Written by J.F.
What is Telehealth, and Why is it Important?
The use of remote medical care, or “Telehealth,” surged in popularity during the Covid-19 pandemic.[1] Back in April of 2020, Teladoc Health reported that its platform was being used for more than 100,000 appointments a week.[2] Today, Telehealth is still gaining popularity. Virtual medical appointments have revolutionized the doctor-patient relationship and drastically increased medical accessibility, especially for patients who are elderly or suffering from disabilities or chronic illnesses. Patients love the ease of being able to forgo the commute to their physician’s office and instead meet with their doctors from the comfort of their own home, through platforms such as Zoom, Spruce, GoodRx Care, Doctor on Demand, Betterhelp, and Zocdoc, among others. Long-distance healthcare has become so popular, in fact, that it now exists for veterinarians as well.
What are the Downsides of Telehealth?
Unfortunately, although these Telehealth platforms have doctors more accessible to you, they have also made your private health information more accessible to hackers.[3] Hackers are constantly looking for new ways to exploit patient privacy and gain access to private health information. Failing to protect your private health information can create risks associated with identity theft, fraud, and extortion. For many people, the ease and accessibility of remote care outweigh the cybersecurity risks. However, just like doctors value informed consent, it is important for patients to be sufficiently informed about potential issues with data privacy before consenting to a medical appointment over zoom.
In an article written as far back as 2014, Joseph L. Hall and Deven McGraw argued that many concerns needed to be addressed before patients and providers would be willing to use virtual systems, such as telehealth devices and sensors collecting private information and sending it to third-party advertisers. Even smartphone apps may share sensitive data, such as sensor data on location, with advertisers and other third parties in ways not anticipated by users.[4] In analyzing the Hall and McGraw framework, Timothy M. Hale, PhD and Joseph C. Kvedar, MD noted that patients may be more willing to accept privacy risks when they perceive that the health benefits of using telehealth systems outweigh the risks involved in sharing their information.[5]
Several government agencies are already aware of the potential severity of these risks. The US Department of Health and Human Services even published a cybersecurity newsletter which provides information on how to protect private health information from cyber attacks.[6] Moreover, in July of 2023, the FTC posted a press release cautioning hospitals and Telehealth companies that the online tracking technology integrated into their websites or mobile apps may be impermissibly disclosing consumers’ sensitive personal health data to third parties.[7]
Part of the issue here may be that patients and physicians are utilizing their personal devices for Telehealth purposes. In a 2021 Telehealth Survey Report by the American Medical Association, 64% of physician respondents and 95% of patient respondents reported that they were typically located in their home for these appointments. Most of these visits took place through live video and audio programs like Zoom.[8]
Of course, the American Telemedicine Association acknowledges these risks, but does not guarantee protection. Their July 22, 2020, Principles state, “Patient privacy, and the protection of patient data, are a prerequisite for connected care. State and federal regulatory schemes should allow for innovation and support the advancement of technology-assisted care; however, telehealth and virtual care platforms, systems, and devices should be required to mitigate cybersecurity risks and provide for patient safety and confidentiality.” [9] However, whatever precautions these virtual care platforms take are inconsequential if your personal device and webcam get infected by malware. In fact, a 2023 systematic review of privacy and security risk factors related to Telehealth services astutely pointed out that technology and digital literacies are among the main factors that can impact patient privacy and security concerns. These may include video visit hacking, lack of digital devices, cellular data use, and limited knowledge and understanding of technology.[10]
One of the ways hackers can gain access to your computer and your medical information is through webcam hacking, also cleverly referred to as “camfecting.” Camfecting occurs when an unauthorized user accesses a device owner’s webcam without their knowledge or consent. This is often carried out by infecting the victim’s computer with a virus that can provide the hacker access to their webcam. The remotely activated webcam can be used to watch anything within the webcam’s field of vision, screen record, take pictures, or even sit in on your private video chats or yearly physical. Camfecting can be used for identity theft, extortion, or blackmail, and can cause significant emotional distress.
Potential Solutions and Preventative Measures
While there is no magic pill to treat a computer virus, there are a few precautions you can take to add an extra layer of protection to your next virtual OB-GYN check-up. Using a VPN and multi-factor authentication on your devices is always a good first step. To prevent from being infected with spyware or malware, avoid clicking on random advertisements. It is generally good practice to cover your webcam when not in use. Keep your operating system and applications up to date to ensure the latest security patches are in place, and install reputable antivirus software to safeguard against malware. Additionally, you should exercise caution with email attachments, and refrain from clicking on suspicious links. Consider utilizing firewalls to block unauthorized network access to your devices.
Furthermore, try to have your remote medical appointments in a private, secluded space where you will not be overheard. Be vigilant and look out for signs of your computer system being compromised, such as your battery draining faster than usual, your webcam darting around, or random files appearing on your desktop. Lastly, if you suspect that you may be experiencing camfecting, report the incident to relevant cybercrime authorities or contact a reputable law firm that specializes in cyberlaw. At any point, you can tell your medical provider that you are not comfortable with virtual visits.
In Conclusion
Long story short, the prognosis is not good. Telehealth appointments are not fully secure. While there are a few precautions you can take to protect yourself, your electronic devices, and your own private health information, it is ultimately up to you whether you want to assume a cybersecurity risk, or visit your doctor in person the old fashioned way instead. The next time you meet with your podiatrist, you might just consider closing that door instead.
[1]Telehealth visits are booming as doctors and patients embrace distancing amid the coronavirus crisis
[2] Why telehealth can’t significantly flatten the coronavirus curve — yet | TechCrunch
[3]Telemedicine Privacy Risks and Security Considerations | Deloitte US
[4] Hall JL, McGraw D. For telehealth to succeed, privacy and security risks must be identified and addressed. Health Aff (Millwood). 2014 Feb;33(2):216-21. doi: 10.1377/hlthaff.2013.0997. PMID: 24493763.
[5] Virtual Mentor. 2014;16(12):981-985. doi: 10.1001/virtualmentor.2014.16.12.jdsc1-1412.
[6]October 2023 OCR Cybersecurity Newsletter | HHS.gov
[7]FTC and HHS Warn Hospital Systems and Telehealth Providers about Privacy and Security Risks from Online Tracking Technologies | Federal Trade Commission
[8] 2021 Telehealth Survey Report | AMA
[10] Houser SH, Flite CA, Foster SL. Privacy and Security Risk Factors Related to Telehealth Services – A Systematic Review. Perspect Health Inf Manag. 2023 Jan 10;20(1):1f. PMID: 37215337; PMCID: PMC9860467.