Telemedicine, Privacy, and Information Security in the Age of COVID-19

Abstract

COVID-19 has highlighted the shortcomings of healthcare systems globally as countries struggle to meet the high demand for patient care. The spread of COVID-19 has resulted in unprecedented circumstances that necessitate a shift towards adopting infrastructure to enable care to be provided virtually. This shift is critical to minimize insufficiencies and maximize the quality of care in healthcare systems. While COVID-19 has dramatically accelerated the adoption of technology into care delivery, ongoing work is needed to ensure that our technology infrastructure provides an environment for safe and effective care delivery. Telemedicine usage has substantially increased over the past decade (1), and many hospital systems have robust telemedicine programs. Yet traditional in-person visits remain the cornerstone of clinical care, despite the fact that a significant amount of these visits, including follow-ups, treatment for minor illnesses, and chronic disease management could be substituted by virtual communication. Telemedicine has previously been identified as particularly important during disasters, due to the inaccessibility of traditional care services. This is especially salient for the COVID-19 pandemic where in-person healthcare visits pose a high risk to exposure (2). Additionally, responses to COVID-19, specifically social isolation and the intensified burden on essential workers, are eliciting detrimental psychological effects on large populations, while simultaneously making mental health resources highly inaccessible (3). Overall, with the increased strain and demand on traditional medical resources, telemedicine has emerged as an essential component of clinical care delivery during the COVID-19 pandemic (4) with many healthcare organizations reporting substantial increases in telemedicine use during COVID-19. For example, NYU saw an increase in non-urgent care virtual visits from a pre-COVID-19 average of 95 daily to 4,209 post COVID-19 expansion (4,330% increase) (5). However, as we continue the shift to telemedicine, new issues unravel that need to be addressed, particularly in regard to technology infrastructure. In the US, the Department of Health and Human Services recently lifted many of the restrictions on communication apps, reducing barriers that previously prevented the use of telemedicine services for individuals. That being said, the substantial information security and privacy concerns surrounding telemedicine cannot be overlooked. For example, Zoom, currently one of the most popular video conferencing platforms, has had a 10-fold increase in usage over just a few months including increasing use in healthcare, leading to several important privacy considerations—outsiders joining video conferences, or inadequate encryption of communications (6), leading to the possibility of eavesdropping. State and federal agencies have warned of increased risk of cyberattacks towards healthcare and public health sector and organizations doing research on COVID-19 (7). Ransomware attacks—a type of cybersecurity threat that involves encrypting data and demanding payment in return for unencrypting the data—have continued unabated during the pandemic, with many targeting hospitals specifically. Recent ransomware attacks have included the Illinois Public Health District website and a medical testing facility in the UK (7). Successful cyberattacks negatively impact hospital operations, delay access to clinical services, and lead to significant economic loss (8, 9), all of which would be particularly devastating to organizations already under unprecedented economic and clinical strain during this pandemic. Therefore, while global healthcare systems should allocate significant resources towards improving telemedicine capabilities, improvements must ensure that the technology delivers care that is both safe and effective. Balancing the significant privacy and information security concerns with the enormous potential benefits of virtual care during this pandemic will remain a vital component to our continuously evolving response to COVID-19. Now more than ever, health care workers and organizations need to follow best practices to reduce cyber incidents.