The COVID-19 pandemic has prompted
social distancing as a safety measure across the country. How this new normal
affects general health care can be seen in the rise of telehealth services, as
people are encouraged to use them to limit in-person interactions with medical
staff and help prevent the spread of COVID-19.
But like any online activity, there are
security risks involved for patients' personal data and companies' private
information. How can patients and doctors ensure each parties' information is
protected?
"Telehealth was trending upward before
the pandemic, and there were already privacy and security concerns," says
Stephen Hyduchak, CEO of Aver, an identity-verification
service. " But those are heightened now as people want the immediacy of care
and are ready to accept the exchange of privacy to receive that.
"Medical data is some of the most
sensitive information out there. HIPAA and other regulations have long been in
place, well before more general privacy laws were instituted. Now, needing to
share more of your medical history with the telehealth doctors makes the entire
communication more vulnerable in a variety of ways. The application could get
hacked. Also, IT infrastructure and cybersecurity often aren't up to speed at
hospitals."
Hyduchak suggests using these security
practices when using telehealth services:
Double-check before downloading the
app. "Your healthcare provider may have a
preferred app that you can download from its website," Hyduchak says. "That's
the safest route. Your company may offer this service, and if so, check with
human resources to make sure the information is correct before downloading.
Otherwise, use a reputable online store to download the app."
Consider online app reviews and
recommendations from your network. "Reputable
review sites can give you an objective look at apps and telemed services out
there, but many reviews focus on capability, speed and convenience, so you may
have to dig a little deeper regarding security," Hyduchak says. "That's where
your personal network comes in. Query people you know who are using the app
you're considering. And if the app is relatively unknown, you don't want to be
one of the first to use it."
Beware of phishing, social engineering of
telemedicine. "The basic rule
for most cybersecurity measures very much applies: Always verify a link or
attachment before opening it," Hyduchak says. "There are coronavirus-based
phishing campaigns by hackers. Their aim is to get you to click onto a
malicious telehealth link."
Learn how the service uses your
data. "Look for telemedicine providers
that explain their use of data that you share, usually doing this in writing
with a code of conduct," Hyduchak says. "You have to make sure the telehealth
service is reputable and that it's following all HIPPA rules. Also, only
disclose relevant information that is absolutely essential."
"With telehealth services, a patient can
see a doctor in isolation from their smart devices, so it's a close to ideal
platform during an outbreak like this," Hyduchak says. "But having awareness of
and using security measures is essential because the stakes are higher."