How blockchain can ensure security and compliance in telemedicine (Reader Forum)
A recent surge in telehealth suggests that virtual care will rise in popularity in the coming years. Telemedicine offers an accessible way for patients to remotely connect with doctors for medical advice and diagnoses, particularly for patients who are unable to leave their homes.
Despite its convenience, this technology raises enormous potential security concerns. If the virtual connection between a doctor and the patient is unsecure, it is possible that patients’ location, data and other sensitive information could be leaked.
The privacy risks associated with telemedicine mostly stem from the lack of security controls over the collection, use and sharing of data. For example, home telehealth devices and sensors may collect and transmit information on activities in the household that a patient wishes to keep private, such as substance abuse or their daily routine, including when their home is unoccupied during particular times of the day.
This highly personal data may be stored or transmitted by the device, allowing it to be accessed by third-party users.
Additionally, while smartphone apps are useful tools to help manage personal health, they too can share sensitive data with advertisers and other third parties. This includes sensor data on location, which allows advertisers and third parties to access an individual’s location and store that data in third-party libraries or online servers.
The security risks associated with telemedicine also raise several ethical implications. If doctor-patient relationship and sensitive data cannot be protected, will this practice ever obtain widespread support from individuals or healthcare providers and federal organizations?
Healthcare providers have been slow to adopt telehealth because of these concerns, all of which are valid. The answer may lie in another technology that healthcare providers have been slow to adopt: blockchain.
At a basic level, blockchain applications enable secure, immutable and anonymous transactions across networks to mediate mutually agreed upon interactions between parties. In the healthcare industry, this can help facilitate a more efficient way to transfer data effectively and communicate across organizations.
Blockchain also allows medical records to be stored in secure, fragmented systems that can contain large amounts of data and information, enabling providers to store a more complete patient history and securely encrypt medical data.
When applied to telemedicine, blockchain will help establish a seamless exchange of data and increase consumer confidence in the system. In such a system, the data entered into a computer must be approved by the patient and doctor, as well as verified against a previous ledger.
Both the patient and doctor can secure a personal copy of the ledger, rather than a single party having control over the data. This method ensures multiple checks are in place for protecting sensitive data, reducing some of telemedicine’s main security concerns.
Blockchain is still emerging within the telehealth scene, and federal organizations are still left to consider how regulations would apply to this technology.
The Health Insurance Portability and Accountability Act (HIPAA) contains the primary set of regulations that guide the privacy and security of health information; however, it only applies to covered entities and business associates, not to patients. HIPAA mandates do include guidelines around the secure transfer of data, meaning methods and standards for encrypting data with blockchain must remain compliant.
Current HIPAA guidelines on telemedicine focus heavily on electronic protected health information (ePHI). To meet HIPAA compliance, healthcare organizations must communicate ePHI through authorized channels of communication to prevent information from being compromised.
Tools like Skype or email should never be used to communicate ePHI at distance unless the third-party entity has a Business Associate Agreement with the organization storing the data. Because of these strict regulations, providing HIPAA compliant telehealth services for patients is currently both expensive and complicated.
Telemedicine is expected to lower healthcare costs, increase efficiency and revenue and provide patients remote access to healthcare services when they most require it. If telemedicine is to become a widely accepted practice among patients and healthcare professionals, its vulnerabilities must be addressed through proactive risk management, including using new technologies such as blockchain.
While there is no one security or compliance program that prevents hackers from accessing a network, there are many precautions healthcare organizations can take to enhance security outside of adopting emerging technologies like blockchain. Establishing a security and compliance plan is necessary to managing sensitive data and maintaining transparency with stakeholders.
A security plan should identify the types of software in place and establish controls and an evaluation processes to ensure the system is functioning properly. In order to prevent hackers or malicious parties from obtaining confidential data, investing in cybersecurity protection is vital.
Compliance programs demonstrate that an organization meets industry and federal regulatory requirements. Building a compliance program to ensure all security resources are secure and up to date with the changing technology landscape will also help to reduce risk and represent a commitment to maintaining security and customer privacy.
Both security and compliance plans can help an organization appropriately assess internal and external risks and how to respond to these risks. To create a successful program, healthcare organizations should provide staff and IT members with effective training to properly conduct digital health communications.
Once the staff members are trained to understand why security and compliance are needed, it will shape the way they handle ePHI interactions and sensitive data.
After surpassing security and compliance challenges, it will be easier for both healthcare providers and patients to embrace and adopt virtual visits. Telemedicine has grown rapidly since 2014, but it still has a long way to go. With the help of blockchain applications and robust cybersecurity and privacy compliance programs, telemedicine may become the next leading digital solution in healthcare.
Blaise Wabo is associate director at cyber-security and compliance firm A-LIGN. He is focused on performing HITRUST certifications, SOC 1 and SOC 2 examinations, and HIPAA audits in various industries.