Written on March 19, 2023 by Lori Mulligan, MPH. To give you technically accurate, evidence-based information, content published on the Everlywell blog is reviewed by credentialed professionals with expertise in medical and bioscience fields.
Table of contents
Thanks to the COVID-19 pandemic, telehealth (or telemedicine) seemed to go from an underutilized tool to an absolute necessity used by many healthcare providers. Because of its successful implementation, telehealth is here to stay and is expected to keep growing.
However, for telehealth to continue with such momentum, patients must know that the exchange of data via the internet or other platform is secure and the information shared remains private just like in-person care.
Before we delve into telehealth security and privacy, let’s do a little Telehealth 101 so we are all up to speed on exactly what we mean by telehealth.
The US Department of Health and Human Services provides some useful definitions and purposes for telehealth.
Telehealth lets you receive healthcare via video chat, phone call, or messaging. While you will sometimes need to be seen by a healthcare provider in person, telehealth gives you access to healthcare from the comfort of your own home. Telehealth may be covered by your insurance, Medicaid, or Medicare.
A telehealth appointment is often as simple as a secure, private video chat. You may need a stable internet connection for video chats. You may also need a device with video capabilities, such as a computer, tablet, or smartphone. You may qualify for internet assistance through the Affordable Connectivity Program (ACP). The ACP is a Federal Communications Commission benefit program that helps ensure households can afford the broadband they need for work, school, healthcare, and more.
Some appointments require patients to participate in person, but you can get quality healthcare through telehealth in many ways, such as:
Advancements in healthcare, technology, and remote patient monitoring mean more conditions can be managed through telehealth, including :
Since the disclosure of diseases and conditions is sensitive, people want to be sure that data shared during their telehealth appointment is secure and not intercepted or hacked by a third party. So let’s take an in-depth look at how telehealth visits are kept safe.
Telehealth makes it possible to get some healthcare services wherever you are. Keeping telehealth secure is the responsibility of patients, providers, and information technology (IT) professionals associated with the provider’s organization.
Here are some examples of what you can do for better security:
Don’t set up a telehealth appointment or share your information with a provider you don’t know or with information you don’t recognize. Call your regular provider’s main phone number to confirm their identity first .
Since it is common to talk about sensitive and confidential topics during health appointments, consider these security tips.
Before the appointment, ask the patient if they will have an interpreter or caregiver present. Make sure they feel comfortable talking about their health in front of the other person. Determine if they need to fill out a release of information .
Take extra safety precautions, such as:
Strong authentication: First, the telehealth platform should provide for a strong authentication method. This means that the platform has a robust means for authenticating each of the parties prior to their gaining access to any confidential information, such as patient data or otherwise. Often, platforms require individuals to log in with unique usernames and passwords.
IT professionals should encourage patients and providers to choose strong passwords. This means that passwords should be complex with a combination of uppercase and lowercase letters, numbers, and symbols. An individual’s password should be easy for them to remember but difficult for others to guess. The password should never be visible to others. Thus, the password should not be posted on a monitor, bottom of a keyboard, or in a file where others may be able to find it.
Other means of authentication may be implemented (eg, biometrics). Additionally, multi-factor authentication may be turned on, where appropriate. This additional factor used to authenticate the user may provide an additional layer of assurance. For example, patients might be asked to enter a code sent to their email, answer a secret question, or scan a fingerprint.
End-to-end encryption: The telehealth platform should provide for end-to-end encryption that allows only intended parties to participate in the communication. This means that only the patient and the person whom he or she is communicating with are parties to the communication. Unauthorized parties are not able to listen in on the communication or otherwise intercept any information that is exchanged between the two parties (ie, eavesdrop) if end-to-end encryption is appropriately provisioned and implemented .
Your telehealth appointments, messages, and information are protected by the same privacy rules as in-person care. However, certain unique conditions for telehealth appointments are not present in in-person visits.
Healthcare providers should be aware of the patient’s location before initiating the telehealth visit and be concerned about patient privacy needs. Providing patients with tips about how to find a private location, such as a private room at home or in a friend’s home, a car, or outdoors away from other people.
If the patient is unable to find a private place for a video telehealth appointment, the provider may suggest the appointment be rescheduled or use email, chat, or text through the patient portal instead.
The provider may also suggest a better location for the telehealth visit. When treating adolescent patients with parent(s) present, indicate when the parent should or should not be present to allow for confidential communication between the patient and provider.
Suggest the use of headsets and respond to questions through chat to prevent disclosure of sensitive health information.
Determine if the patient needs to fill out a release of information and obtain informed consent. Remind patients to be aware of their surroundings and background when sharing sensitive information .
Although telehealth promises to improve the quality of care, reduce costs, and increase patient satisfaction, it raises several ethical issues with regard to privacy, confidentiality, and security.
The ethical and legal issues related to the practice of telehealth or telemedicine services still need standard and specific rules of application to guarantee equitable access, quality of care, sustainable costs, professional liability, respect for patient privacy, data protection, and confidentiality.
At present, telemedicine services can only be used as complementary or supplementary tools to traditional healthcare services.
Nevertheless, telemedicine has the potential to have widespread applications. Health professionals play a fundamental role when conducting telehealth visits and in helping to ensure that technologies safely and securely respect the therapeutic relationship and the quality of care .
At Everlywell, we too offer Virtual Care Visits as a starting point to help you understand symptoms, speak with an expert, and devise a care plan with next steps like prescriptions, at-home testing, lab testing, lifestyle changes, or more. If you have not yet been diagnosed with a condition and want to better understand what might be going on, this offer is for you.
For example, we offer visits for virtual weight loss management . We can prescribe medicine and offer clinical support to help you lose weight and reduce the risk of long-term health issues. Specifically, we do the following in a safe, protected environment:
We recognize the importance of privacy and security; therefore, our services are HIPAA-compliant and follow privacy guidelines. We use industry-leading technology to ensure your personal information is kept safe and confidential.