Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Security Concerns Threaten Mobile Health App Deployment

Posted on January 26, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Healthcare organizations won’t get much out of deploying mobile apps if consumers won’t use them. And if consumers are afraid that their personal data will be stolen, they’ve got a reason not to use your apps. So the fact that both consumers and HIT execs are having what I’d deem a crisis of confidence over mHealth app security isn’t a good sign for the current crop of mobile health initiatives.

According to a new study by security vendor Arxan, which polled 815 consumers and 268 IT decision-makers, more than half of consumer respondents who use mobile health apps expect their health apps to be hacked in the next six months.

These concerns could have serious implications for healthcare organizations, as 76% of health app users surveyed said they would change providers if they became aware that the provider’s apps weren’t secure. And perhaps even more significantly, 80% of consumer health app users told Arxan that they’d switch to other providers if they found out that the apps that alternate provider offered were better secured. In other words, consumer perceptions of a provider’s health app security aren’t just abstract fears — they’re actually starting to impact patients’ health decision making.

Perhaps you’re telling yourself that your own apps aren’t terribly exposed. But don’t be so sure. When Arxan tested a batch of 71 popular mobile health apps for security vulnerabilities, 86% were shown to have a minimum of two OWASP Mobile Top 10 Risks. The researchers found that vulnerable apps could be tampered with and reverse-engineered, as well as compromised to provide sensitive health information. Easily-done hacks could also force critical health apps to malfunction, Arxan researchers concluded.

The following data also concerned me. Of the apps tested, 19 had been approved by the FDA and 15 by the UK National Health Service. And at least where the FDA is concerned, my assumption would be that FDA-tested apps were more secure than non-approved ones. But Arxan’s research team found that both FDA and National Health Service-blessed apps were among the most vulnerable of all the apps studied.

In truth, I’m not incredibly surprised that health IT leaders have some work to do in securing mobile health apps. After all, mobile health app security is evolving, as the form and function of mHealth apps evolve. In particular, as I’ve noted elsewhere, mobile health apps are becoming more tightly integrated with enterprise infrastructure, which takes the need for thoughtful security precautions to a new level.

But guidelines for mobile health security are emerging. For example, in the summer of last year, the National Institute of Standards and Technology released a draft of its mobile health cybersecurity guidance, “Securing Electronic Records on Mobile Devices” — complete with detailed architecture. Also, I’d wager that more mHealth standards should emerge this year too.

In the mean time, it’s worth remembering that patients are paying close attention to health apps security, and that they’re unlikely to give your organization a pass if they’re hacked. While security has always been a high-stakes issue, the stakes have gotten even higher.

What’s Happening at MEDITECH w/ Helen Waters, VP @MEDITECH

Posted on January 25, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

UPDATE: Here’s the video recording of my interview with Helen Waters from MEDITECH

MEDITECH - Helen Waters

Many in the large hospital EHR space have argued that it’s a two horse race between Cerner and Epic. However, many forget how many users MEDITEH still has using its healthcare IT products. Not to mention MEDITECH was originally founded in 1969 and has a rich history working in the space. On Friday, January 29, 2016 at 1 PM ET (10 AM PT), I’ll be sitting down with Helen Waters, VP at MEDITECH to talk about the what’s happening with MEDITECH and where MEDITECH fits into the healthcare IT ecosystem.

You can join my live conversation with Helen Waters and even add your own comments to the discussion or ask Helen questions. All you need to do to watch live is visit this blog post on Friday, January 29, 2016 at 1 PM ET (10 AM PT) and watch the video embed at the bottom of the post or you can subscribe to the blab directly. We’ll be doing a more formal interview for the first 30 minutes and then open up the Blab to others who want to add to the conversation or ask us questions. The conversation will be recorded as well and available on this post after the interview.

We’re interested to hear Helen’s comments about the culture and history of MEDITECH along with what MEDITECH’s doing with its products to change perceptions and misconceptions around the MEDITECH product. We’ll also be sure to ask Helen about important topics like interoperability and physician dissatisfaction (“Too Many Clicks!”). We hope you’ll join us to learn more about what’s happening with MEDITECH.

