E-News Exclusive

Protecting Patient Privacy When Using Telehealth

By Jessica Denson

Tammy Balzer lives in rural northern Michigan where it can be tough to get to a doctor.

“People in the rural areas don’t have as much access to the doctors, the hospitals, the clinics as in the urban areas,” Balzer says. “So, having the ability to access telemedicine from a rural area saves a lot of time, money, and effort.”

Balzer has used telehealth for the last several years—at least when she can access the internet.

“We need better access to cell and internet in rural areas so that we can use telehealth. I think it will save everyone a lot of money and time if people understand how to use it and how it can help them,” she says.

But not everyone is as comfortable using the technology as Balzer. On March 5, 2020, Connected Nation Michigan announced the results of a six-month study on telehealth in which 66% of respondents said they were concerned their privacy would be compromised.

Less than a month later, in the last week of March, the United States saw a 154% surge in the use of telehealth compared with the same time period in 2019. Suddenly, as social distancing and limiting exposure to hospitals and doctors became the norm, millions who had either rarely or never used telehealth were forced to turn to it for their health care needs.

“If COVID-19 has done anything positive, it’s that it has delivered a fast track for what can be done with [telehealth] and how we can deliver care this way,” says Lisa White, MSN, MHA, director of Munson Healthcare Home Care, Hospice and Palliative Care.

But concerns about privacy did not just disappear. As a result, Connected Nation Michigan asked security experts within the health care industry to share what steps they were taking to protect patient privacy and what providers should be telling patients.

How Some Providers Are Protecting Privacy
HIPAA not only protects patient privacy when they are visiting a doctor in person but also covers telehealth.

“We are bound to the same rigorous level of protecting their information as if they were stepping into a hospital or emergency room,” says DelMarie Ehresman, a nurse educator at Ascension Michigan.

The challenge is to balance the need to protect privacy with ensuring that patients can understand their telehealth options.

“I would say telehealth privacy is one of the primary concerns both when we’re training and when we’re setting up telemedicine networks,” says Vickie Gordon, director of telehealth at Ascension Michigan. “We want to ensure the network is impenetrable to hackers but that it’s also able to be used easily and quickly by a patient without having to have a large amount of equipment.”

Chris Kitchen, who is a leader in cybersecurity at Munson Healthcare, says most providers were already exploring how to expand telehealth options before the pandemic. Many of those plans had to be accelerated but not at the expense of protecting patient data.

“As a health care provider, it’s something that we must plan from the beginning when we’re implementing telehealth solutions,” he explains. “That’s why Munson Healthcare has an information security team that goes through and evaluates all of the vendors that we’re looking at and grades them on how good their security is before we move any further.”

He adds that the internet itself is not what makes data secure. The solution that a health care agency chooses for telehealth is what provides the security.

“The internet can be widespread. It can be fast. It can be easy, but it doesn’t necessarily give us all the security we need so we select an app, a software, and other solutions that ensure that security,” Kitchen says. “Our group uses complex mathematics that protects information. Some of that is using data encryption so that if someone grabs someone’s data from the internet, it’s meaningless to them unless they have that key.”

What Patients Should Do
The majority of the responsibility on protecting patient privacy falls to the providers. However, patients can help protect their data.

Ask patients to keep devices up to date. Many of the updates for computers or cell phones include important security patches. Second, remind patients to use a more complicated password and to be sure to write it down somewhere—but don’t store it on their computer. They can also opt for facial recognition or touch ID.

Third, suggest that patients go to a private place when visiting with their doctor online or over the phone. And finally, encourage patients to follow provider instructions closely.

“There’s not a lot to worry about as long as you’re listening to the instructions that your provider is giving you for how you do the tele-visit and you’re keeping your devices up to date and password or passcode protected,” Kitchen says. “All of those steps together will ensure you have a safe visit with your provider.”

Free resources, including PDFs and short videos addressing some of the most common patient concerns, are available at connectednation.org/telehealth.

— Jessica Denson is the communications director for Connected Nation. She has more than 25 years of experience in broadcast journalism and communications/public relations. In her current role, Denson is responsible for overall brand strategy, which includes building program recognition through digital communications, media relations, and marketing opportunities. She handled interviews and planning for a series of PSAs addressing patient concerns surrounding telehealth which are now airing across Michigan.

More information is available at connectednation.org/telehealth.