Telemedicine has started to live up to its potential in the healthcare industry. More and more healthcare providers are using electronic communications to do their jobs, talking to patients by e-mail, webcam and web-based portals in any location, over various networks and devices. This has allowed healthcare to become decentralized and more accessible to consumers, which has both benefits and challenges.
Today’s consumers want everything, including their medical data, at their fingertips instantaneously. But at the same time, they have concerns about privacy and security with data and doctors being so available. For example, will the quality of care go down without face-to-face appointments? Will their data be secure if it’s accessed remotely by doctors and hospital staff?
Consider the case of where several remote clinics are serviced by a central provider. Patients visit the most convenient clinic and get access to doctors and specialists from a central hospital. Initial diagnostics of minor symptoms and ailments and follow up visits are a perfect fit for telemedicine. For cases where there are transportation barriers or convenience challenges, patients can be evaluated from home and where providers can meet with patients with both participants being outside of a clinic or hospital. Healthcare providers have secure access to their apps and data regardless of location and using video conferencing, patient interaction is high quality.
Now that telemedicine has evolved from a far-fetched idea into a reality, here are the top five questions healthcare professionals should prepare to answer to ease the minds of concerned patients.
- With telemedicine considered a critical service, how will availability be established and maintained?
For healthcare providers, the goal is access to medical information, from patient data and laboratory reports to best practices, is available when and where it’s needed. In the remote clinic example, the network between the central hub and the clinics is crucial—it must always be on. At a minimum, there is a back-up network provider. Optimally, the network is built using more than one network provider, perhaps mixing consumer and business grade services like Multiprotocol Label Switching (MPLS), a protocol for speeding up and shaping network traffic flows, broadband, and cellular—diversifying the carrier and mitigating the risk of individual failure.
This is where simplified redundancy of the wide area network (WAN)—which enables businesses to interconnect multiple locations—provides seamless failover and chooses the best path performance wise. Critical application availability is also key, with failover and redundancy built within the data center and between data centers with automatic failover should services fail. Instead of having apps and data installed and managed on endpoints, having them centralized keeps configurations consistent and troubleshooting done at the data center. In case of hardware failure, a new device can be pulled out and connected with minimal effort. In short, let the healthcare provider focus on the medicine and not troubleshooting the technology.
- Data security and privacy is paramount in healthcare. How is this assured through the distributed services that encompass telemedicine?
Here is a simple approach to the security framework: Keep the apps and data in the data center, away from endpoints. Require strong and contextual authentication for access. Provide visibility into the access of apps and data. The goal is to keep protected health information (PHI), clinical trial data and patient financial information in the data center where it is most secure behind numerous security programs. Contextual access through a gateway reduces the attack surface by consolidating access points with granular access control policies and multifactor authentication to assist with PHI compliance. Contextual access can be extended to access privileges for specialists and affiliates by providing specific access to only the required information on corporate-provided or user-owned devices.
- Compliance with country, state and regional laws may limit the ability for specific services to be offered. How will telemedicine offerings remain within legal geographic boundaries?
The key to compliance with regulations and mandates is having a clear understanding of the who, when, where, and how of access. It’s recommended to consolidate access to apps and data to the right number of people required and providing contextual access using several methods. A clear example is based on geographic location. Once the application and data are centralized at the data center, it’s a simple matter of enabling full or restricted access based on the location of the clinic or known data as the patient’s home address. Access termination is equally important and should be uniform to ensure compliance. When properly configured, not only will access be terminated on mobile devices, but all controlled data will be removed, regardless of whether the device is on the network.
- For telemedicine to be convenient for the provider, they can’t be tethered to a desk. How can services be available across a range of devices and situations?
Security must have the right balance with convenience and user experience. Healthcare providers want simplified, anytime and anywhere access into their workspace. They want to simply and quickly log in, and be presented with their applications, desktops and tools. Whether they log in from the office, home, or the hospital they see the same patient information—regardless of where the patient is located—hospital or at a remote clinic. This requirement is extended to when providers want access from their device of choice. Healthcare providers need an integrated platform that meet both their ease-of-use requirements and the security mandates of the business. Sending data out to mobile devices without compromising security is a big concern so protection is needed against data loss using containerization and encryption of the apps and data on the device.
- Data is often distributed through insecure means, including e-mail and texting. How can security and privacy be maintained while utilizing these inherently insecure services?
There are several ways to secure the data distributed via e-mail and texting, including secure e-mail and chat/texting apps. These apps have capabilities for app level encryption and additional authentication as well as remote wiping should the device be lost or stolen.
These functions are restricted to the apps themselves so they do not affect the other applications or data on the device. It’s app management instead of device management and reduces barriers for the end user adoption. Based on a recent global study from Citrix and the Ponemon Institute, 71% of business respondents say there is risk from their inability to control employees devices and apps. A health provider could bring their own phone, have the secure apps loaded and continue to use the same phone for personal and professional use. The data is encrypted at use and at rest on the device and containerized from interacting with personal applications.
Florin Lazurca is senior technical marketing manager for security at Citrix Systems Inc., a developer and provider of server, application desktop virtualization, networking, software-as-a-service, and cloud computing technologies.