Written by Dawn Dorr, Privacy and Security Customer Success
At the beginning of the pandemic, hospitals had to jump into action to find safer ways to deliver patient care without putting patients at risk of contracting COVID-19 in doctors’ offices and hospitals. The solution was telehealth, and it was widely adopted very quickly. A 2020 consumer survey found that the number of people who have used telehealth doubled during the pandemic, from 39.4 percent pre-COVID-19 to 79.5 percent post-quarantine.
The Centers for Medicare & Medicaid Services (CMS) temporarily relaxed HIPAA and other key requirements governing telehealth platform security and service delivery to get telehealth into full effect. While it’s unclear how or if these changes will become permanent, organizations already need to consider how they plan to make telehealth a lasting — and more importantly, secure — solution for their patients.
Here are four areas of telehealth security your privacy team should consider as they plan for the future of delivering secure patient care.
1) Update Privacy Policies and Procedures
You likely already have a set of policies and procedures for your healthcare organization to follow. Still, as telehealth becomes more prevalent, it’s crucial to integrate telehealth-specific regulations your team should follow. These new policies and procedures will address the risks that stem from working remotely, telehealth security, and more.
Bonus Tip: Check out our eBook, How to Build Effective Privacy Policies and Procedures, to learn how to develop a well-written manual that provides the foundation for operational excellence and better patient care. On page six, you’ll find a list of the top security and privacy policies for remote workers that are a must-have in your playbook.
2) Spot and Remedy Any Vulnerability Gaps
One of the temporary adjustments for telehealth in the time of COVID included lightening up on the regulations surrounding what platforms were acceptable to use. Facetime, Skype, Zoom and more were permissible for telehealth which opened new vulnerability gaps. It’s imperative that you perform a risk assessment to identify vulnerabilities and non-compliance issues, cybersecurity threats, and more.
Bonus Tip: Review your current IT team’s workload and discuss if a sophisticated cyber threat monitoring platform could alleviate the stress of the new security challenges that come with telehealth services. You can augment your team with skilled cybersecurity experts who monitor your networks 24/7, looking for anomalies to send curated alerts to your IT team, so you know when to jump into action and proactively prevent threats.
3) Implement Multi-Factor Authentication
As user authentication is one of the most common cyber risks facing hospitals and other healthcare providers, stronger authentication can help close some of these gaps. Microsoft reported that systems that leverage multi-factor authentication block 99% of automated cyberattacks, not just on Microsoft platforms – on any online service or website. It’s clear that authentication is essential and should be implemented wherever possible.
Bonus Tip: Don’t forget to update your passwords regularly. Also, consider using a password generator to create unique passwords that can’t be easily predicted by a cybercriminal or a password spray attack (which accounts for 16% of all cyberattacks).
4) Analyze User Activity and Investigate Suspicious Access
Every access to a healthcare’s network must be analyzed – especially when users are connecting to the healthcare VPN from a remote location like a home office. Ideally, network admins and privacy teams should log all access to patient information and monitor and flag any accesses and attempts from suspicious unauthorized users. They’re also expected to review those logs to follow up on and investigate all suspicious activity.
Bonus Tip: New technology like artificial intelligence and machine learning makes it easier than ever to support privacy teams. Between the ability to analyze every access to PHI and removing false positives and virtual assistants that can complete the investigation process for you, privacy teams can instead focus on higher security tasks.
Above all, it seems like telehealth is here to stay. The 2021 Large Employers’ Health Care Strategy and Plan Design Survey revealed more than half of all respondents planned to implement more virtual care solutions in 2021. While healthcare workers and patients alike are looking forward to this new way of healthcare delivery, we all need to make sure we’re doing our part to ensure the security of information.