Health Industry Cybersecurity - Securing Telehealth and Telemedicine

Healthcare and Public Health Sector Coordinating Councils Public Private Partnership:  Health Industry Cybersecurity - Securing Telehealth and Telemedicine 

Introduction

Health care is increasingly moving to a digital platform. Recent major investments in health information technology, such as electronic health records and health information exchanges, have created enabling digital components that providers and vendors are leveraging for virtual health care services. These services are primarily delivered to those who otherwise cannot get them, such as those who live in America’s most distant rural settings, the elderly, or patients at risk of contracting COVID-19 those who live in America’s most distant rural settings.

Telehealth use has grown exponentially in response to COVID-19. FAIR Health research Computer, Physician Imageindicates 4,347% growth in telehealth claims to private insurers year-over-year, 2019-20.1 As one example, one clinic chain had a 600% growth in telehealth in the first quarter of 2020 compared to the same time period a year before.2 Additionally, Frost & Sullivan projects a 7-fold growth of telehealth by 2025.3 The deployment of more mature analytics, better adherence to cybersecurity and privacy regulations, and the use of data to show return on investment are expected to maintain the drive of this significant telehealth expansion.4

Virtual health care service, such as telehealth, is now one of the fastest-growing areas in health care. The major expansion of telehealth during the pandemic as a vehicle to manage disrupted access is now being supported with long term support for the concept and decisions by the Centers for Medicare and Medicaid Services (CMS) and others to establish clinical reimbursement guidelines. Yet, this rapid expansion of telehealth services by a growing number of private and public providers comes during a time of enhanced cyber assault on the health care sector. These forces create the imperative to address the unique cyber security issues faced by clinicians, patients, and the systems in which they work.

The Health Sector Coordinating Council (HSCC) has developed this white paper, the “Health Industry Cybersecurity – Securing Telehealth and Telemedicine (HIC-STAT)” guide,- for the benefit of health care systems, clinicians, vendors and service providers, and patients. All of these stakeholders share responsibility for ensuring that telehealth services achieve their optimum benefit with minimal risk to the privacy and security of the data, the consultations, and the systems hosting them. View the full report under Key Resources.

____________________
1 https://www.fairhealth.org/states-by-the-numbers/telehealth
2https://www.fiercehealthcare.com/payer/cvs-health-beats-wall-street-estimates-2b-profit-affirms-2020-earnings-guidance
3https:/ww2.frost.com/news/press-releases/telehealth-to-experience-massive-growth-with-covid-19-pandemic-says-frost-sullivan/
4 Id. (Frost Report)

 

For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:

John Riggi

Senior Advisor for Cybersecurity and Risk, AHA

jriggi@aha.org

(O) +1 202 626 2272

(M) +1 202 640 9159

 

Related Resources

AHA Center for Health Innovation Market Scan
Disruption just keeps coming in the primary care sector. Denver-based startup Everside Health Group, which offers a nationwide in-person and virtual primary…
Advancing Health Podcast
Public
On this AHA Advancing Health podcast, John Riggi, AHA senior advisor for cybersecurity and risk, speaks with his former FBI colleague Mike Orlando, acting…
AHA Center for Health Innovation Market Scan
During the height of the pandemic, McKinsey…
AHA Center for Health Innovation Market Scan
Remote patient monitoring (RPM) got a huge lift during the pandemic as record numbers of Americans opted for connected care from the safety of their homes, but…
Letter/Comment
Public
The AHA expresses support for the Protecting Rural Telehealth Access Act (S. 1988),
Advisory
Public
Microsoft has released out-of-band security updates to address a remote code execution (RCE) vulnerability — known as PrintNightmare (CVE-2021-34527) — in the…