What are the security implications of telehealth?

Technology has always been a game changer as far as healthcare is concerned, from new equipment and devices that aid health and keep patients alive, to the software and systems that enable healthcare professionals to be more efficient. But with all new technologies there are risks that must be assessed before and during adoption, to ensure the safety, dignity and security of patients. With the development of the ‘internet of things’ and ‘telehealth’, the latter is of paramount importance.
Doctor on the phone to a patient - telehealth

At present, ‘telehealth’ is one of the biggest new healthcare developments on the horizon. If you’ve not heard of it or are unsure what exactly it is you’re not alone, as it’s currently only in testing stages here in the UK. According to a recent article in the Guardian, such trials include, “devices such as weighing scales, blood pressure monitors and fitness devices [being] linked by bluetooth to the patient’s mobile phone… this automatically relays data to the GP practice.”

So what is telehealth, what are the benefits and what are the potential risks?

What is telehealth?

    According to the Telehealth Services Association, telehealth is, “the remote exchange of data between a patient at home and their clinician to assist in diagnosis and monitoring typically used to support patients with long term conditions.” The data exchanged may be derived from one or a number of gadgets that the patient can keep at home or on their person, and may include things such as blood pressure, temperature and oxygen levels in the blood. There are many benefits to providing this kind of remote monitoring, including:

    • Less visits to hospital or GP for the patient
    • Reduction in hospital resource use by patients who can return home
    • Lower costs and time demands on healthcare professionals and organisations
    • Closer monitoring around the clock for at-risk patients

    With the near ubiquity of reliable broadband connectivity, the routine use of devices capable of transmitting patient health data to physicians and others remotely, anywhere in the country, is a very real possibility in the not so distant future. In fact, in the US such solutions have already become reality, with proven cost-savings and benefits. While some monitoring may require specialised equipment, much of it will be able to be relayed via everyday technology such as smart phones and watches.

    A connected future – the risks and barriers

      As with any technology application that involves the transmission of data, telehealth solutions are susceptible to the interception, theft and fabrication of that data. In the US, one report recently voiced concerns along these lines, stating that, “[telehealth devices] may inadvertently transmit sensitive information about household activities… [and] routine data transmissions from an app or medical device, such as an insulin pump, may be shared with third-party advertisers.”

      Many healthcare professionals are understandably excited by the prospect of telehealth. Patricia Robinson, a consultant nurse, recently told the Guardian that telehealth solutions, “absolutely free you up, [enabling] you to prioritise individuals with symptoms that require intervention.” But others remain unconvinced, and are concerned that security not be compromised for the sake of productivity. In the wake of the ‘Wannacry’ ransomware attack on the NHS, and recent concerns over the vulnerability to hacking of some automated insulin pumps, such concerns are not unfounded. In the US, patients have even pursued class action lawsuits against telehealth providers who they claim have transmitted their health information to external tech companies.

      Back in the UK, data security regulations currently limit the amount and type of information that can be shared via internet-connected devices. Principle 7 of the data controllers’ obligations under the Data Protection Act 1998 for example specifies that personal data must be kept secure, so either the regulations will need to be loosened or security on telehealth devices and transmissions tightened.

      Keeping patient data secure

        One thing is for sure, particularly in light of the recent NHS cyber security breach, before telehealth is introduced to the healthcare system en masse, the government and healthcare providers need to make certain that the devices and the data they transmit are totally secure. In the meantime though, there remain risks even to data stored and recorded via conventional means. One way to ensure that such information is kept secure is to use a third-party security supplier to password-protect and encrypt documents and data.


        Secure your vital patient data

        Nuance Power PDF will enable you to securely encrypt your sensitive patient data, and apply a password so that you can control who can access it.

        Learn more

        Tags: ,