As the use of telehealth continues to surge during the COVID-19 crisis, healthcare entities and their vendors must take critical steps to keep patient data private and secure, says healthcare technology attorney Janine Anthony Bowen.
“Ultimately, the [vendor] contract is the last thing you want to rely on,” she says in an interview with Information Security Media Group. “That’s when all your other methods of mitigating your risk have failed you – you rely on your contract.”
Safeguards such as multifactor authentication as well as endpoint security technologies for the remote >laptops, tablets and cellphones used to conduct telehealth encounters should be among top considerations, she says.
Despite efforts by telehealth technology vendors to implement safeguards, clinicians using these systems often demand “a frictionless experience,” she notes.
“The healthcare provider wants it to be as easy as possible for the patient to make use of the technology,” the attorney notes. As a result, vendors will often get pushback against using security controls, including multifactor authentication.
“Then the vendor has to consider the risk associated with [a potential] breach because contractually, there’s going to be this risk allocation. Who’s going to bear the risk in the event there is a security breach? That’s generally a hard-fought negotiation.”
In the interview (see audio link below photo) Bowen also discusses:
Bowen is a partner with the law firm BakerHostetler and leader of the firm’s healthcare technology team. She counsels clients on digital transformation; healthcare technology; privacy and data protection; and the use, licensing, acquisition and commercialization of technology and intellectual property. Bowen was trained as an engineer and has experience as a software development project manager. Prior to her law career, she held positions at IBM and CibaVision, now Alcon.