In 2020, the international health emergency of unprecedented proportion set off telehealth's massive expansion. Out of the need to ensure access to essential health services during the COVID-19 pandemic, privacy rules were eased.
Covered healthcare providers were allowed flexibility to use nonpublic-facing audio or video communication technologies to deliver telehealth services even if that might mean a risk to data security. Video chat applications like Apple FaceTime, Facebook Messenger video chat, Google Hangouts video, Zoom, and Skype — even though they do not fully comply with the requirements of the HIPAA rules — were allowed with the good-faith provision of telehealth.
Though temporary, the discretionary enforcement of Health Insurance Portability and Accountability Act of 1996 (HIPAA) during the COVID-19 national emergency reduced barriers to telehealth access and promoted the use of telehealth as a way to deliver acute, chronic, primary, and specialty care.
Where HIPAA compliance ensures the privacy and security of protected health information, the easing of the rules was a delicate balance to strike between supporting patients' needs, protecting public health, and ensuring privacy.
HIPAA is in its 25th year providing guidelines for the privacy and security of protected health information. With the public health crisis in 2020, part of government priority then was to make it as easy as possible for people to access health care even at the cost of HIPAA waivers. But now, voices from the healthcare and health IT industries are more attuned to the privacy and security that HIPAA promises.
Harry Greenspun M.D. (@harrygreenspun)
Chief Medical Officer and Partner, Guidehouse
“Healthcare has always been an attractive target for cybercriminals. The data is valuable, and the stakes are high. Providers face stiff penalties for data breaches and cannot afford to have the safety of their operations compromised. Equally importantly, patients need confidence that their privacy and confidentiality is secure.
"2021 will be a year of security catchup as organizations patch holes, retrain, and identify new risks created by their transformed operating environments. Furthermore, the industry will begin to address the challenges that arise as virtual care increases. Organizations may dramatically increase countermeasures to protect IT systems. If they don’t, cyberattacks and data breaches will only intensify.” (source: MedCity News)
Bent Philipson (@BentPhilipson)
Founder, Philosophy Care
“There has been an increased number of ransoms and complete manipulation of the integrity of telemedicine. Healthcare leaders cannot be reactive to these risks. Proactivity will help prevent hackers from finding their way into patient information and stave off fraud and deceit attempts. Re-examine HIPAA’s telemedicine Privacy Rule guidelines if you haven’t already.” (source: IoT for All)
Kayne McGladrey (@kaynemcgladrey)
Cybersecurity Strategist, Ascent Solutions
“Changes made to medical organizations' cybersecurity maturity should be considered carefully against external audit requirements, such as HITRUST. A proactive stance provides the best defense to organizations and to society, as a breach of patient records or the loss of service at a medical facility during a pandemic poses a danger to the health and well-being of people." (source: Security Magazine)
Caleb Barlow (@calebbarlow)
President and CEO of CynergisTek
“If providers don't take privacy seriously and the threat of breaches via telehealth continues, this has reputational risks and threatens the inroads made on telehealth being seen as an essential tool rather than a passing fad.
"I know providers are not IT experts; however, they must implement baseline security activities to protect data. Providers should prioritize the security of the telehealth services they choose and improve their security posture.
"There’s an opportunity to transform patient engagement with digital health, but providers must also proactively manage the inherent security risks that come along with this. To ignore it would not only put patients at risk but also erode the trust in telehealth as a secure, accessible option to access care.” (source: Forbes)
Senior Analyst, Forrester Research covering Digital Health
“The Office for Civil Rights will strengthen its enforcement of HIPAA requirements as the pandemic starts to get under control. Providers will scramble to implement new security protocols; and, at worst, organizations will be looking for a new virtual-care platform that is more robust. Security practitioners need to plan for these changes now to avoid being caught off guard.
"Long-term success for virtual-care deployments hinges on balancing ease of use and security and privacy.” (source: Forrester)
The migration of hospital care to the home needs not only innovations that will support this care delivery model but also security guarantees that protect the privacy of individuals seeking health care. Shoring up defenses against risk means full HIPAA compliance regardless of the waivers and temporary leniency of the rules.
That’s how LifeWIRE shored up its defenses against risks. By meeting all the requirements of HIPAA and with a platform that earned HITRUST-certified status for information security to further mitigate risk in third-party privacy, security, and compliance, LifeWIRE has always put privacy and security front and center in communicating care.