importance of addressing the concerns that patients and practices may have about a technology that — while far from new — may be a novel experience for them.
We take several steps to ensure that PHI is protected at all times.
- eClinicalWorks and healow maintain state-of-the-art IT security procedures and require that all employees undergo regular training to ensure they understand the importance of PHI, the need to comply with the Health Insurance Portability and Accountability Act (HIPAA), and security procedures in place at eClinicalWorks.
- Whether used with eClinicalWorks or another EHR system, our healow Telehealth Solutions, including those for remote patient management, are fully integrated into the EHR’s workflow. Access is limited to authorized users who must access their EHR and use authentication protocols.
- Providers using healow send secure links to patients for their exclusive use. The patient must use that link to enter the virtual waiting room and start their remote visit.
- Each telehealth link is good for a limited time, following which it expires and cannot be used by anyone, including the patient, to enter or re-enter a visit. This helps ensure that unauthorized parties are barred from obtaining PHI.
- The eClinicalWorks EHR offers additional security features that come with being on a cloud-based system. Those security features extend to the use of our telehealth solutions.