The Covid-19 pandemic has already had a dramatic and unprecedented impact on the global economy, but perhaps no single industry has been more impacted than the healthcare industry. When we talk about healthcare as an industry, there are many different organisations, health systems, system administrators, and individual practitioners, all working separately, but also somewhat in tandem. That is, they all share some of the same broader goals at any given period. And during the Covid-19 period, some of these goals have arguably become even more unified and transparent: 1) contain the Covid-19 virus outbreaks, 2) understand its epidemiology and 3) attend to infected patients and at-risk populations.
This article will outline some of the notable systematic changes that have occurred since the World Health Organisation (WHO) officially labelled Covid-19 an international health emergency, and propose ways that IT professionals globally can play a role in helping medical professionals tackle the crisis.
Changes to national and international regulations for patient data
While many authorities in healthcare have voiced a desire to unify certain efforts against the Covid-19 virus, there are many real-time challenges happening for individual organisations (hospitals, health clinics, etc.) that threaten these efforts, even on a daily basis. Furthermore, it remains the job of IT professionals to design and manage the information systems that allow healthcare practitioners to effectively reference and document relevant patient data.
HIPAA, enacted by the US Health Department in 1996, plays an important regulatory role in the safety and privacy of American patient data by being rigorous and often restrictive. During the Covid-19 era, countries with complex health systems (like the US) are finding that retaining their existing regulatory system in its entirety may pose delays and other challenges to timely patient care. On March 24, the United States Office for Civil Rights (OCR), issued an update to the guidelines for the health information (of patients exposed to Covid-19) that allows law enforcement, paramedics and first responders access to patient sensitive information. Hospitals were also given clearance to disclose the names of Covid-19 patients and some of their treatment details to certain public authorities, while remaining HIPAA compliant.
How to ensure information security and compliance
New regulations such as these pose little threat when information is still being disclosed responsibly, and to the right authorities. Security concerns arise, however, when this information enters the wrong hands and circulates on information platforms (like search engines) and networks that are unsecure, public, and/or improperly regulated. To ensure threats are being handled responsibly, we recommend that health administrators implement and maintain (if already in place) the following guidelines:
- Confirm that staff have been educated properly on health information systems and cybersecurity protocol.
- Deploy monitoring tools to pinpoint suspicious activity, such as an alert when a user in the facility follows a link to a suspected bad site.
- Monitor and account for potential activity by staff not registered in your healthcare system (law enforcement, first responders, etc.)
- Store login information and passwords in a secure place
- Make sure software updates are timely and routine
- Encourage employees to avoid public Wi-Fi networks, especially while performing job tasks remotely (instead of onsite.)
- Use safe search platforms, when possible, that offer a shield from malicious sites.
- Follow and enforce HIPAA protocol closely
- Maintain a multi-layered cybersecurity infrastructure for your organisation
The impact of higher telemedicine adoption and usage rates
While telemedicine is by no-means a new healthcare trend, the nature and extent of its usage during Covid-19 has been novel for many medical organisations. For the purposes of this article, we will categorise usage into three key types of platforms – ones that offer text-based communication services, ones for audio and video conferencing, and ones that are used for file sharing of medical content.
Many of the larger national health systems, especially in countries where a portion of healthcare is privatised, were already utilising EHR/EMR platforms or email platforms for some of their provider-to-patient communication. With new government-mandated restrictions on office visits, however, some of the communication that was done face-to-face before is being redirected to telemedicine platforms. In text-based communication (messaging, email, etc.), some of the more prominent cyber-threats reported by the WHO include phishing emails, ransomware and malware attacks. These threats tend to be more frequent during periods of emergency. The Covid-19-type threat messages may appear in inboxes as:
- Emails promoting “urgent” or “breakthrough” Covid-19 cures, and other sensational news.
- Messages that urge some type of payment and threaten penalties if the user does not take immediate action.
- Fake alerts from the CDC that are written and formatted to look like official messages.
These messages can infect both individual computers and entire networks of health organisations. Fortunately, it was reported that as of March 19, leading hacker organisations had collectively agreed to halt any targeting of hospitals and healthcare organisations. Smaller hacker organisations, however, may still be implementing attacks. Individual physicians and patients are also at risk, with the WHO noting an increase in ransomware attempts.
One of the telehealth services that has seen the most drastic increase in implementation and usage is video conferencing. In late February, one of these platforms reported a nine-fold increase in daily volume of respiratory-related consultations online, and a five-fold or higher increase in mental-health consultations online. Some countries, including Israel, have reported partnerships with telehealth vendors to keep exposed patients (including those onboard recently infected cruise ships) isolated while monitoring and communicating with them at a safe distance.
For healthcare professionals and organisations evaluating their telemedicine offerings, video conferencing has become increasingly necessary for many to continue communicating with their patients. We recommend the following criteria in selecting the appropriate platform for your organisation:
- Platform history – how long before Covid-19 was the video platform established?
- Customer market – is the platform’s customer base largely enterprise, consumer, or split? Also, have they reported having an existing healthcare customer base?
- Encryption – the more authentication factors and layers of encryption to the video platform, the better.
- HIPAA policy – does the platform disclose this or other privacy compliance information?
Another telemedicine platform/process to consider for IT security is file sharing, a process that may be used for transferring medical records and other health data from one party to another. Larger health organisations in many countries will be required, or at least urged, to adopt platforms that allow for more secure file sharing between patient and provider email systems. That said, we advise the following for all IT administrators, regardless of the size of the healthcare organisation or practice.
- Adopt a platform/service that allows for easy (user-friendly) and secure file sharing. Platforms will not likely be overly simplistic and this may detract from needed security.
- Pay close attention to the authentication required (multi-factor is preferred), and assess the overall encryption used by the system.
- Terms and conditions for file sharing should be clearly outlined, either by the platform itself, or by the medical professional to their patient.
The novel Covid-19 virus pandemic is forcing the world healthcare system into uncharted territory at an alarming pace. It is a certainty that telecommunication will play a greater role in the delivery of healthcare in the short run and likely on a permanent basis. As we enter this new world, we all need to work together to develop user friendly, accessible and secure health delivery platforms.
Bill DeLisi, Chief Executive Officer, Chief Technology Officer and a founding member of the Board of Directors, GOFBA