If you’d like to see the archives of Healthcare Scene’s past interviews, you can find and subscribe to all of Healthcare Scene’s interviews on YouTube.

Personalized Medicine Gone Wrong

Posted on January 22, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Personalized Care in a Digital World

Nothing like a cartoon to use humor to illustrate a really important point. We have to be careful that personalized medicine doesn’t make medicine less personal. Also, a great reminder that technology should assist the doctor and not replace it. Technology doesn’t have common sense.

7th Annual New Media Meetup at #HIMSS16 Sponsored by Stericycle Communication Solutions

Posted on January 21, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

7th Annual New Media Meetup - HIMSS16 in Chicago

For those of you planning to attend the HIMSS 2016 conference in Las Vegas, I’m excited to share the details of the 7th Annual New Media Meetup at HIMSS. For those who’ve missed the last 6 events, it’s a unique event that brings together healthcare IT bloggers, tweeters, and other social media influencers at the mecca of Healthcare IT conferences.

It’s incredible to think that this will be our 7th year hosting the New Media Meetup during HIMSS. Since HIMSS 2016 is returning to my hometown of Las Vegas, I knew we had to set a new bar for the event. Luckily our sponsor, Stericycle Communication Solutions, was on board with my ambitious plans. I hope everyone will spend some time checking out Stericycle Communication Solutions and thank them for sponsoring the event.

Here’s a quick summary of what we have planned for the event:
When: Wednesday 3/2 6:00-8:00 PM (Unofficial Karaoke after party starts at 8)
Where: Gilley’s at Treasure Island Casino – 3300 S Las Vegas Blvd, Las Vegas, NV 89109 MAP (Treasure Island is a short walk across the street from the Venetian/Sands)
Who: Anyone who uses or is interested in New Media (Blogs, Twitter, Social Media, Periscope, Blab, etc)
What: Food, Drinks, Mechanical Bull, Dance Floor, Giveaways, and Amazing People

Register Here!

Note: We have limited space for the event and so like in past years, we’ll have to close registration once we reach capacity.

Sponsored by Stericycle Communication Solutions
SRCL Communication Solutions
Stericycle Communication Solutions helps bring patients and healthcare organizations closer together. We believe that the key to patient engagement and positive patient experiences is effective and timely communication.

Stericycle Communication Solutions offer a unique combination of Live Agent services and Technology products that allow patients and providers to interact through multiple communication channels: phone, email, voice, text and online. We provide scheduling (phone and online self-serve), physician referral, population health, payment, follow-up, after-hours answering, care coordination and appointment reminder solutions to over 27,000 organizations.

Learn more at www.stericyclecommunications.com

Those interested in the New Media Meetup at HIMSS will want to check out the full scale Healthcare IT Marketing and PR Conference that we’re hosting in Atlanta April 6-8, 2016. It’s a special 3 days devoted to health IT marketing and PR professionals.

A really big thank you also goes out to all the members of Influential Networks and Healthcare Scene that help promote the New Media Meetup. This event was originally brought together through social media and is still largely organized thanks to social media.

Let me know if you have any questions and I look forward to seeing many of you in Las Vegas very soon!

7th Annual New Media Meetup - HIMSS16 in Las Vegas

Workflow Redesign Is Crucial to Adopting a New Health IT System – Breakaway Thinking

Posted on January 20, 2016 I Written By

The following is a guest blog post by Todd Stansfield, Instructional Writer from The Breakaway Group (A Xerox Company). Check out all of the blog posts in the Breakaway Thinking series.
Todd Stansfield
Workflow analysis and redesign have long been touted as essential to health IT adoption. Most organizations recognize the importance of modifying current workflows to capitalize on efficiencies created by a new application and identify areas where the system must be customized to support existing workflows. Despite this recognition, there remains room for improvement. In fact, last month the Office of the National Coordinator (ONC) identified the impact of new IT systems on clinical workflows as one of the biggest barriers to interoperability (ouch).

A successful redesign includes both an analysis of current workflows and desired future workflows.

