The rise of telehealth: What it means for patient privacy

Digital freedom
5 mins
Cross health symbol with Wi-Fi signal.

Have you attended a doctor’s appointment on your computer screen in the past year? Or used a mental-health app to help with anxiety? 

Seeking medical and health-related services remotely has become common since Covid-19 spread around the globe. With hospitals and clinics opening their doors only to certain cases, patients have turned to technology to do everything from getting post-operative checkups to consulting with a doctor about minor ailments.

What is telehealth?

Telehealth refers to the remote facilitation and delivery of health and health-related services through telecommunication technologies. 

These methods are especially important in remote communities, where accessibility of facilities and medical staff can be lower. More and more, telehealth services are offered via apps.

Popular examples of apps and sites include: K Health, GoodRx Care, Doctor on Demand, Teladoc, Amwell, BetterHelp, and Zocdoc.

Telehealth vs. telemedicine

While the terms telehealth and telemedicine are sometimes used interchangeably, telemedicine is actually a subset of broader telehealth. 

Telemedicine refers specifically to clinical medical services, including diagnosis, monitoring, and patient care. Telehealth, on the other hand, can also encompass non-clinical offerings which can include, but are not limited to: distance education (medical, patient, grand rounds), administrative services, and patient registration and admission. 

Covid-19 and the rise of telehealth

Since the beginning of the Covid-19 pandemic, in-person medical consultations have been on the decline. In the U.S. alone, visits to emergency departments saw a dramatic decrease, with people delaying or avoiding healthcare entirely over fears of catching the virus.  

This has caused the adoption of telehealth and telemedicine services to skyrocket. One provider, Mayo Clinic, saw massive growth in the use of its remote consultation service, with an increase of over 10,000% in video consultations and over 13,000% in phone consultations. Telecommunications have allowed primary care physicians to continue providing medical services remotely to patients at a similar rate to in-person consultation prior to the pandemic. 

This trend, however, does not address the digital divide between those who are able to benefit from telehealth services and those who are not—for example, those in rural or lower socioeconomic areas without the internet access, smart devices, and know-how.

Telehealth: Risky for privacy and magnet for fraud

Unsurprisingly, given how quickly the prevalence of telehealth apps has grown, there have been concerns over privacy and security taking a backseat to availability and convenience

A team from Harvard Medical School led by a cybersecurity researcher published an open letter in the Journal of the American Medical Informatics Association that warned of vulnerabilities in performing telehealth over popular platforms like Zoom—specifically that they were not designed for protecting sensitive medical information. It further suggested that healthcare providers should use, when available, videoconferencing technologies developed for healthcare purposes to ensure encryption and improved app security.

The growth in telehealth appears to have also made it more tempting for certain healthcare providers to submit fraudulent claims. In September 2020, the United States Department of Justice announced that it had investigated and taken on the largest instance of healthcare fraud, which included 4.5 billion USD in false claims related to telemedicine.

Smart devices, like wearables and their related fitness apps, also present privacy risks as they generate user data which not only gets stored in the cloud, but is managed by unvetted third-parties. The adoption of wearable technology increased nearly 50% in the first half of 2020 directly as a result of Covid-related closures which only further pushes the need for stronger privacy protections.

Regulations in telehealth: HIPAA and beyond

Users of telehealth services are protected under HIPAA, or the Health Insurance Portability and Accountability Act, a U.S. regulatory statute enacted specifically to protect the privacy of a citizen’s medical information from exploitation. 

The act comprises five titles:

  • Title I: Health Care Access, Portability, and Renewability
  • Title II: Preventing Health Care Fraud and Abuse; Administrative Simplification; Medical Liability Reform
  • Title III: Tax-related health provisions governing medical savings accounts
  • Title IV: Application and enforcement of group health insurance requirements
  • Title V: Revenue offset governing tax deductions for employers

Several international equivalents include:

Are your telehealth apps private? A few factors

HIPAA-compliant communication apps

The Office for Civil Rights (OCR) issued a notice that advised patients try to only use HIPAA-compliant communications platforms when engaging in telehealth services. These include the following platforms: Skype for Business and Microsoft Teams, Updox, VSee, Zoom for Healthcare, Doxy.me, Google G Suite Hangouts Meet, Cisco Webex Meetings and Webex Teams, Amazon Chime, GoToMeeting, and Spruce Health Care Messenger. 

The OCR also acknowledged that providers may wish to communicate with patients using non-HIPAA-compliant platforms, and that as long as providers were making “good faith” provisions for telehealth services during this time, they would not face penalties. These apps include: Apple FaceTime, Facebook Messenger, Google Hangouts, Zoom, and Skype. However, it was further advised that use of public-facing platforms like Slack, Facebook Live, Twitch, and TikTok should be avoided at all costs.

User access

Always ensure that account and privacy settings across your devices and services are reviewed periodically. This is even more important if you’re the kind of person who opts for social media sign-in options.

Authentication

Where possible, always opt for multi-factor authentication when setting up any accounts for telehealth services. By doing so, you’ll limit the possibility of bad actors accessing your accounts while simultaneously providing an extra level of security for your accounts even if someone finds out your password. 

End-to-end encryption

With the sheer number of communication apps currently available to consumers, it is more important than ever to opt for apps with end-to-end (E2EE) encryption. E2EE ensures that any communications between you and third parties are only seen by the intended recipients.

Updated software

Never ignore prompts from programs and apps to update your software. More often than not, these updates are security patches designed to keep these programs patched and protected against security vulnerabilities. 

Use a VPN

A VPN, or virtual private network, creates a secure tunnel between your device and the internet. Use of a VPN will help you to maintain privacy, be more anonymous, and protect you against bad actors eavesdropping on your online activity.

Read more: A ransomware attack on a hospital has caused a woman’s death

Hi, you've reached Marcus. Dial '1' for privacy, '2' for point and click adventure games, and '3' for paranormal stories. For all other enquiries, please stay on the line and he'll be with you shortly.