Telehealth security and privacy: key points to know

Written on March 19, 2023 by Lori Mulligan, MPH. To give you technically accurate, evidence-based information, content published on the Everlywell blog is reviewed by credentialed professionals with expertise in medical and bioscience fields.

Table of contents

• Telehealth 101
• Security
• Privacy
• Ethical concerns
• Everlywell offers access to safe virtual visits
• Related content

Thanks to the COVID-19 pandemic, telehealth (or telemedicine) seemed to go from an underutilized tool to an absolute necessity used by many healthcare providers. Because of its successful implementation, telehealth is here to stay and is expected to keep growing.

However, for telehealth to continue with such momentum, patients must know that the exchange of data via the internet or other platform is secure and the information shared remains private just like in-person care.

Before we delve into telehealth security and privacy, let’s do a little Telehealth 101 so we are all up to speed on exactly what we mean by telehealth.

Telehealth 101

The US Department of Health and Human Services provides some useful definitions and purposes for telehealth.

Telehealth lets you receive healthcare via video chat, phone call, or messaging. While you will sometimes need to be seen by a healthcare provider in person, telehealth gives you access to healthcare from the comfort of your own home. Telehealth may be covered by your insurance, Medicaid, or Medicare.

How to get started

A telehealth appointment is often as simple as a secure, private video chat. You may need a stable internet connection for video chats. You may also need a device with video capabilities, such as a computer, tablet, or smartphone. You may qualify for internet assistance through the Affordable Connectivity Program (ACP). The ACP is a Federal Communications Commission benefit program that helps ensure households can afford the broadband they need for work, school, healthcare, and more.

Types of telehealth appointments

Some appointments require patients to participate in person, but you can get quality healthcare through telehealth in many ways, such as:

• Follow-up appointments
• Appointments with your therapist or psychiatrist
• Appointments to have bloodwork or imaging tests ordered and to get the results
• Appointments to treat and manage chronic conditions

Health needs that can be managed with telehealth

Advancements in healthcare, technology, and remote patient monitoring mean more conditions can be managed through telehealth, including [1]:

• Lab test or x-ray results
• Mental health treatment, such as teletherapy, counseling, and medication management
• Recurring conditions (e.g., migraines or urinary tract infections, also known as UTIs)
• Skin conditions
• Prescription management
• Urgent care issues like colds, coughs, and stomach aches
• Post-surgical follow-up
• Physical therapy and occupational therapy
• Managing conditions like high cholesterol, diabetes, and high blood pressure

Since the disclosure of diseases and conditions is sensitive, people want to be sure that data shared during their telehealth appointment is secure and not intercepted or hacked by a third party. So let’s take an in-depth look at how telehealth visits are kept safe.

Security

Telehealth makes it possible to get some healthcare services wherever you are. Keeping telehealth secure is the responsibility of patients, providers, and information technology (IT) professionals associated with the provider’s organization.

Patient’s role

Here are some examples of what you can do for better security:

• Only enter your personal information on secure websites with a lock icon in the address bar.
• Keep your devices protected with updated antivirus software.
• Protect your wireless connection with a password.
• Avoid using public Wi-Fi to access telehealth services.
• Avoid accessing telehealth on devices shared with people outside of your home or family.

Don’t set up a telehealth appointment or share your information with a provider you don’t know or with information you don’t recognize. Call your regular provider’s main phone number to confirm their identity first [2].

Provider’s role

Since it is common to talk about sensitive and confidential topics during health appointments, consider these security tips.

Before the appointment, ask the patient if they will have an interpreter or caregiver present. Make sure they feel comfortable talking about their health in front of the other person. Determine if they need to fill out a release of information [3].

Take extra safety precautions, such as:

• State your name and credentials to start.
• Confirm the patient’s identity at the beginning of each appointment. Ask your patient to verify personal demographic information.
• Avoid public Wi-Fi and use password-protected devices to log on to the telehealth visit.

IT’s role

Strong authentication: First, the telehealth platform should provide for a strong authentication method. This means that the platform has a robust means for authenticating each of the parties prior to their gaining access to any confidential information, such as patient data or otherwise. Often, platforms require individuals to log in with unique usernames and passwords.

IT professionals should encourage patients and providers to choose strong passwords. This means that passwords should be complex with a combination of uppercase and lowercase letters, numbers, and symbols. An individual’s password should be easy for them to remember but difficult for others to guess. The password should never be visible to others. Thus, the password should not be posted on a monitor, bottom of a keyboard, or in a file where others may be able to find it.

