Telemedicine – Enhancing Network Security to Achieve HIPAA Compliance

Telemedicine is a branch of modern medicine in which patient health information is exchanged over a great distance, through a series of local and wireless networks. The remote settings of the patients, make the exchange of health information with health providers, highly vulnerable to hostile intrusion.

The HIPAA compliance norms makes it mandatory all the covered entities like hospitals, clinics, clearinghouses, physicians, medical insurance companies and other health service providers to employ secure computer network systems, which follow stringent security codes. Any failure in HIPAA compliance on part of health provider, will surely invite strict regulatory action, in form of heavy fines or criminal prosecution.

The nomadic or remote settings of the patients make it a challenging task for the health providers to maintain the privacy of patient health information. A series of wireless and local area networks make the system vulnerable to hackers. Further lack of proper vigilance at remote settings attract hostile intrusion from both, hackers and virus. To fortify the Telemedicine network against unauthorized access, the health service providers should incorporate stringent security features in the network and they are:

  • All the email communications should be in encrypted form. The email content is encrypted into strings of codes and transmitted over the network. At the receiving end, the coded message is assembled back into original form with help of a key. Even if someone manages to access it illegally during course of transmission, the coded message will make no sense to the hacker.
  • Facial recognition system helps the service providers to clearly identify the patients on the network, especially in the case of video conferencing.
  • Digital identity card is provided to the remote patients after identity verification by authorities. The encryption features and digital signature of the patients in the card authenticates the users and allows them access online health services.
  • The access to all the point-of-service computers should be user authenticated, to ensure that only authorized personnel access the system.
  • The computer network should be protected by firewall and should be constantly monitored to detect any intrusion. There should be an audit system, which maintains a record of time, frequency and nature of the hostile attacks made, on the network.

The security features in the network enable the health service providers to provide quality healthcare services to remote patients in a safe and secure way. The patient health privacy is protected and this is in line with HIPAA compliance norms. Telemedicine and EMR can safely deliver customized health solutions to remote communities.

How Much Does Telemedicine Cost?

Telemedicine, as with many tech fields, can be spoken of in many different terms when it comes to cost. In one sense, telemedical equipment of the most functional variety — take-home wireless routers that connect to medical peripherals designed to beam your vital statistics directly to your doctor — are still somewhere between ‘too expensive’ and ‘insanely expensive,’ at least from the perspective of a home buyer.

But in another sense, telemedical costs are absurdly low compared to traditional medical expenses. According to a survey by, for example, the average telemedical teleconference for a minor medical issue costs an average of $45 — compared to an ER visit for the same minor issue, which can run up to multiple thousands of dollars just for having a patient wait in bed for a few hours while a doctor gets around to them.

Equipment Is the Difference

The big cost difference is in equipment. On the one hand, most Americans already have the two most basic elements of telemedical communication: a phone and an email account. Many have the ‘advanced toolset’ — a webcam, a microphone, an Internet connection, and possibly a smartphone or tablet. Setting up a system to take advantage of these preexisting tools can be quite inexpensive without sacrificing much utility — just the cost of some software that can be easily installed by a patient on their home computer to allow for secure videoconferencing.

On the other hand, those last several percentage points of utility are remarkably pricey. It’s one thing to monitor your post-operation patient’s recovery process with a five-minute videoconference on Skype — it’s entirely another to loan them a ‘medical watch’ that will automatically update you if they suffer a significant fever, elevated heart rate, or other significant deviation from the standard vital signs. That can cost several hundred dollars per patient per month — which still might save you money compared to an ER visit, but it’s a high initial investment.

The Security Question

The biggest reason a facility might choose to go for the proprietary equipment rather than rely on a patient’s existing devices? HIPAA. Privacy laws are a huge challenge to telemedicine; as necessary as they are (and they are necessary!), there are very few consumer-level wireless devices that offer a level of encryption that satisfy HIPAA regulations. Using one for any form of record that would end up on the patient’s medical records is thus a legal quicksand that few practices are interested in getting stuck in.

But Who Will Pay For It?

That is the big question — despite a Federal initiative to support telehealth services for all Americans, there are still only 22 states that require insurance carriers to reimburse physicians equally for telemedical services and traditional services. Most others are unregulated, meaning it’s completely possible for a doctor to provide telemedicine services to a patient and have to bill them directly (or absorb the cost themselves.) In a few — most notably Idaho — telemedicine isn’t just ‘an open question,’ it’s actually completely illegal!

Nevertheless, every passing month seems to bring several telemedicine bills in front of various state legislatures. Experts agree that remote health is a field that is inevitable — it’s just a question of how long it will take for the most stubborn states to catch on.