Key stakeholders – direct and indirect – should take part in analyzing existing workflows. An objective third party should also be present to ask the right questions and facilitate the discussion. This team can collaborate to model important workflows, ideally in visual form to stimulate thorough analysis. To ensure an efficient and productive meeting, you should model workflows that are the most common, result in productivity losses, have both upstream and downstream consequences and involve multiple parties. The National Learning Consortium recommends focusing only on what occurs 80 percent of the time.

Once you document current workflows, you can set your sights on the future. Workflow redesign meetings are the next step; you need them to build a roadmap of activities leading up to a go-live event and beyond – from building the application to engaging and educating end users. Individuals from the original workflow analysis sessions should be included, and they should be joined by representatives from your health IT vendor (who can define the system’s capabilities) and members of your leadership team (who can answer questions and provide support).

After the initial go-live, you need to periodically perform workflow analysis and continue adjusting the roadmap to address changes to the application and processes.

Why should you spend all the time and effort to analyze and redesign workflows? Three reasons:

  1. It makes your organization proactive in your upcoming implementation and road to adoption. You’ll anticipate and avoid problems that will otherwise become bigger headaches.
  2. It’s the perfect opportunity to request customizations to adapt your application to desired workflows.
  3. It gives your staff a chance to mentally and emotionally prepare for a change to their daily habits, increasing buy-in and decreasing resistance to the switch.

Thorough and disciplined workflow redesign is an important step to adopting a new health IT application, but of course it’s not the only one. You’ll still need leadership to engage end users in the project, education that teaches learners how to use the new application to perform their workflow, performance metrics to evaluate adoption, and continual reinforcement of adoption initiatives as the application and workflows change over time.

Xerox is a sponsor of the Breakaway Thinking series of blog posts.

How Tech Companies are Changing Our Healthcare Infographic

Posted on January 19, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

UIC’s Masters in Health Informatics has put out a great infographic that looks at how tech companies are changing our healthcare system. However, what struck me most about the infographic was that it focuses on how medicine is going to become (some might say becoming) far more personalized. I’ve always been struck by the fact that many of the advancements in healthcare that we dream about are only possible through the use of technology. Many of the personalize medicine initiatives aren’t even in the realm of thinking in a paper world. That’s a powerful idea.

I’m sure that many out there might read this and argue that the addition of computers is causing a de-personalization of health care. I’d argue that it all depends on how the tech is implemented. In many cases today, healthcare technology has de-personalized the care that’s provided. However, that doesn’t have to be the case. Technology should be a tool that makes the care a doctor provides extremely personalized. That’s true from a data and patient-physician interaction perspective.

Take a look at the infographic and be sure to share your thoughts in the comments:
How Tech Companies are Changing our Healthcare Infographic

Virtual Reality in Healthcare

Posted on January 18, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

David Chou has an interesting post up over at the Healthcare Standards blog that talks about virtual reality (VR) and where we’ll see it in healthcare. He posits the following 3 areas of healthcare where the healthcare industry can benefit:

  1. Training
  2. Diagnosis
  3. Treatment

I can’t argue with David’s assessment of how virtual reality solutions will be used in healthcare. I think the most promising of these is likely in the medical training area. However, there are no doubt going to be some great treatment options that use VR as well.

The problem with virtual reality in healthcare is that none of the virtual reality companies are going to focus any of their effort on healthcare. Everyone that I talked to at CES (see all our coverage of Digital Health at CES) made it very clear that VR technology was going to start with gaming and video. That opportunity is so large that they don’t have any time or need to go after other markets.

This isn’t to say that virtual reality won’t be used in healthcare. What I’m saying is that virtual reality vendors aren’t going to be doing things to make it easy for healthcare to adopt their technologies. Innovators that want to use virtual reality in healthcare are going to have to take and adapt what’s built for other industries and apply it to healthcare.

Here’s a simple example. I saw an amazing number of 360 degree camera options that are paired with virtual reality. You literally can turn around and see what’s happening all around you as if you were standing in a room. It’s quite amazing technology (although there was some digital stiching that still needs to be improved) and you could see some application of the technology in healthcare. The problem is that it’s unlikely that this video technology is going to be HIPAA compliant by default. Let’s not even talk about these vendors signing a HIPAA business associate agreement.

