With telehealth on the cusp of rapid growth, healthcare entities must carefully assess and address critical privacy and security issues, says regulatory attorney Emily Wein.
The use of telemedicine soon could get an additional boost from a variety of legislative proposals in Congress, including a Senate bill that would expand Medicare coverage for certain telehealth services.
Patients are increasingly seeking remote healthcare services, such as online consultations with physicians, even if that means paying for the care on their own, Wein says in an interview with Information Security Media Group.
"Telehealth is an industry that is responsive to healthcare needs, but also responsive to how we operate today," she says. "We want things quickly; we want things conveniently."
With healthcare services being offered in patient's homes, workplaces and via smartphones, new risks are emerging, Wein says.
"Your computer, your ipad, your iphone, or whatever interface or kiosk you have at your employer - these are all potential devices that could store or transmit your personal health information," she notes.
A telehealth patient's health information is being transmitted for "various modalities," increasing the potential that data might be misused, mistransmitted or accessed inappropriately, she says.
Potentially adding to the risks, she says, is the outsourcing of certain telehealth-related functions, such as storage and maintenance of information, to third parties.
"It's not just your telehealth physician who has access to or is storing your personal health information; it's the software company that the physician has contracted with to maintain that electronic information that you're sharing via a telehealth visit. ... There's more people touching your information."
Risks of Wearable Devices
Another potential privacy concern: wearable health devices that track information - including an individual's location - that can easily be lost.
"Perhaps that doesn't amount to health information, but that's still information shared with a telehealth provider," she says. "If that information is misappropriated, it could create some risks for the patient."
In the interview (see audio link below photo), Wein discusses:
- HIPAA privacy and security considerations related to telehealth;
- Navigating complex federal and state laws, including those dealing with breach notifications and protecting sensitive data, including mental health and substance abuse information;
- Privacy and security concerns related to medical devices and in-home health monitoring services using cameras.
Wein works in the Baltimore office of the law firm Baker Donelson, advising healthcare clients on a wide spectrum of regulatory matters, including telehealth, regulatory compliance, HIPAA privacy issues and Medicare and Medicaid enrollment.