Other means of authentication may be implemented (eg, biometrics). Additionally, multi-factor authentication may be turned on, where appropriate. This additional factor used to authenticate the user may provide an additional layer of assurance. For example, patients might be asked to enter a code sent to their email, answer a secret question, or scan a fingerprint.

End-to-end encryption: The telehealth platform should provide for end-to-end encryption that allows only intended parties to participate in the communication. This means that only the patient and the person whom he or she is communicating with are parties to the communication. Unauthorized parties are not able to listen in on the communication or otherwise intercept any information that is exchanged between the two parties (ie, eavesdrop) if end-to-end encryption is appropriately provisioned and implemented [4].

Privacy

Your telehealth appointments, messages, and information are protected by the same privacy rules as in-person care. However, certain unique conditions for telehealth appointments are not present in in-person visits.

Healthcare providers should be aware of the patient’s location before initiating the telehealth visit and be concerned about patient privacy needs. Providing patients with tips about how to find a private location, such as a private room at home or in a friend’s home, a car, or outdoors away from other people.

If the patient is unable to find a private place for a video telehealth appointment, the provider may suggest the appointment be rescheduled or use email, chat, or text through the patient portal instead.

The provider may also suggest a better location for the telehealth visit. When treating adolescent patients with parent(s) present, indicate when the parent should or should not be present to allow for confidential communication between the patient and provider.

Suggest the use of headsets and respond to questions through chat to prevent disclosure of sensitive health information.

Determine if the patient needs to fill out a release of information and obtain informed consent. Remind patients to be aware of their surroundings and background when sharing sensitive information [5].

Ethical concerns

Although telehealth promises to improve the quality of care, reduce costs, and increase patient satisfaction, it raises several ethical issues with regard to privacy, confidentiality, and security.

The ethical and legal issues related to the practice of telehealth or telemedicine services still need standard and specific rules of application to guarantee equitable access, quality of care, sustainable costs, professional liability, respect for patient privacy, data protection, and confidentiality.

At present, telemedicine services can only be used as complementary or supplementary tools to traditional healthcare services.

Nevertheless, telemedicine has the potential to have widespread applications. Health professionals play a fundamental role when conducting telehealth visits and in helping to ensure that technologies safely and securely respect the therapeutic relationship and the quality of care [6].

Everlywell offers access to safe virtual visits

At Everlywell, we too offer Virtual Care Visits as a starting point to help you understand symptoms, speak with an expert, and devise a care plan with next steps like prescriptions, at-home testing, lab testing, lifestyle changes, or more. If you have not yet been diagnosed with a condition and want to better understand what might be going on, this offer is for you.

For example, we offer visits for virtual weight loss management . We can prescribe medicine and offer clinical support to help you lose weight and reduce the risk of long-term health issues. Specifically, we do the following in a safe, protected environment:

• Prescribe GLP-1 Rx for qualified candidates
• Help navigate insurance coverage for treatment
• Offer monthly virtual visits with a licensed clinician

We recognize the importance of privacy and security; therefore, our services are HIPAA-compliant and follow privacy guidelines. We use industry-leading technology to ensure your personal information is kept safe and confidential.

Related content

What is telehealth?

How do I do a virtual visit with my healthcare provider?

Can medication be prescribed via telehealth?

Is telehealth free?

How long to wait for a telehealth appointment: here's what to know

References

1. Telehealth.HHS.gov. What is telehealth? URL Accessed March 5, 2023.
2. Health and Human Services. Telehealth privacy for patients. URL. Last updated June 29, 2022. Accessed March 5, 2023.
3. Health and Human Services. Telehealth for behavioral healthcare. URL. Last updated December 2, 2022. Accessed March 5, 2023.
4. Kim L. Data privacy and telehealth: protect the data, protect the patient. healthcare information and management systems society. Healthcare Information and Management Systems Society (HIMSS). URL. Published January 13, 2021. Accessed March 8, 2023.
5. Houser SH, Flite CA, Foster SL. Solutions for challenges in telehealth privacy and security. J AHIMA. URL. Published October 17, 2022. Accessed March 6, 2023.
6. Solimini R, Busardò FP, Sirignano A, Ricci G. Ethical and legal challenges of telemedicine in the era of the COVID-19 pandemic. Medicina (Kaunas). 2021;57(12):1314. doi.org/10.3390/medicina57121314. URL.