Is Your Privacy at Risk With Telehealth Consults?

How to safeguard your privacy during online telehealth doctor visits: Internet Scambusters #924

Telehealth — online medical consultations — have become a vital element of health care and treatment during the COVID pandemic.

But they’re not the same as face to face consultations, and now questions are being raised about security and confidentiality.

Using a secure online service and taking other key steps can significantly improve your security as we explain in this week’s issue.

Let’s get started…


Is Your Privacy at Risk With Telehealth Consults?


It was always going to happen, but there’s no doubt that the Coronavirus pandemic has greatly sped up the use of telemedicine or telehealth — online medical consultations.

But has necessity put privacy at risk? Is it safe to talk about your medical issues via the Internet? Could hackers be eavesdropping on your most confidential health issues? And, if so, how might that affect you?

The initial answers to these questions are worrying. Here’s why.

Back in March, the US Office for Civil Rights announced it would not act against telehealth providers who didn’t comply with privacy regulations during the pandemic, allowing them to use apps whose security has been questioned.

The reason is simple. Caring for patients is the priority, not security.

As one expert recently told the HealthITSecurity website, “(C)ybersecurity takes a back seat to patient care. A hospital’s number one job is to manage patient care, and cybercriminals know this.”

There’s another aspect to this too. Computers and mobile devices aren’t just for telemedicine consultations. Increasingly, patients are able to use them to check and read their medical records.

That means, of course, that if we can read them, so might others if they either hack into systems or get ahold of our passwords.

And as the medical services organization PrognoCIS noted recently: “Once hackers successfully steal sensitive data, they may use this data to blackmail a patient or a provider.”

They might also use the information for identity theft. It has even been suggested that health information traded on the dark web might be used to target sick people with offers of fake medications and cures.

“(T)hink about what happens when your spouse starts receiving ads for life insurance after you have received a tele-diagnosis of acute heart disease that you have not yet disclosed,” cybersecurity website SecurityRoundTable.org suggests.

Questions and Actions

So, what can you do to protect your privacy, whether during an online consultation or for access to your medical records?

For telemedicine, the main responsibility rests with the healthcare provider you’re dealing with. They’re responsible for selecting the app you use and the sign-on security. So here are some of the questions you should ask and actions you should take:

  • Is the software/app being used approved for secure telehealth consultations. For instance, popular applications like Skype and Facetime are not recommended because, according to the American Psychiatric Association, they don’t have the right level of privacy protection.
  • Is it compliant with HIPAA, the health information privacy rules referred to above? The rules may temporarily have been eased but you have to question why a provider might want to ignore them. The US Department of Health and Human Services (HHS) has published a list of apps that claim to be compliant.
  • Is the video data encrypted — that is, digitally jumbled so it can’t be viewed by intruders?
  • Is the consultation being recorded and/or stored? If it’s stored, it might be in danger of being accessed in a future data breach.
  • Have your consultation in a private setting where you can’t be monitored or overheard. As regards accessing your medical records online, the steps you should take are more or less the same you would take to protect any confidential online information. That is:
  • Protect your username and password. Don’t share it with others, including anyone who phones and asks for it, no matter who they say they are.
  • If the system allows it — and most do — use two-factor authentication; that is, a second code or password, usually via an app on your phone.
  • In addition, find out whether your medical information is being shared among multiple providers. This should not be done without your permission.

Telemedicine is efficient and potentially cheaper than face-to-face consultations. Doctors can see and treat more people more quickly and easily wherever they are.

So, there will be no turning back to the old ways, even if or when the Covid pandemic is behind us. Mainstream telehealth is here to stay. So, it’s worth spending the time to learn about it and practice good telehealth security now.

Alert of the Week

As the pace heats up for the November elections, so does the amount of misleading information. In particular, doctored videos — known as deep fakes — are appearing by the score.

They’re often difficult to spot but there are tactics you can use, such as unnatural face movements and facial features that just aren’t quite right.

Internet security firm Norton has just published a list of 15 ways to spot deep fakes: How to Spot Deepfake Videos — 15 Signs to Watch For.

Time to conclude for today — have a great week!