This example is why I think the medical training aspect of virtual reality is so promising. It’s not governed by HIPAA and so the technology doesn’t have to worry about those requirements and regulations. The same is true for treatment. The problem there is that for it to truly be classified as a treatment, it’s going to have to go through FDA testing and/or clinical trials. The pace of change is moving so fast with virtual reality technology that by the time you finished a clinical trial or became FDA cleared the old virtual reality technology you used will be considered legacy software and hardware.

With all of this said, I had a chance to try out the next generation Oculus Riftat the Dell venue and it was an extraordinary experience. I got lost in the virtual world (I was playing a simple video game) and completely forgot that I was in a noisy bar. I’m excited to see all of the places virtual reality will pop up. That includes in healthcare.

Biometric Use Set To Grow In Healthcare

Posted on January 15, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

I don’t know about you, but until recently I thought of biometrics as almost a toy technology, something you’d imagine a fictional spy like James Bond circumvent (through pure manliness) when entering the archenemy’s hideout. Or perhaps retinal or fingerprint scans would protect Batman’s lair.

But today, in 2016, biometric apps are far from fodder for mythic spies. The price of fingerprint scan-based technology has fallen to nearly zero, with vendors like Apple offering fingerprint-based security options as a standard part of its iOS iPhone operating system. Another free biometric security option comes courtesy of Intel’s True Key app, which allows you to access encrypted app data by scanning and recognizing your facial features. And these are just trivial examples. Biometrics technologies, in short, have become powerful, usable and relatively affordable — elevating them well above other healthcare technologies for some security problems.

If none of this suggests to you that the healthcare industry needs to adopt biometrics, you may have a beef with Raymond Aller, MD, director of informatics at the University of Southern California. In an interview with Healthcare IT News, Dr. Aller argues that our current system of text-based patient identification is actually dangerous, and puts patients at risk of improper treatments and even death. He sees biometric technologies as a badly needed, precise means of patient identification.

What’s more, biometrics can be linked up with patients’ EMR data, making sure the right history is attached to the right person. One health system, Novant Health, uses technology registering a patient’s fingerprints, veins and face at enrollment. Another vendor is developing software that will notify the patient’s health insurer every time that patient arrives and leaves, steps which are intended to be sure providers can’t submit fradulent bills for care not delivered.

As intriguing as these possibilities are, there are certainly some issues holding back the use of biometric approaches in healthcare. And many are exposed, such as Apple’s Touch ID, which is vulnerable to spoofing. Not only that, storing and managing biometric templates securely is more challenging than it seems, researchers note. What’s more, hackers are beginning to target consumer-focused fingerprint sensors, and are likely to seek access to other forms of biometric data.

Fortunately, biometric security solutions like template protection and biocryptography are becoming more mature. As biometric technology grows more sophisticated, patients will be able to use bio-data to safely access their medical records and also pay their bills. For example, MasterCard is exploring biometric authentication for online payments, using biometric data as a password replacement. MasterCard Identity Check allows users to authenticate transactions via video selfie or via fingerprint scanning.

As readers might guess from skimming the surface of biometric security, it comes with its own unique security challenges. It could be years before biometric authentication is used widely in healthcare organizations. But biometric technology use is picking up speed, and this year may see some interesting developments. Stay tuned.

Embracing Technology Doesn’t Have To Come At The Expense Of Engagement – Communication Solutions Series

Posted on January 14, 2016 I Written By

The following is a guest blog post by Amy Hamilton,  Marketing Manager of Stericycle Communication Solutions as part of the Communication Solutions Series of blog posts. Follow and engage with them on Twitter: @StericycleComms
Amy Hamilton - Stericycle Healthcare IT
In the New Year I set the typical health/financial related goals, but I also like to make small changes to daily tasks in an effort to enrich my life. For instance, last year I made the commitment to add more novels to my obsessive reading habits. This year, I’m thinking about the screens that I carry in my pocket, my purse, my backpack and on my wrist and how I could step away from them more often to become more engaged in the relationships in my life. This got me thinking about how this notion of screens getting in the way impacts a variety of relationships differently whether it be professional, family, friend or even the provider/patient relationship. We all know technology isn’t going anywhere. So how can we adjust our lives to better accommodate tech while enhancing our engagement in our relationships?

