Relaxed telemedicine rules opens up potential security risks now and in the future

April 3, 2020


While Covid-19 remains a danger to society, Telemedicine has enabled medical professionals to continue to treat their patients.  Though far from perfect, Telemedicine allows medical professionals to monitor their patients’ wellbeing and provide recommendations and when necessary advise patients to seek care (e.g. urgent care, emergency room. Etc.)


U.S. government waiving telemedicine rules


Considering the National Emergency the Office of Civil Rights the enforcement arm of Health and Human Services has waived the rules involving telemedicine:


“A covered health care provider that wants to use audio or video communication technology to provide telehealth to patients during the COVID-19 nationwide public health emergency can use any non-public facing remote communication product that is available to communicate with patients.”


This means for healthcare providers that are not utilizing HIPAA compliant tools;


“may use popular applications that allow for video chats, including Apple FaceTime, Facebook Messenger video chat, Google Hangouts video, Zoom, or Skype, to provide telehealth without the risk that OCR might seek to impose a penalty for noncompliance with the HIPAA Rules related to the good faith provision of telehealth during the COVID-19 nationwide public health emergency.” 

Non-Public include Facebook Live, Twitch, and TikTok.


Security concerns of loosened telemedicine regulations  


During this pandemic period, there is nothing more important than providing patients with the medical treatment they need in the safest way possible.


Telemedicine provides this, however, there are safety concerns that all should be aware of.  These less secure platforms provide opportunities to collect the most personal information for individuals.  This is particularly troublesome for government officials and business leaders who we all dependent on during this time of trouble

In addition to collecting personal information about individuals, generally available software has significant security issues.  For example, Zoom has a known flaw that has the potential of letting adversaries steal operating system credentials.  Furthermore, if a password is not used during a Zoom session anyone can join a call, though this is more of an issue for larger calls where a troll can be unnoticed


As healthcare providers and their patients get comfortable with telemedicine over the next several months, telemedicine will be adopted by practitioners and patients.  However, eventually, the OCR will rescind this order and anyone continuing to use non-secure telemedicine will potentially receive significant fines from OCR.

In this unprecedented time, it is important to maintain communication but we all need to stay aware of the security shortfalls and as soon as possible following the pandemic return to use secure tools for communication with patients

Share on Twitter
Please reload

Recent Posts
Please reload

Please reload

Search By Tags
Please reload

1775 Tysons Blvd. 5th Floor, McLean, VA 22102

703.861.6836  |

© Deeper Solutions, LLC. All Rights Reserved.