With the rapid increase in providers that offer telehealth, the healthcare industry has shown a dramatic rise in healthcare breaches. A recent report released by McAfee found that the increase of businesses using cloud services (i.e. Zoom, Microsoft Teams, Slack) among the COVID-19 pandemic has led to a 630% increase in cloud service breaches. With many healthcare organizations relying on cloud services to provide telehealth to patients, providers must be vigilant in their efforts to secure patient data.
Identity industry expert Eve Maler stated, “The data is, unfortunately, getting worse for the first quarter of 2020, and the healthcare industry is once again a big target. Over 50 percent of the data breaches so far in 2020 have been for the healthcare industry.” Further, Maler stated, “Healthcare records are so attractive to cybercriminals because, if you think about it, it’s physical data. It’s digital data. It’s data about your body. It’s data about where you live. It’s your date of birth — very valuable information.”
How to Prevent Healthcare Breaches
With the increase in healthcare breaches, the National Security Agency (NSA) has released cybersecurity guidance for telehealth providers.
The NSA recommends that telehealth providers consider the following before choosing a cloud platform to use for their practice:
- Does the service implement end-to-end encryption (E2EE)? E2EE enables data to be encrypted from sender to recipient, making data unreadable by unauthorized individuals. It is important that the cloud services that are used offer true E2EE to secure protected health information (PHI). With the increase in the use of Zoom, it was discovered that they were using a loose definition of E2EE. Although data was not viewable to outside parties, the company still had access to data.
- Does the service use multi-factor authentication (MFA) for user authentication? The use of multi-factor authentication can prevent weak or stolen passwords from being used to access user accounts. MFA uses a username and password in combination with another unique login credential (i.e., security questions, one-time PIN).
- Are sessions password protected? The service should allow organizers to limit access to sessions to only those who are invited by prompting patients to provide a password to access a telehealth session.
- Can users securely delete data from the service? Users should choose a service that affords them the opportunity to delete content such as shared files and chat sessions. The service should allow users to permanently remove accounts that are no longer used.
- Have employees been trained on the proper use of cloud platforms? A major contributing factor to healthcare breaches is the lack of employee training. Employees must be trained on the proper use of cloud platforms before they use the platforms.
Need assistance with HIPAA compliance? Compliancy Group can help! They help you achieve HIPAA compliance with Compliance Coaches® guiding you through the entire process. Find out more about the HIPAA Seal of Compliance® and Compliancy Group. Get HIPAA compliant today!
Disclaimer: The views and opinions expressed in the article and on this blog post are those of the authors. These do not necessarily reflect the views, opinions, and position of the Telebehavioral Health Institute (TBHI). Any content written by the authors are their opinion and are not intended to malign any organization, company or individuals.
Telehealth Training or Telemedicine Training?
If you are developing a hybrid telehealth model, now might be the right time to get serious about telehealth training. TBHI offers competency-based training from the convenience of your home or office Internet connection. Whatever your need, from basic telehealth to specialty topics, TBHI is the industry leader with online training to help you develop your evidence-based protocols, learn to be compliant with state, provincial and national laws, implement practical documentation shortcuts to legal and ethical compliance, and find the best technology to maximally protect your clients or patients.
Enjoy a step-by-step learning path that teaches you how to prevent as well as handle even the most difficult of clinical scenarios. All training is evidence-based and available online 24/7 through any device. Individual courses and webinars, as well as two micro certifications:
- Telehealth Clinical Best Practices Workshop — Live, interactive webinar, w/ 4 CME, or CE hours to discuss preventing and handling complex clinical issues. Training hours are applicable to legal/ethical licensure renewal requirements.
- 7 Effective Strategies for Managing Zoom Fatigue Symptoms
- Micro Certifications offer a broader range of legal and ethical grounding and allow you to distinguish yourself on websites, in social media, directories, and other areas.