I think it’s safe to say that most professionals are like me. We look like we’re moving out when we travel from meeting to meeting with a stack of technology that we “need.” Personal phone, work phone, laptop, and tablet…the technologies we’ve grown so dependent on that we believe we can’t have a successful in person meeting without them.  I believe we have good intentions when carting around this collection of technology, but in reality the majority of the time we end up using the devices for web browsing, texting, email checking, tweeting, Facebook friending and sharing. It’s rare that the technology is used solely for enhancing the agenda of the meeting. Oddly enough, it’s so commonplace that it’s no longer considered rude or unprofessional to be on a device during a meeting or presentation. (I’m live tweeting I swear!)

On the contrary, there is a movement among families to ban technology from the dinner table, even Pope Francis recently said how important it is to have device free family dinners. He said, “The sharing of a meal — and therefore, other than of food, also of affections, of stories, of events — is a fundamental experience.”  My family and friends definitely make an effort during special dinners, but on a daily basis we are a technology obsessed group and we are rarely offended if our guests are communicating more with a friend on another continent than the people sitting at the same table.

So I’m left wondering… if technology is openly accepted in the office, but doesn’t belong at the family dinner table, but is common place during friendly gatherings, what are my communication expectations for my providers?

It’s no surprise, as a Health IT professional, that I believe technology contributes significantly to improving care delivery and overall patient engagement and satisfaction. However, it’s the role technology plays in the exam room that has me scratching my head. I’m guilty of peeking over my providers’ shoulders to see what EHR they use and maybe even mildly judging them based on their selection, but the real judgement comes when they spend more time looking at their computer than me.

I know I may sound like a hypocrite because I want my information documented electronically. I want it to be easily shared and referenceable, but more than anything I want my provider’s attention. I often find myself struggling to “find the time” for the doctor. So when I carve out the time for my health I want that time to be maximized.   I want to be reminded of my appointment via a text. I want to have in-depth, in person conversations about my symptoms and to review all possibilities of conditions. I want all necessary tests to be performed and the results to be delivered quickly.

I understand and accept that none of this can be done today without the assistance of technology and as a high maintenance patient I want my providers to have the best technology. But more than anything, I want to be listened to.

But if I can tweet about an article I read while also taking notes about the presentation my boss is delivering, why don’t I trust my provider enough to listen to me with intention and take notes in her EHR at the same time. Why are my expectations for my provider completely out of touch with my expectations of my friends and family at the dinner table?

I think it’s because this is my health we’re talking about here, and at the end of the day healthcare is a relationship, but also a service and any service is enhanced by personal engagement.

I have a great GP. She recently changed offices and is now in what I might describe as a “boutique or luxury doctor’s office.” There is herbal tea, large screen TVs and modern furniture in the waiting room. The office is equipped with state of the art healthcare technologies, and she was able to quickly acquire my medical records from her previous location. She does, however, sit in front of the computer when I’m in the exam room. At her previous location I felt like sometimes she was looking at her screen more than at me.

Since the move, I’ve never felt neglected like I used to. So what changed? It’s not her care style. She’s still on the computer. It’s not my expectations. I’m still a high maintenance patient. After thinking about it for a while I realized, it was so simple. It’s the type of technologies and the layout of the exam room that have made such a huge impact on her engagement with me. The new EHR has a more patient friendly workflow, less clicking and more dragging and dropping, less free text and smarter lookup functions. These small changes in technology allow her to be more engaged in our conversations. It allows her to document what I say in about half the time so she can look up at me more often.

In the old office the computer was set up so that her back was turned to me when she was typing. Without the swivel of her chair our eyes never connected. The new office, however, is set up in a way that when she looks up she’s looking right at me. Such a small change to furniture layout makes such a huge improvement in engagement.

It’s wonderful that we have the ability to multitask to the nth degree, but I think I have to agree with the Pope on this one; we’re losing the collaboration, interactions and affection that is at the heart of face to face meetings and gatherings. The changes needed to enhance engagement while embracing technology may not be as drastic as putting it down or walking away, but simply making intentional changes to the technologies we use, the way we use them and the environment we use them in.

