Five ways to help keep your patient data safe through telehealth video web conferencing

Gary Sibley
Gary Sibley, Vice President of Sales and Marketing, Brother OmniJoin

It’s not only advances in technology that is driving the global telehealth market toward $34.0 billion by 2020.[1] While faster, secure and more reliable technology is certainly a catalyst, numerous other reasons exist for this growth. Among these drivers is that 48 states now reimburse for telehealth for Medicaid patients, while 29 states have telehealth reimbursement parity laws for private insurance.[2] Most importantly, however, is providers are recognizing how telehealth helps the healthcare industry confront three major challenges: physician shortage, cost control and population health management.

Although deploying telehealth technology can help providers efficiently care for more patients regardless of location, significant security risks remain. Protected health information (PHI) that is transmitted through telehealth applications and video web conferencing technology needs to be protected from cyberattacks and employee error, both of which can result in a data breach.

Under HIPAA, breaches are punishable with financial penalties of as much as $50,000 per incident up to a maximum of $1.5 million a year.[3] Therefore, the following are important security feature considerations for provider organizations if they plan to deliver care or reveal PHI over video web conferencing technology.

#1. End-to-end encryption

Encrypting electronic PHI (ePHI) is required in the HIPAA Security Rule. Some video web conferencing platforms, however, do not offer encryption technology capable of protecting telehealth encounters. Video web conferencing technology that offers the industry standard SSL/TLS encryption and that can provide proxy and firewall traversal for a secured platform is recommended for healthcare organizations.

#2. Secure connection verification

A secure conference connection established during a video-based encounter or meeting protects PHI and other confidential information. This means that if a secure connection cannot be established, video web technology that automatically prevents the unsecured encounter from occurring is a safer option. This is a major advantage over traditional, hardware-based video conferencing installations where configuration settings can be changed by remote employees without system monitoring, allowing sensitive information to be sent unprotected over the Internet.

#3. Private cloud option

A private-cloud video web conferencing option offers an enhanced level of security because all information is stored behind the provider organization’s firewall. A private-cloud option also offers providers the control over the location of stored documents and recordings, if the provider chooses to expose those features. For example, provider organizations can select their own on-premise storage of all documents, such as a Windows or .Net accessible file system location.

Ideally, providers can select no content storage, meaning that at the conclusion of the online patient encounter or meeting all shared content and files are deleted from the system. If this option is chosen, ePHI exchange will need to occur through another method. Due the regulations surrounding ePHI and disclosure, a private-cloud platform is recommended for patient care, meetings or consultations involving health information.

#4. Password controls

A single sign-on (SSO) option could be available if organizations do not want participants to have to remember passwords and if the provider’s IT policies allow SSO. For password controls, preferred options include the ability to request that the account password be changed after a pre-determined number of days and that passwords include a minimum length, upper/lower case and numeric content.

For even greater protection, password entry for users can also be time limited and lockout users after a pre-determined number of unsuccessful login attempts. An additional level of security is offered if the provider organization requires passwords to download shared documents and meeting recordings.

#5. Provider/host security controls

Through some video web conferencing technology, provider organizations can lock out the conference until the host arrives or have the option to require separate passwords for the host, presenters (if applicable), and participants. In these situations, separate passwords are useful for more formal meetings such as webinars where there are multiple presenters and a large number of participants, such as training or team-based consultations.

Video quality and ease-of-use also crucial

While security features are essential, delivering safe, high-quality quality patient care or collaborating with colleagues is the ultimate goal. Some telehealth applications and video web conferencing technology, however, may distract and interfere with these interactions.

Video web conferencing needs to offer high-quality audio and video to allow providers to listen, observe behavior variations, body language and changes in facial expression. That is why a user interface that is simple to use and highly intuitive would help support more effective patient care and team-based collaboration. In addition, switching between a public and private cloud would also ideally be seamless in the user experience. This simplicity and ease of use would also likely encourage both patient engagement and clinician adoption.

Adoption of two-way video and webcams to support patient care increased to nearly 70 percent in 2015 from 58 percent the year before.[4] This telehealth adoption level is only expected to rise. Organizations can prepare for this emerging trend by investigating telehealth and video web conferencing technology that will support this growth, but also offer the PHI security to protect patients and help reduce the organization’s risk.






Brother OmniJoin, data breach, ePHI, HIMSS, HIMSS'16, HIPAA, PHI, Protected Health Information, Telehealth


Please follow and ‘Like’ us


© HIT Leaders and News, a GO Digital Media & Publishing LLP publication. All rights reserved.