HSCC Publishes Guidance on Securing the Telehealth and Telemedicine Ecosystem

Healthcare providers are increasingly leveraging health information technology to provide virtual healthcare services to patients. Telehealth services allow patients living in rural areas and the elderly to gain access to essential medical services, and the pandemic has seen a major expansion in telehealth to provide virtual healthcare services to patients to reduce the spread of COVID-19.

According to FAIR Health, the number of telehealth claims to private insurers has increased by 4,347% in the past year, with virtual care such as telehealth now one of the fastest growing areas of healthcare. The Centers for Medicare and Medicaid Services has committed to providing long term support for virtual healthcare services and Frost & Sullivan predicts there will be a seven-fold increase in telehealth by 2025.

The major expansion of healthcare services has happened quickly and at a time when the healthcare industry is being targeted by cybercriminals more than ever before. Hackers have been exploiting vulnerabilities with ease to gain access to sensitive healthcare data and disrupt operations for financial gain. A 2020 study by SecurityScorecard and DarkOwl revealed there was a near exponential increase in targeted attacks on telehealth providers as the popularity of telehealth soared.

In order for virtual healthcare services to reach their full potential, it is essential for healthcare industry stakeholders to identify and address the privacy and security risks to healthcare data, which can be a challenge in a complex, connected environment such as healthcare.

This week, the Healthcare and Public Health Sector Coordinating Council (HSCC) has published a white paper that provides guidance for the healthcare industry on identifying cybersecurity vulnerabilities and risks related to the use and management of telehealth and telemedicine.

The new resource, Health Industry Cybersecurity—Securing Telehealth and Telemedicine, was published for the benefit of healthcare systems, clinicians, vendors, service providers, and patients, who together share the responsibility for ensuring telehealth provides the maximum benefit while keeping privacy and security risks to a low and acceptable level.

The document explains the cyber risks associated with telehealth and telemedicine and outlines the regulatory issues that apply to telehealth services, providing audit tools, guidance on policies and procedures, and suggesting best practices to adopt.

The guidance document outlines the policy underpinnings of healthcare cybersecurity, explains regulations and organizational policies, cybersecurity considerations, and includes recommendations for implementing and maintaining telemedicine programs.

“Currently, there is no single federal agency with authority to establish and enforce privacy and security requirements for the entire telehealth ecosystem,” explained HSCC. “At a minimum, telehealth systems need to maintain security and privacy consistent with those of all other forms of care.”

Healthcare organizations are encouraged to adopt the best practices suggested in the white paper and implement the recommendations appropriate to their risk profile to improve privacy and security protections to get the optimal benefit from telehealth and telemedicine services.

You can download the HIC-STAT white paper on this link.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.