The Communication Solutions Series of blog posts is sponsored by Stericycle Communication Solutions, a leading provider of high quality telephone answering, appointment scheduling, and automated communication services. Stericycle Communication Solutions combines a human touch with innovative technology to deliver best-in-class communication services.  Connect with Stericycle Communication Solutions on social media: @StericycleComms

6 Questions To Consider When Providing Virtual Visits Using Video Technology

Posted on January 13, 2016 I Written By

The following is a guest blog post by Dr. Sherry Benton, Creator and Chief Science Officer at TAO Connect.
Sherry Benton
Kaiser Permanente Venture, the corporate venture capital arm of Kaiser Permanente, announced in December 2015 that it would strategically invest $10 million Vidyo, Inc., a leader in high-quality visual communications, to increase patient convenience and the improve the overall quality of care. This endorsement of telemedicine technology by one of the nation’s largest health networks is a strong indication that telemedicine has begun to emerge as a go-to strategy for hospitals and health systems.

In addition, a breadth of clinical research consistently shows that virtual visits either by phone or videoconferencing are just as effective as face-to-face encounters. This is particularly true for synchronous “real-time” communications using technology. Such communications not only increase patient engagement, but they also increase accountability, resulting in more positive outcomes.

Kaiser Permanent’s venture into telemedicine is one of many examples we’ll likely see over the next few years as patient engagement continues to take priority. According to research firm Parks Associates, the use of video conferencing to facilitate an encounter between a provider and patient is projected to reach 130 million visits in 2018.

However, as providers embrace telemedicine technology, they must also keep HIPAA privacy and security at the forefront. Kaiser Permanente, for example, has stated its telemedicine solution offers HIPAA-compliant encryption—a necessity for any provider offering virtual visits. Far too often, providers resort to Skype, FaceTime, or a host of other video service providers without thinking about the potential for breaches of PHI.

Ask your potential video service provider whether it meets federal government standards for HIPAA compliance as a covered entity. The TeleMental Health Institute provides additional guidance on selecting a specific video service provider.

Also consider these six important privacy-and security- questions as you explore video telemedicine options:

  1. Will your video service provider sign a business associate agreement as required by the HIPAA Omnibus Act?
  2. Do you and your patient both have a secure/encrypted Internet connection to prevent interception?
  3. Can your video service provider encrypt data” in motion” and “at rest” as per HIPAA requirements? Data “at rest” refers to data stored on the video service provider’s server and can potentially include non-video elements (e.g., exercises, assessments, and logs) as well. Data must be secure and encrypted for the entirety of the time that it’s retained as dictated by state and federal regulations. Data “in motion” refers to data moving from the patient to the server or from the patient to the provider via the server. This requires security and encryption as information flows through routers, load balancers, firewalls, and Ethernet networks. Ask your video service provider how it incorporates HIPAA-compliant security protocols during every step in the process and for its various delivery platforms and applications, including mobile, web-based, and desktop.
  4. How will you define your legal health record? Will it include the actual video recording itself? If so, how will you handle patient requests for copies of this information? Some specialties, such as mental health, rarely store video unless it’s used for supervision/educational purposes.
  5. Have you implemented role-based access to the virtual visit software at the point of logon?
  6. Have you provided sufficient patient education? For example, patients should be in a private place during the actual virtual visit so no one else can observe the conversation. When patients use a mobile device to participate in a virtual visit, we advise passwords requiring re-entry after a brief period of inactivity. Patient education goes a long way toward risk mitigation in telemedicine.

Looking ahead
Many of the HIPAA challenges related to telemedicine are the same ones we face in a non-virtual world. However, telemedicine certainly requires a heightened awareness of the potential for hacking and virtual interceptions. Give careful consideration of privacy and security at all points in the delivery care process. Take your time in searching for the right video service provider and ensure they are willing to meet all HIPAA requirements in writing…and in practice.

About Sherry Benton, PhD
Dr. Benton is the creator of TAO Connect and director of the University of Florida Counseling Center. She is also a fellow in the American Psychological Association and the President Emeritus of the Academy of Counseling Psychology. Dr. Benton has been a psychologist and mental health care administrator for 22 years.