IN the age of technology, many of our everyday tasks have been made easier and more convenient by digital means. However, a common concern is how safe technology is and how we can seek to protect our information on the World Wide Web.

Telemedicine is no exception to this concern. While health-care services, especially during the novel coronavirus pandemic, have largely benefitted from digital access, (such as communicating with your doctors via text, video call and voice call) with something as sensitive as health records, privacy is paramount.

For telemedicine providers, privacy is at the top of their list of priorities. It is the responsibility of your health-care provider to protect your personal health information (PHI), this includes medical records, insurance details and other private information. Patients may be concerned that their PHI is open to anyone online after they utilise telemedicine services. These providers must then ensure they have the necessary means in place to not only protect their patients’ information, but to assure a trusting relationship between them and overall maintain the integrity of their organisations. The following breaks down both how your health-care provider may take responsibility in protecting your information when treating you through online means, as well as how you may also contribute to protecting your own privacy when utilising these services.

The responsibility of your health-care provider

Your health-care provider treating you online will be required to protect your privacy in the following ways:

• Using a secure host network is key for your health-care provider when using telemedicine. Network security speaks to a set of technologies that protect the usability and integrity of a company’s infrastructure by protecting it from outside threats. Platforms such as MDLink use a secure app and website as the central point of access to their health-care providers. You may video call, voice call, or send text messages and photos all through this central platform. This adds a level of protection that public services such as Skype and WhatsApp may not have. Having a secure host network for access to telemedicine services is a crucial first step in protecting patient privacy.

• Your health-care provider should ensure that they are contacting you through a safe and private physical environment if this interaction is not face-to-face. This is to ensure no unauthorised individuals can hear, see or have access to any information collected during your virtual visit. If they are not actually in their office, a quiet, private room in their home or otherwise would be a good option.

• Your health-care provider must have certain systems in place that ensure only authorised individuals have access to your information. Implementing access controls is one such way. This may look like restricting access to PHI and certain applications only to specific users who need a passcode, PIN number, physical key or card, or biometric information like face or finger scan. That way no one without these access codes will have the ability to see your PHI. Additionally, two-factor authentication is highly recommended in authorising access to these health records. This requires users to validate they are in fact the appropriate person intended to access the data by confirming their identity through two or more of the means mentioned above. For example: using a finger scan as well as a PIN to log into a platform.

• In the same way, your health records that are collected in person are protected by law to ensure your privacy, a change from face-to-face does not remove this responsibility from the healthcare workers. In the USA, The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is legislation created to ensure each health-care practitioner is held to a high standard in protecting your information. These rules keep your paper and digital records private, including anything shared with your provider during a telemedicine visit. Jamaica has recently put together a committee to create similar guidelines locally for telemedicine.

The HIPAA Privacy Rule relates specifically to matters of operation within health care. What this means is, health-care providers are prohibited from using patients’ personal health information in ways not previously agreed upon between the patient and provider. This further limits any sharing of information with outside entities without first getting authorisation from you, the patient.

• Health-care providers must ensure that they protect their patients online from the risk of in-person human error. Studies have shown that most cyberattacks leading to data breaches happen from simple human error or negligence. It’s the responsibility of the health-care providers to offer security awareness and training for their staff who will engage with digital means of administering care and storage of personal health-care information.

Your personal responsibility

In addition to the responsibility of your physician treating you via telemedicine services, there are some small things you may do to better protect yourself when accessing health-care online.

• Only enter your personal information on secure websites and platforms specific to your treatment. Ensure you know exactly who you are communicating with before sending any PHI. Most telehealth technologies, including that used by MDLink, use encryption to protect your privacy and create a safe environment for you to share information. Encryption makes your data unreadable to anyone else on the Internet who may try to access it. Ask your telehealth provider if the platform they’re using is encrypted before sharing any information.

• Avoid using public Wi-Fi to access your telemedicine services. Additionally, avoid using any devices that may be shared with people outside of your family, such as a public computer. This prevents anyone else from possibly accessing your sensitive information.

• Ensure you are in a private environment when speaking with your doctor. This may be a room in your home, your car, or somewhere outdoors far from crowded areas. If you can’t find a private place, discuss it with your health-care provider. You may be able to speak via text alone or reschedule until you can access a better location for virtual treatment.

Speak with your health-care provider

If you do decide to get treated by telemedicine services, ensure you feel fully comfortable before you receive treatment. If you have any concerns about your privacy and how your information will be stored, speak with your doctor before divulging any personal information. Ensure you feel completely comfortable with your treatment, knowing your privacy is protected and you are in good hands. Concerns about your privacy in an increasingly digital world are valid and knowing as much as you can will allow you to be able to access all the benefits and conveniences of telemedicine while feeling as at ease as you would in person.

Dr Ché Bowen, a digital health entrepreneur and family physician, is the CEO & founder of MDLink, a digital health company that provides telemedicine options. Check out the company’s website at www.theMDLink.com. You can also contact him at drchebowen@themdlink.com.