Article by Avatara’s CEO, Rob McCormick, originally published in Healthcare Business Today.
The pandemic ushered in a whole new era for telehealth. With that expansion comes new challenges.
Before the pandemic, telemedicine’s primary use was in rural areas for patients who couldn’t make it to a doctor’s office. During the pandemic, however, things changed countrywide.
According to McKinsey & Co., 11% of consumers used telehealth in 2019. That number has climbed to 46%, translating to an estimated $636 billion in revenue by 2028. While embracing telemedicine is a lucrative opportunity for healthcare organizations, it requires clarity and responsibility.
One key concern is regulatory compliance. At the start of the pandemic, there was leniency with HIPPA compliance as providers scrambled to see patients virtually. This cashed out in a decision from the U.S. Department of Health and Human Services Office for Civil Rights to “exercise enforcement discretion,” forgo penalties, and allow the use of non-encrypted platforms. That flexibility allowed organizations to work with unsecured technology with no consequences.
But that is all changing rapidly. Regulations are tightening again while cybercrime rates are rising to record levels, particularly in healthcare, where one-third of global organizations said they experienced a ransomware attack in 2020.
Those figures illustrate the obvious — telehealth technology with any security holes is inexcusable today.
Although leaders understand the pressing need for competent and compliant telehealth system solutions, finding practical options is often difficult. Compliant solutions with high levels of security often sacrifice ease of use. The learning curve and layers of security add an air of difficulty to collaboration, mobility, and productivity. And as cybercriminals grow more sophisticated, leaders’ challenge to find the right solution will become even more trying.
Underscoring this challenge, conference tools are not typically built for compliance. Solutions that were unregulated before the pandemic and then added security measures as an afterthought are likely to have vulnerabilities.
Getting this right is critical. Fifty-two percent of telehealth providers have found customers refusing a video call due to security concerns, which isn’t surprising considering that attacks on healthcare customers rose to 45 million in 2021.
Decision-makers must have strategies to ensure they can maintain privacy, security, and compliance in their organizations while scaling up telehealth and other tech options. Here are a few key considerations:
1. Incorporate security and privacy into IT infrastructure. Security and compliance cannot be taken for granted. In fact, they must be the focus of planning from the outset. A bandage afterthought approach is not sustainable.
Find a technology provider that stays current with all compliance standards. Implement external attack protection measures such as a secure data center, secure cloud desktops, server and edge firewalls, and an around-the-clock security operations center.
For human error prevention, employ secure file-sharing methods, email encryption, multifactor authentication, and security awareness training. Additionally, implement endpoint protection, DNS web and content filtering, host-based intrusion detection, and spam filters for comprehensive security.
2. Consider ease of use for staff and patients. Studies reveal that 74% of customers expect existing technology to help create better experiences, while 75% expect new technology to do the same. In any event, innovative, easy-to-use solutions can boost enjoyment and adoption rates to sustainable levels.
When telehealth usage ramped up at the start of the pandemic, many healthcare leaders were concerned that high-security systems would be too complex for patients to use. But simple, intuitive, and secure platforms do exist today.
It’s also worth considering the ease of EHR access for remote or multisite staff. If patients don’t have to come to the office for their appointment, providers don’t necessarily need to either. That means EHRs need to be hosted remotely. With remote access comes greater responsibility to ensure that all devices and network connections are secure.
3. Have a secure backup system in place. Losing patient data is not an option any healthcare organization can afford. Never store any files locally on network devices. Instead, keep data centralized in a secure data center so that even if a device is stolen, no data will be compromised.
It’s a simple practice, but it can have a massive impact if not strictly enforced. If hackers steal patients’ personally identifiable information, patients will lose trust, regulatory organizations will issue stiff fines, and healthcare organizations’ reputations as trusted partners will suffer.
Telehealth will have an exponentially greater role in medicine in the years ahead, and it presents a wonderful opportunity to service patient needs and raise profits. But it only works if organizations put in the due diligence to get it right. Prioritize regulatory compliance, best practices in security, and ease of use. Patients will be grateful.