The New Telehealth Crisis – Security

For the many facilities not already offering a Telehealth option for their clients, Covid 19 social distancing policy created a rush to find a platform as quickly as possible. It became crucial to acquire a telehealth provider in order to keep clients engaged in their care.

Those facilities who were already providing a telehealth option to their clients before the crisis, saw client usage go from just under 20% in most cases to nearly 100% very quickly. But the quick necessity for a telehealth tool may have blinded the industry to another very important feature – security.

Security Standards

As social distancing mandates morphed into “shelter in place” orders, teleconferencing use increased by more than 2000 percent across the nation. Soon after this incredible increase, we learned that one major provider of this technology had major security breaches. A government investigation is ongoing to determine just how compromised the security of the American public has been. Many health providers went searching again for more secure technology. The initial crisis may have been averted but the next crisis soon appeared on the horizon.

When it comes to being responsible for protecting patient information, healthcare providers are typically well-informed. They understand the importance of being compliant with the federal Health Insurance Portability and Accountability Act (HIPAA), but may not be nearly as familiar with the technological requirements associated with the law regarding telehealth.

The standards set by HIPAA are direct regarding the security of Protected Health Information (PHI) but they are not hugely specific as to how technology is to secure and protect PHI. In terms of communication, the way that Telehealth platforms do this is by information encryption. Encryption is a kind of secret code allowing electronic devices such as phones and computers to communicate without being understood by other intruding devices. Encryption is a necessary compliance feature within a Telehealth platform, but not a specified requirement of HIPAA. This is why health providers should 1.) ensure that the chosen Telehealth platform is HIPAA compliant with strong encryption standards and 2.) ensure that the provider will offer a signed Business Associate Agreement (BAA) stating its responsibility and culpability in addressing adequate protection of PHI.

Client Experience

Breaches in protection of PHI can be costly to a facility. One study calculates that in 2018 companies in the United States spent more than 67 billion in total dollars related to breaches amounting to an average of $380 per breach. Telehealth is a great answer to the social distancing conundrum created by the Covid 19 crisis and we do not know how long social distancing may be required or to what extent.

Keeping this in mind, there are other aspects of this technology that should be considered as well. As clients become more accustomed to video conferencing, they are likely to develop expectations. Privacy will be assumed but a certain quality of the video experience will begin to be expected. As with security, many have overlooked the importance of such things as connection reliability and video quality as playing an important role in client retention.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

We value your feedback. Please post your comments or questions here or reach out to us at