By Adam Mahmud, Senior Product Manager, Healthcare, Jamf
It’s not fun to be a patient, especially during a global pandemic. Healthcare systems are strained to their limit. Providers are exhausted. A patient who’s admitted to a facility has a journey to go through, and it can be confusing and a whirlwind of emotions. But the pressure test of COVID-19 has forced an overdue change for medicine — the wide adoption of telehealth.
Driven by the pandemic, innovation in telehealth solutions and workflows has exploded. People can now access care from almost anywhere. The convenience and efficiency gains are enormous, but, of course, there’s a whole new set of challenges to overcome with remote care. How can patients and providers alike maintain a good experience? And how can telehealth platforms ensure that security is paramount throughout? As healthcare moves to mobile tech, the core challenge comes down to security.
The threat of info insecurity
New patient-friendly and provider-specific approaches to remote care come with an array of infosecurity concerns. Portable devices such as iPads and in-office apps aimed at streamlining the patient experience are not necessarily new. The reason telehealth comes with greater concern is due to communication happening outside of a secure, contained network within hospital walls.
Providers and patients often communicate via their home internet connections during telehealth appointments, and those communications could be at risk if the home network lacks strict security measures. If a malicious actor breaches the home network, it’s much easier to access sensitive information on their devices.
Then there’s the chance of lost or stolen devices — something that hospitals have faced in great numbers since the onset of telehealth. Organizations face the challenge of monitoring inventory across a system and, if something goes lost or stolen, getting it back uncompromised.
In any case, who will be liable for the violation of patient privacy? Any healthcare organization that fails to mitigate these risks through the right tools will take the blame.
How to keep telehealth safe
It’s not all doom and gloom for privacy in the telehealth realm, though. From private practice to healthcare systems, organizations can take these five actionable steps to diminish risks.
1. Remote management systems: By giving providers a managed device, organizations can ensure that the proper security measures are taken, such as installing a VPN (virtual private network) and multi-factor authentication or ZTNA (zero trust network access). Managed devices can also block certain apps and functionality from being accessed. These systems vastly reduce risks no matter the network a provider is connected to, and do so in a way that’s low friction.
2. Training: Phishing schemes are more sophisticated than ever. Training providers and other staff will cause them to think twice before clicking that link or entering their password in the wrong place, and that second thought just might stop a major data breach. It may sound silly, but a designed 30-minute interactive quiz can make a big impact.
3. Phishing prevention: While training is always the first line of defense, a technological solution that can help serve as a backstop is critical. Mobile Threat Defense solutions are often talked about as a solution for malware on mobile devices. However, they also provide a great solution to intercept clicks on malicious links that could compromise the device or user.
4. App privacy: With more mobile devices in use for business, and many being personal devices, the apps that are installed on a device and how organizational data is used become critical. Installing an app that requests overly broad permissions may break the privacy of business operations such as patient information or doctor patient communications. Utilizing good app inventory and privacy controls is critical to ensure that patient data stays private on mobile devices.
5. Hardware encryption: Imagine a laptop or tablet gets stolen. The data on that hard drive had better be fully protected, which is where encryption comes in. Tools like Apple’s FileVault can make sure that no one gets their hands on sensitive info. This is priority number one, especially for a provider who’s accessing a medical record system.
Looking to the future of medicine
Is telehealth security a challenge? Of course. But is it worth the effort to modernize healthcare? Absolutely. Under unimaginable pressure during the COVID-19 pandemic, healthcare systems scaled new telehealth programs and mass vaccination clinics using an iPhone. It worked because they had not only all the right tools, technologies, and products, but they had the people aligned on what they needed to do quickly.
Before COVID-19, healthcare groups would cite security as the reason they hadn’t yet deployed telehealth. Fear of that risk precluded systems from doing what’s right. The reality is that mobile is the future. It’s how healthcare is moving forward, and there’s absolutely a strategy to ensure safe remote care on the mobile frontier.