In this post we will discuss:
Nowadays, we find ourselves using smartphones with a computational power that dwarfs the best personal computers from 30 years ago and can do almost anything, from grocery shopping, work tasks, to staying in touch with friends and family.
And then COVID-19 happened… Most of the world was forced to become homebound recluses, which caused digital activity to explode throughout the last 18 months. Amazon alone had to hire hundreds of thousands of new employees, just to keep up with the covid-driven demand for eCommerce, as Amazon’s CEO Jeff Bezos became a trillionaire.
But not every service or industry has embraced the internet and digital revolution. Take medicine, for instance. Digitization has been popular for years as a teaching method in medical schools, but treating patients has resisted these changes. Probably due to the fact that proper medical treatment requires in-person attention from a professional, or so we thought.
Nevertheless, even that natural resistance is giving way to digitalization.
Have you had a doctor's appointment through a computer over the last year and a half? Do you use an app to help you deal with anxiety, or to keep track of your daily glucose levels? Is your phone counting how many daily steps you take to make sure you're burning enough calories?
Even that last bastion of analog privacy of personal health is slowly but surely going digital: introducing the age of ‘telehealth’.
But what does that mean for you and your privacy?
‘Telehealth’ is a 21st-century word that refers to the remote facilitation or delivery of health services using telecommunication or computer/internet-based technology.
In remote corners of the world where there are no hospitals or medical professional practices, these methods are highly relevant. They grant local people access to medical attention, which is why smartphone apps are quickly becoming the norm.
In-person visits to the doctor have been declining since the COVID-19 pandemic started. But that's no surprise, the fear of catching the virus has made people delay or avoid their visits to emergency rooms, and even doctors altogether.
The result is a dramatic increase in demand for telehealth and telemedicine services. The prestigious Mayo Clinic's remote consultation service has increased by 10% and phone consultations are also up by 13%1. Telecommunication technology has enabled primary-care doctors to keep providing medical attention to their patients, at a similar rate to the one before the pandemic wreaked havoc.
The trend is clear, but there is still a digital divide in the industry. Some benefit from telehealth, whilst some do not. The new abundance of telehealth services cannot help people in the lower socioeconomic spectrum, or those in rural or isolated areas, who don't have access to stable internet, state-of-the-art smart devices, or even the basic skills necessary to make use of them.
Privacy and security concerns are an issue with every digital development in the industry and telehealth is no exception. It's no surprise that some problems have surfaced recently, given how quickly the demand for such services has grown and the intimate nature of the data necessary to make it a reality.
Health services are unique in that when you need them, you must have them. You will never consider taking advantage of a massive discount on hemodialysis treatment unless you need it and when you do, you will find a way to fund this expensive treatment.
Availability and convenience are vital priorities in health services, which is why privacy and security concerns are overlooked. Most users don't worry about their privacy, because they might not live long enough to enjoy it.
Nevertheless, red flags are appearing. A cybersecurity researcher recently led a Harvard Medical School team in publishing an open letter2 in the Journal of the American Medical Informatics Association warning about the problems involved in telehealth services performed over Zoom and similar platforms.
Zoom and its ‘peers’ have exploded during the pandemic, but they never had sensitive medical information in mind when they were designed, so they can't appropriately address these concerns. The letter also suggests that healthcare providers should stick to video conference platforms explicitly developed for health services that ensure end-to-end encryption and security for users.
The telehealth explosion is also tempting some healthcare providers to submit fake claims. Last year alone, the United States Department of Justice dealt with 4.5 billion USD in false allegations related to telehealth and telemedicine3.
Another privacy issue is related to wearables and their partner apps. They generate a lot of personal information, which is then stored on ‘the cloud’ and to make things worse, are managed by unvetted third-parties. Demand for wearables grew by 50% in the past 12 months as a direct result of the pandemic, which drove an increased number of users and consequently, generated larger quantities of unprotected personal medical information.
New technologies are usually several steps ahead of any legal framework. Legislation is typically reactive in this area, but this is not the case with telehealth. Telehealth users enjoy protections afforded by the Health Insurance Portability and Accountability Act (HIPPA) in the United States4. The act's purpose is to protect the privacy of people's medical information.
To regulate this, the European Union has formulated the Data Protection Directive, Australia the Privacy Act of 1988, and Japan the Act on the Protection of Personal Information5.
This means there isn’t a void regarding telehealth privacy concerns, per se. There are however, issues regarding enforcement and compliance, especially when it comes to apps developed by a team in a given country for users who live under different jurisdictions.
The OCR (Office for Civil Rights) released a notice advising patients to stick with HIPAA-compliant software for their telehealth communications6.
Which applications were deemed compliant?
The OCR knows that providers may wish or ‘need’ to communicate with patients through other platforms. The office's position is that as long as the provider acts in good faith and makes provisions, they would not face any penalties. The apps that extend to the’ approved’ list are:
Just as with your health, your online privacy is your responsibility7. While we do not suggest that you should distrust your provider, we do recommend that you do your homework by sticking to a few simple security rules that can help you maintain a peace of mind:
Maybe you are not using any telehealth services or apps currently, which is good news. If possible, benefit from this time and presence of mind to take every precaution to protect your privacy in advance (before you have to use them).
Consider if and when the time comes that a telehealth service becomes a priority for you, you will have more urgent things to think about and you will probably let the security issues slip away - try not to.
You should be able to enjoy all of the advantages of telehealth and telemedicine, while also securing your privacy and online security.