The significant growth in technology enabling telemedicine services is an exciting industry disruptor. In the UK, the NHS has announced a £4.2bn investment to digitise the health service, noting that while 84% of adults use the internet, only 2% transact digitally with the NHS.
Digital health applications cover a broad range of innovative solutions, including the remote evaluation and diagnosis of patients, the sharing of electronic medical records and digital imagery between physician networks, and video-links for emergency personnel with trauma specialists for immediate life-saving support.
However the continuous real-time transmission of data over computer networks also creates risk. At every step of the process, adverse events may occur, including diagnostic errors, technical glitches and patient privacy and security violations.
Security: Patient and clinician authentication and verification
Secure transmission of clinical information requires effective safeguards at every point in the process. Healthcare professionals must be trained extensively in best-practice IT security to ensure they follow the correct authentication procedures to access systems and verify patient identity.
Authentication measures ensure only authorised users can access computer systems to undertake telemedicine consultations. Complex passwords and two-factor authentication are vital links in the security chain that ensures optimal organisational IT security.
Patient identification is the next step in the authentication process. Clinicians and general practitioners must ensure accurate verification of who they are treating, for example over video-link, by cross-referencing patient identifiers from their database. Ensuring patients have unique, personal identification such as a PIN, or biometric data such as a fingerprint or retina scan, will prevent fraudulent access as a result of identity theft.
Privacy: Managing patient and organisational confidentiality
Privacy is paramount when storing and transmitting electronic data. Healthcare providers are obliged to ensure they set in place and comply with strict privacy policies, for example the UK Data Protection Act 1998.
Online consultations should follow the same principles as face-to-face meetings. Patients should be informed of their right to privacy and submit written permission before any private health information can be transmitted. Consultations should take place on specialist secure video-links, not open networks such as Skype, within a private consultation area.
Patient data transmitted and recorded during a consultation, or being transferred between healthcare providers, must be stored on secure servers using encryption technology. These encryption methods need to extend specifically to portable devices and removable media, such as USB drives – which are a leading source of data breaches. Having a systems administrator responsible for data tracking is a practical method of keeping an audit trail to verify who has been using and accessing patient data – which can immediately bring to light any unusual or unauthorised activity.
Telemedicine is driving significant change within the healthcare industry and offers exciting opportunities for technology-led virtual clinical services.
By understanding the key security and privacy risks, healthcare organisations can focus on securing the privacy and safety of their patients, while protecting themselves from the significant ramifications of a data breach or fraudulent systems access.
==========
Scott Sayce, AVP – Head of Cyber, Technology and Life Science at CNA Hardy.
I head up CNA Hardy’s Cyber, Technology and Life Science underwriting team and have specialised in cyber and technology for over a decade. Follow me on LinkedIn or Twitter to keep up with the latest insights from CNA Hardy.