In the wake of Meaningful Use and the adoption of digitally-based healthcare applications, the industry has increasingly embraced cybersecurity monitoring of access to patient PHI.
At the apex of the COVID-19 pandemic in the U.S., patient visits to healthcare organizations dropped by as much as 80%. In response, healthcare groups have turned to telehealth platforms to augment and interact with their patients addressing social distancing precautions while attempting to provide adequate levels of care. Forrester reports that virtual care visits are projected to exceed 1 billion in the US in 2020, with greater than 80% of visits being related to COVID-19. With the increased utilization of telehealth solutions, many challenges concerning the protection of patient data and the preservation of data privacy have gone unaddressed.
Telehealth-based solutions have spent years attempting to demonstrate their value to the healthcare world. The pandemic has proven to be an unexpected catalyst, accelerating the adoption of these solutions far beyond any industry projections. The telemedicine total addressable market in the United States has displayed an exponential growth curve, growing from $6.1 billion in 2014 to $13.5 billion in 2019, to an expanding market size of $35 billion in 2025. This growth is certain to drive innovation in telehealth cybersecurity.
The rapid increase in telehealth deployment lead the Office for Civil Rights (OCR) to send a Notice of Enforcement Discretion on April 2, 2020, highlighting the increased consumption of telehealth applications and the necessity of monitoring access to this form of Protected Health Information (PHI). This Notice explained that the Department of Health and Human Services would be exercising its discretion in how it applies the Privacy Rule under HIPPAA, and would not impose potential penalties for violations of certain provisions of the HIPAA Privacy Rule for public health and health oversight activities during the COVID-19 nationwide public health emergency.
“In the short term, we can appreciate and understand the need to set aside some forms of bureaucracy in order to save lives. OCR’s decision made good sense given current circumstances and is a proper response within a crisis management scenario”, explains SPHER, Inc. CEO and founder, Raymond Ribble. But, as America returns to the “new normal” of telecommunications, it will be crucial that OCR resets the level of compliance and that all Privacy Rule guidelines be reinstated within the healthcare industry.
The relaxation of the Privacy Rule, although currently necessary, creates opportunity for individuals who are attempting to acquire patient PHI by hacking or unauthorized access into clinical applications. That said, how do healthcare organizations protect ePHI given this scenario of cyber security vulnerability?
Adapting a healthcare privacy monitoring solution is a prime measure to take against cybersecurity threats. A video demonstration we created highlighting the need for privacy monitoring can be viewed here. Using an A.I.-driven software that can actively monitor all user access to PHI and ePHI expedites the detection of potential data breaches resulting from unauthorized access.
SPHER’s Artificial Intelligence-based machine-learning detectors are able to map the behaviors of end-users and clinical applications to analyze, learn and determine what “normal” activity looks like within a healthcare organization. The software uses algorithms that monitor every-day activity and analyzes the actions of each user, so that application detectors can identify anomalist activity against past behavior. Once suspicious activity is detected, the organization is immediately notified in order to efficiently investigate and remediate any incident, which may yield unintended consequences.
As the U.S. healthcare market continues to adapt to the “new normal” of the digital age, proactive means of protecting patient data in the industry will become increasingly crucial.
For more information on how SPHER can improve your healthcare security measures and secure your covered entity from a breach, learn more here or See A Demo!
About the Author:
Maisie Blaukamp
Healthcare Blogger
SPHER, Inc.
maisie.blaukamp@spherinc.com