Telecommunication and Cybersecurity

Access to information through the internet has become more and more in demand. This need has particularly accelerated since last year, 2020, when the COVID-19 pandemic started, with most people being homebound due to quarantine restrictions.

The use of teleconsultation is one of the modern healthcare technologies and practices that has soared due to the pandemic. Some patients and providers alike opt to do teleconsultation to avoid being in close contact with another person, thereby minimizing the risk of exposure to possible COVID-19 carriers.

With this increasing demand for convenience and online access, protected health information (PHI) is widely created, stored, transmitted, and/or received as electronic data via email and others.

Apart from mobile devices, PHI can also be found on endpoints such as memory or storage devices, USB flash drives, and online, such as in cloud storage apps (i.e., Dropbox, Google Drive), etc.

In light of this steep demand in the healthcare system, the spotlight on cybersecurity and the threat of cyberattacks are inevitable.

As stated in the published article, Chapter 4 Understanding Electronic Health Records, and Cybersecurity (healthit.gov):

“(sic) Every day there are new attacks aimed specifically at small to mid-size organizations because they are less likely to be fully protecting themselves. Criminals have been highly successful at penetrating these smaller organizations and carrying out their activities, while their unfortunate victims are unaware until it is too late.”

Since HIPAA was enacted in 1996, safeguarding the PHI has been the major goal. National standards were set in place to protect and promote confidentiality, integrity, and availability of PHI. This includes the importance of cybersecurity.

Cybersecurity is described by the Office of the National Coordinator (ONC) for Health Information Technology as:

“(sic)… ways to prevent, detect, and respond to attacks against or unauthorized access against a computer system and its information. Cybersecurity protects your information or any form of digital asset stored in your computer or in any digital memory device.”

Among the many risks that using mobile devices poses are;

1. loss and/or theft of mobile devices,
2. unknowingly downloading of a virus or malware into the mobile device,
3. sharing of mobile devices,
4. accessing or connecting to unsecured Wi-Fi connection.

The ONC and OCR have enumerated 13 mobile safeguards which include:

1. Setting strong passwords and changing to new ones regularly
2. Encryption of e-PHI
3. Use of automatic log off on devices, website, EHR, apps, and others
4. Require a unique user ID for each device user
5. Enable remote wipe of data or PHI on mobile devices and others.
6. Always lock the device when not in use.
7. Keep the device with you at all times while working.
8. Use of screen shield.
9. Refrain from sharing the mobile device
10. Register the mobile device within the organization
11. Install firewall
12. Use secure Wi-Fi connection
13. Research mobile applications

Therefore, reasonable validation should be made by each organization or office to ensure that they are well-prepared before considering the use of mobile devices, transmitting and storing e-PHI be it via e-mail and other methods, with prudent consideration of cybersecurity and cyberattacks.