Important Privacy Considerations for Selecting Virtual Care Services

Since the spread of COVID-19, clinics have been scrambling to find virtual care services to help communicate with other clinics and patients while maintaining social distancing. One important consideration that is often missed or misunderstood, is how a service mitigates the risks to patient privacy when used to conduct virtual care.

The biggest question you should be asking when choosing virtual care vendors is “Can you guarantee that my clinic and patient information will be protected and that we won’t be hit with a cyber virus?”. Many companies providing these services don’t check to see if they are safe for use with patient information in every jurisdiction they serve.

You only want to use services that are willing to operate compliantly according to the rules for your practice. At the end of the day, you and your team are responsible for whatever happens to your patients’ private health information. 

Important privacy considerations for selecting virtual care services:

  • Is data collected and stored by service?
  • Is the data used for third party purposes?
  • Is the company willing to sign an Information Manager’s agreement (IMA), or Business Associate Agreement (BAA)
  • Does the service protect against cyber-viruses?
  • Is access auditable?
  • Can individual accounts be assigned?
  • What are the password requirements?
  • Does it follow the rules and regulations in my region?

Email with patients is more dangerous than ever:

Remember, you and your clinic are only as secure as your weakest link. Many of your patients are working from home and using regular email and other unsecured means to communicate with co-workers, friends, and family. Cybercriminals are taking advantage of this new situation by sending out more and more ransomware/phishing emails themed around COVID-19 to increase their click rate.

If you do choose to communicate with your patients using email (Gmail, Outlook, etc.) you are vulnerable to every dangerous email they have opened that could spread to your clinic’s network. Ransomware and phishing emails propagate through infected email contact lists. It’s crucial that you aren’t connected with your patients via email and use a service/tool, such as Secure-Mail, that will keep both sides of communication secure.