Creating Secure Healthcare BYOD Environments, Communication
  • Creating Secure Healthcare BYOD Environments, Communication

    April 14, 2016

    Published by: HealthIT Security

    Secure healthcare BYOD is an essential aspect to covered entities, especially as online communication increases.

    Healthcare bring-your-own-device (BYOD) policies make sense from a cost-savings and provider-relations perspective. With BYOD, organizations are alleviated from purchasing equipment, plus physicians are likely more satisfied because they can practice on the devices they prefer and know how to use, which can reduce the potential technical support requests for IT staff.

    However, BYOD environments also pose security risks depending on the software the physician is using to exchange PHI. This challenge applies to PHI shared from the organization’s electronic health record, but also during telehealth encounters.

    Telehealth is increasingly viewed among patients, employers, and policymakers as an affordable and clinically effective way to address physical and behavioral health needs. Delivering care through telehealth could be feasible and efficient for organizations with BYOD policies if secure web conferencing technology is used that also enables the organization to comply with HIPAA requirements.

    With the right safeguards in place, organizations can take advantage of growing telehealth demand while encouraging adoption among physicians by allowing them to continue to use the devices they prefer.

    Telehealth acceptance rising

    Seeking care through a computer or mobile device is not only growing in popularity among patients, but also state and commercial payers that are beginning to accept and reimburse for these encounters. Forty-eight states now reimburse for telehealth for Medicaid patients, while 29 states have telehealth reimbursement parity laws for private insurance.

    In addition, nearly 75 percent of businesses responding to a 2015 survey from the National Business Group on Health plan to extend telehealth services to employees, up from 48 percent the previous year.

    Delivering telehealth services is feasible for organizations with a BYOD policy if the appropriate secure web video conferencing platform is chosen. By selecting cloud-based web conferencing technology that can be accessed from most secure web browsers, providers can eliminate numerous potential device compatibility issues, while helping protect patient data by communicating through a secure connection.

    Outsourced cloud-based platforms also alleviate organizations from the burden of upgrading and maintaining software.

    Essentials for secure telehealth encounters

    Not all cloud-based web conferencing platforms are equal in terms of security or user friendliness. Security is likely a healthcare organization’s top priority, considering that PHI breaches are punishable under HIPAA with financial penalties of as much as $50,000 per incident up to a maximum of $1.5 million a year.

    In light of steep penalties and potential reputational damage due to a data breach, the following are some security features to consider for cloud-based web conferencing technology that can be accessed from a provider’s own device.

    • Private cloud option. Many web conferencing platforms offer a public and private cloud option, but a private cloud offers an enhanced level of security because all information is stored behind the provider organization’s firewall. Due to the regulations surrounding ePHI and disclosure, a private-cloud platform is recommended for patient care, meetings or consultations involving health information.
    • End-to-end encryption. End-to-end encryption using the industry-standard SSL/TLS protocol and with the Advanced Encryption Standard (AES) 256, which is the same level used across the country to protect healthcare, financial and government information, would be advisable. Encrypting ePHI is also required in the HIPAA Security Rule.
    • Proxy and firewall traversal functionality. In a BYOD environment, streamlining web conferencing connections can be helpful to avoid telehealth care interruptions, but is a challenge with providers using numerous different devices. Web conferencing platforms are available that simplify connecting with patients by routing all sessions through a single, secure port. This means providers do need additional configurations to connect with patients regardless of their networking environment.
    • Secure connection verification. If a secure connection cannot be established, web conferencing technology that automatically helps prevent the unsecured encounter from occurring is a safer option. This is an advantage over traditional, hardware-based video conferencing installations that could be accessed remotely causing an inadvertent PHI breach.
    • Flexible Password Options. An organization’s BYOD policy typically includes requirements to change passwords after a pre-determined number of days and that passwords should include a minimum length, upper/lower case and numeric content. Secure web conferencing platforms can support password rules like these, as well as the ability to offer temporary passwords that expire after a telehealth session.
    • Lockout option. Some web conferencing platforms allow providers to “lock” the sessions. That means even if an additional person would be able to access and enter the required password, that person would not be allowed entry to the session without the provider being notified and granting permission.

    Creating a positive patient experience

    The web-conferencing technology’s video and audio quality are also important considerations, in addition to the security features. High-definition video and audio is likely to positively impact the patient experience, resulting in improved patient engagement. On the provider side, a clearer picture and sound can support better communication and clinical decision making.

    In the end, regardless of the device physicians are using, it is the care quality and patient experience that are the ultimate considerations when choosing web conferencing, or any other type of technology for healthcare providers.

    Tom Toperczer is director of product management for Brother.

    Click here to visit their site