While cyberattacks may dominate news headlines concerning healthcare data breaches, 69 percent of healthcare organizations say employee negligence is their biggest Protected Health Information (PHI) security concern, according to the Ponemon Institute's Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data.1
Oftentimes, this negligence is due to employees not following the organization's security policies and procedures regarding PHI and other valuable data. This may be due to lack of training, or simply because following the security protocols are too time-consuming for providers and disrupt their natural workflows. Care delivered through telehealth technology, such as web conferencing platforms, can be especially challenging from a data breach perspective because physicians may lack experience and knowledge of the proper data and information technology (IT) security measures.
To mitigate this risk, both patients and physicians can be equipped with user-friendly solutions and easy-to-follow processes to automatically safeguard patient data and help ensure they are adhering to industry regulations when information is transmitted electronically. Through strategies such as encryption, requiring a secure-conference connection and leveraging robust, flexible password tools, providers can gain confidence using telehealth platforms and the security of their online interactions.
Automation is a security essential
In light of security, but also cost concerns, many healthcare organizations have transitioned IT systems to cloud-based servers, including telehealth platforms, although not all cloud-based web conferencing platforms are equal in terms of security or user friendliness. Beyond providing excellent patient care, security is likely a healthcare organization's top priority, considering that PHI breaches are punishable under HIPAA with financial penalties of as much as $50,000 per incident up to a maximum of $1.5 million a year.2
More rigorous security measures alone, however, are not the only solution to help reduce an organization's data breach risk. Another contributor may be the user interfaces and processes that providers and patients must follow to keep information secure. If those protocols are too cumbersome, then providers and patients will likely find methods to sidestep security measures.
That's why automated security protocols and user-interface configurations may be more widely accepted by providers and patients while helping reduce the organization's breach risk. For example, with proxy and firewall traversal functionality, web conferencing platforms are available that simplify connecting with patients by routing all sessions through a single, secure port. This means providers do need additional configurations to start an online session with patients regardless of their networking environment. Eliminating extra steps through this automation can reduce the likelihood that providers will find workarounds to save time.
End-to-end encryption using the industry-standard SSL/TLS protocol and with the Advanced Encryption Standard (AES) 256 is another automatic configuration that can be established during web conferencing technology's implementation so providers do not need to be concerned with encryption before every telehealth encounter. Encrypting electronic PHI (ePHI) is also required to comply with the HIPAA Security Rule.
If a secure, encrypted connection cannot be established, web conferencing technology that automatically helps prevent the unsecured telehealth encounter from occurring is a safer and more user-friendly option for providers and patients.
User-friendliness also essential
Many healthcare organizations have IT security policies that require providers to change passwords after a pre-determined number of days and that passwords should include a minimum length, upper/lower case and numeric content. While this policy can help protect against an external cyberattack, these constantly changing letter and number combinations can be difficult to remember, prompting providers to write passwords down near their computer, which is not advisable. Secure web conferencing platforms can support password policies that require routine changes, while also offering the more user-friendly option of creating temporary passwords that expire after a telehealth session, eliminating the need for any memorization.
After the password is entered, providers will want to devote all their attention to the patient instead of monitoring the security of the session. Some web conferencing platforms allow providers to "lock" the sessions in a single click. That means even if an additional person would be able to access and enter the required password, that person would not be allowed entry to the session without the provider being notified and granting permission.
The web-conferencing technology's video and audio quality are also important considerations, in addition to the security features. High-definition video and audio is likely to positively impact the patient experience, resulting in improved patient engagement. On the provider side, a clearer picture and sound can support better communication and clinical decision making.
Security inside and outside the four walls
The U.S. telehealth market is expected to reach $2.8 billion by 2022.3 This growth, however, can create new potential data security risks if providers and patients do not have the technology they need to safely share PHI online, either through text or speaking. By offering secure, easy-to-use web conferencing platforms that support instead of distract from patient care, providers and patients can engage in safe and effective telehealth encounters.
About the author
Tom Toperczer is director of product management for Brother. With more than 20 years of experience in the video conferencing industry, Toperczer supports the company's OmniJoin division that develops video web conferencing solutions with a growing healthcare segment.
1 http://www.ponemon.org/library/sixth-annual-benchmark-study-on-privacy-security-of-healthcare-data-1
2 http://www.ama-assn.org/ama/pub/physician-resources/solutions-managing-your-practice/coding-billing-insurance/hipaahealth-insurance-portability-accountability-act/hipaa-violations-enforcement.page?
3 http://www.prnewswire.com/news-releases/us-telehealth-market-size-to-reach-283-billion-by-2022-grand-view-research-inc-537446441.html
The views, opinions and positions expressed within these guest posts are those of the author alone and do not represent those of Becker's Hospital Review/Becker's Healthcare. The accuracy, completeness and validity of any statements made within this article are not guaranteed. We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with them.