Though aimed at being a convenient alternative, telehealth practices must do their best to replicate in-person visits. With that being said, all data being shared between patient and provider is done virtually, meaning that extra precautions should be taken to protect sensitive personal health information (PHI).
Experiencing a data breach of any kind can be damaging to both an individual and an organization. Whether you are new to telehealth or have been conducting your practice for some time, you should know that protecting PHI is the law. A solid defense system to outside (and sometimes inside) threats will help to reassure your patients that a telehealth system is a viable option for their healthcare needs.
Implement a multi-factor authentication system
Implementing two-step verification, otherwise known as multi-factor authentication (MFA) to ensure the right individuals are accessing your platform for appointments and data is a great start. According to Microsoft, there are over 300 million fraudulent sign-in attempts made towards their cloud services every day. MFA blocks 99.9 percent of these automated cyberattack attempts on Microsoft platforms, websites, and other online services. Whether you are using a Microsoft system or another program, your results may vary, though they should produce similar outcomes.
MFA can come in the form of a security question, a key-code (usually received by text message or e-mail), or other similar protocol. Having an MFA process throughout many access points of your platform is recommended. Usually, and as a way to not inconvenience your patients, most systems will remember logins from recent devices, meaning that they won't have to undergo the same process every time they attempt to access the platform.
Data encryption is a must
No matter what platform you decide to host your telehealth practice on, be sure that data encryption is included. This will be important to the safety of PHI when it is collected, stored, or moved. In their work on telehealth security practices, Joseph L. Hall and Deven McGraw explain data encryption as electronically "locked" material that uses complex mathematics and encryption "keys" to ensure that if an attacker does gain access to the raw data, it would likely be rendered useless.
Telehealth and HIPAA compliance (United States)
HIPAA (Health Insurance Portability and Accountability Act of 1996) is legislation that provides data privacy and security guidelines for protecting PHI. When it comes to telehealth, HIPAA sets out its guidelines within their security section, which state the following:
- Only authorized users should have access to ePHI.
- A system of secure communication should be implemented to protect the integrity of ePHI.
- A system of monitoring communications containing ePHI should be implemented to prevent accidental or malicious breaches.
When looking to store ePHI using a third-party cloud system, you will want to be sure that they can provide you with a Business Associate Agreement (BAA). Any individual or entity (third party) that performs functions on behalf of a covered entity, where PHI is accessed by the third party, is considered a business associate. When entering into a BAA with a third-party, be sure that the agreement outlines the methods that will be used by them to ensure the protection of the data, as well as regular maintenance procedures.
You can learn more about HIPAA requirements for telehealth at the U.S. Department of Health & Human Services website.
When looking to welcome new telehealth patients, providers must promote their ability to protect PHI. Many who are new to this type of service or new to technology in general may be reluctant to share PHI over the internet, so it is important to provide reassurance, backed by a solid system.
Giva offers a telehealth and remote patient monitoring support model that is compliant with the standards and structures used in the IT infrastructure library (ITIL) framework to maximize the return on investment of your help desk while maintaining best practices of data security. Furthermore, HIPAA compliance, quick deployment, and leading customer service will have you ready to support patients in no-time. Visit our website to learn more about Giva's HIPAA-compliant Telehealth Help Desk program.