Tag Archive for: privacy

October 2021 Digital Health Roundup

The popularity of telemedicine is being embraced by insurance companies, and for now, the best place to identify skin cancer is still at the dermatologist’s office. Patients are concerned about privacy threats when it comes to technology in healthcare, and it turns out they have good reason to be. Fortunately, there are things being done to address the issue.

Privacy of Medical Records

A new survey shows that patients are concerned about privacy of medical records and the use of facial recognition technology in healthcare, reports upi.com. A large portion of the survey respondents perceive facial recognition technology as a privacy threat, but the use of the technology in healthcare has increased over the past few years as a way to prevent medical errors and provide extra security. With nearly 60 percent of respondents saying they are concerned about the security of these technologies, researchers are tasked with gaining public trust by increasing protections of healthcare information. Find more information here.

It seems that patients have reason to be concerned. Ransomware attacks are having negative effects on patient care, reports fiercehealthcare.com. A new report shows that ransomware attacks on healthcare organizations can lead to longer stays, delays in care leading to poor outcomes, and increases in patient transfers. The ransomware attacks are also linked to increased mortality rates. The report emphasizes the importance of increasing cybersecurity in healthcare to protect patients. Learn more about the report findings here.

Cybersecurity

Recognizing the cybersecurity vulnerabilities in healthcare, the U.S. Food and Drug Administration (FDA) recently released a best practices document as a resource for the healthcare industry, reports healthcareitnews.com. The document focuses on developing a cybersecurity communication strategy and offers aspects to consider in the event of a security breach. The FDA also plans to address medical device vulnerabilities so that patients who are dependent on medical devices will know what kinds of questions to ask their healthcare providers regarding the security of their devices. Get more information here and see the FDA best practices document here.

The U.S. Government is also investing in the future of information technology in public health, reports thehealthcaretechnologyreport.com. The Office of the National Coordinator for Health Information Technology (ONC) has an initiative that will help to develop the health information technology workforce and will help to increasing the number of workers in the field from underrepresented communities. With funding from the American Rescue Plan, ten universities that serve diverse communities have cooperative agreements to build up the healthcare technology workforce over the next four years. Learn more about the initiative and the ten institutions that are participating here.

Skin Cancer App Fails

A setback for healthcare technology occurred recently when a flaw in a direct-to-consumer app used to detect skin cancer was identified at a European annual meeting of dermatology, reports medicalxpress.com. Researchers found that the app, which is available in Europe, incorrectly classified more than 60 percent of benign lesions as cancerous, and almost 18 percent of Merkel cell carcinomas and almost 23 percent of melanomas as benign. The problem appears to be that the app depends on available images to determine the status of a lesion, but there are not enough images of rare skin cancers available for better accuracy. Find more information here.

Telemedicine

If you love virtual visits to the doctor, you are in luck! Insurers are now offering new types of health coverage specifically for telemedicine, reports modernhealthcare.com. Some insurance companies have plans that require online visits for nonemergency care. The plans tend to have lower premiums and patients select a doctor for their virtual visits who can refer patients to in-person doctors within the network if needed. However, there is some concern that virtual care as the primary means of care may not be ideal. The concern is that things might get missed, like early signs of disease that a doctor would not be able to pick up on through a virtual visit. Learn more about the new type of insurance plans here.

Embracing Telehealth: Protecting Our Data in a Medical Revolution

The world changed when the pandemic came upon us, and so did healthcare. Telehealth visits with our care teams were available, but not as prevalent as they are now. We could message our doctors via secure patient portals or call a nurse and ask for advice. However, with the introduction of video, as well as new devices and apps, how is our privacy as patients affected? 

Telehealth can be defined as “the use of electronic information and telecommunications technologies to support long-distance clinical health care, patient and professional health-related education, public health and health administration.” The majority of us have now had a telehealth visit with one of our doctors via video or phone. They have seen into our lives at home, and we may have seen into theirs. While this can make for a personal, more intimate encounter, we also have to think of privacy. According to the Department of Health and Human Services, the Office of Civil Rights (OCR), which is responsible for enforcing Health Insurance Portability and Accountability Act (HIPAA) regulations, “will not impose penalties for noncompliance with the regulatory requirements …against covered health care providers in connection with the good faith provision of telehealth during the COVID-19 nationwide public health emergency.” What this means is that providers may use video-conferencing services, including Zoom, Apple Facetime, Skype, etc., without risking noncompliance under HIPAA. Therefore, it is up to the patient to review the privacy policy(ies) of the software being used. 

Additionally, recording these visits for our own personal use to listen to later and/or share with family members and caregivers may come into play just as if it were a regular in-person visit. But is this legal? Each state has its own statute that varies on whether one or two parties must consent (single-party vs. all-party jurisdictions). As of 2020, 39 out of 50 states as well as the District of Columbia are single-party jurisdictions where only one party has to consent. The remaining 11 states (California, California, Florida, Illinois, Maryland, Massachusetts, Michigan, Montana, New Hampshire, Oregon, Pennsylvania, and Washington) require both the patient and the healthcare provider to consent, and failing to ask for permission is considered a felony. Additionally, HIPAA does not extend to any recordings made by the patient. 

What about the use of apps? There are more than 300,000 health-related apps on the market today, with a 37% increase in usage since the pandemic began, especially in the area of mental health. With apps for everything from tracking our weight and heartbeat to counting the number of steps we take and the hours of sleep we get, it’s hard not to interact with one of these apps to streamline our lives and make them a little simpler. When it comes to the collection of data, however, how do we know what’s protected under HIPAA? Covered entities under HIPAA include healthcare clearinghouses, most healthcare providers, and health plans. However, if an organization is creating an app on behalf of a covered entity (or one of the covered entity’s contractors), they are considered a business associate, meaning they must comply with HIPAA rules and regulations. This helpful website provides different scenarios on whether or not an organization would be covered. This means that we, as patients, must be cautious in what types of data are being collected and how it might be used, which can usually be found in an app’s privacy agreement or policy. 

This also extends to use of wearable devices, including FitBits, Apple Watches, glucose monitors, and biosensors that collect patient-generated health data. According to a Gallup poll conducted at the end of 2019, 19% of U.S. adults wore a wearable fitness tracker, and a 2019 Washington Post article reported more than 3 million consumers wore a medical alert device. But how is this data regulated? When we collect data for our own purposes, the data does not fall under HIPAA regulations. However, should a healthcare provider ask a patient to submit data from that device and integrate it into their organization’s EHR system, a covered entity, it becomes protected by HIPAA. 

In conclusion, is telemedicine safe? The quick answer is yes and no. In an article released by the Patient Safety Network of the Agency for Healthcare Research and Quality, two physicians noted that “Studies have shown that telemedicine promotes continuity of care, decreases the cost of care, and improves patient self-management and overall clinical outcomes.” However, new technologies present new challenges that have to be worked through. This means that more research needs to be conducted and improvement processes be put in place to ensure protection of patient data. In the meantime, here are some safeguards healthcare organizations may put into place to establish peace of mind for patients: 

  • Be aware of updates from the OCR related to HIPAA 
  • Train providers and staff on policies, practices, and protocols for using telehealth services 
  • Make sure that your telemedicine portal confirms the security of patient data through the use of incident reporting, monitoring of security events, and strong levels of encryptions 
  • Have a strong authentication method, preferably two-factor 
  • Create a detailed audit log of user logins and meeting connections