Wow… that was a great session!
Telehealth seems to have put healthcare security at center stage - with connected medical devices, virtual visits, and more… most of the changes have been positive but with how fast it is changing due to the pandemic, it comes with some risks.
Healthcare is Changing as We Know It...and Faster
That's right, we see changes time and again but with the COVID-19 pandemic, Telehealth specifically is at the forefront. With lock downs and social distancing during a healthcare crisis, patients and doctors are turning to virtual visits for basic medical needs. For the most part, these rapid improvements have been positive.
What Are the Challenges?
Aside from financial and technology challenges also comes the human element in healthcare. How can medical staff give the same level of care to a person virtually? For example, biometric devices that are used to verify hospital staff are now being utilized virtually in order for doctors to sign in to telehealth services.
This means that either some companies and or departments are looking to other vendors (quailified or not) to help run telehealth practices in order to keep up with and adjust to rapid evolving healthcare technology. Also, not-so-qualified vendors are coming out as start ups with applications that may have been rushed.
So, What Are the Rules?
We're talking about policy and procedure here. Who gets to do what? Which medical services are allowed to be treated via online? Cardinal Health has a product called Telepharm. If you're a pharmacy, and your pharmacist isn't available, Telepharm will provide you with a pharmacist to help your end users as well as the supporting technology.
HIPPA's Role in Telehealth
Clearly the traditional HIPAA guidelines were not written with telehealth in mind. These very guidelines are being challenged and relaxed in a way that allows new policy to be written in order for doctors and pharmacists to legally provide healthcare and share patient information in an online environment.
How Do We Keep Patient Data Secure?
In addition to making sure patient data is kept confidential telehealth platforms need to communicate with DevSecOps teams to make sure the technology is secure. It is too easy for data to be breached online and that includes telehealth data. There was a psychiatric service that was recording their online sessions and having patients fill out a form. This information was hosted in the cloud in an insecure environment.
The key is a third party security solution to help manage telehealth platforms. Services like Cardinal Health can be utilized to make sure good policies are implemented and security controls are in place.
What About IOT Devices...
...like pacemakers, etc.? Yes, these devices can transmit data and get compromised. Keeping the hardware secure is just as important as the data. Dick Cheney had the wireless disabled on his pacemaker many years ago. As IOT medical devices are becoming the norm, new companies are rapidly creating new innovative devices. However, are they going out to market before they are secure and should the government introduce new regulations?
Communication is Key
Healthcare providers, government entities, and DevSecOps teams must communicate to bridge the gaps in telehealth.
The Future of Healthcare is Now!
Wizer’s hacker, Chris Roberts!
- DJ McArthur - Information Security Director (CISO) at Childrens Hospital Colorado
- Amy (Harrison) Scites - Adviser, IT Risk & Policy at Cardinal Health
- Andrew Labbo - Principal and Owner of RMHG
- Eddie Mize - Chief Security Officer/Vice President - Information Security at The Pinnacle Group Companies
- Aaron Bregg - Director of Professional Outreach at Cloud Security Alliance West Michigan and Lead Security Analyst as Spectrum Health