Telehealth Data Privacy and Security -PowerPoint ... · PDF fileMedia relay server ©2015...

9/16/2015

1

©2015 Foley & Lardner LLP • Attorney Advertising • Prior results do not guarantee a similar outcome • Models used are not clients but may be representative of clients • 321 N. Clark Street, Suite 2800, Chicago, IL 60654 • 312.832.4500

1

Wednesday, September 16, 2015 – 12:00 pm Central

©2015 Foley & Lardner LLP

Presenters2

Nathaniel M. Lacktman(Moderator)PartnerFoley & Lardner [email protected]

Brandon M. Welch, M.S., Ph.D.Co-Founder of Doxy.me; AssistantProfessor, Medical University ofSouth [email protected]

Michael CarterEnterprise Manager of Mediaand Telemedicine Systems,Partners [email protected]

Leeann HabteSenior CounselFoley & Lardner [email protected]

9/16/2015

2


3

Telehealth

Virtualvisits

Remotemonitoring

Storeand

forward


■ Telehealth: Security Risks and Vulnerabilities

4

•Security of mobiledevices

•Multiple systems,technologies,platforms

•Large volumes ofdata – secure storageof video/images

•Transmission ofinformation viawireless/wifi/internet/communicationlines

•Privacy ofConsultation

PhysicalSecurity

TransmissionSecurity

UnauthorizedAccess

DataManagement

9/16/2015

3


5

■ Legal Framework

Sector-specific.

Jurisdiction-specific andmay apply to eithercertain providers or tocertain types ofinformation.

Consumer ProtectionLaws.

Health Information Portability & Accountability Act (HIPAA) andHealth Information Technology for Economic & Clinical Health(HITECH).

Federal Communication Commission.

Informed consent for telemedicine. Mental health information. Substance abuse information. HIV/AIDS/communicable disease data. Genetic data. Marketing restrictions. State breach reporting.

Federal Trade Commission. Food and Drug Act.

STATE

LAWS

FEDERAL

LAWS


6

HIPAA Issues for Telehealth

Is the telehealth company a Covered Entity, Business Associate,both, or neither?

Role of telehealth company -- data storage, reporting, billing,other

Data Management –chain of custody, liability, access/use ofconsumer data, deidentification (mining, re-sale)

Data Security – encryption, authentication, data storage

9/16/2015

4


7

Privacy Compliance

Notice of Privacy Practices (who provides,MSO, vendor, provider)

Website Privacy Statement (different thanNPP)

Terms of Use

Informed Consent to Telemedicine

Online “pop-up” authorizations

Electronic signatures


8

Privacy Considerations

Which state law applies to interstate consults?

Laws that govern use and disclosure of informationData breach notification laws

Ownership of telehealth record

Who owns the record? Provider or patient?

Medical record requirements

Is the video/audio recording part of the medical record?What are the retention requirements?

9/16/2015

5


9

International Considerations

National/local data collection and privacy laws –What triggers laws? Data collection? Data storage?

Data transfer issues

International security protocols


9/16/2015

6


Technology and HIT Systems

BusinessProcess

Technology

IT SystemsBusinessSolutions

BusinessChallenges


IT Components

12

InformationSystems

ComputingDevices

OperatingSystems

EnterpriseSystems

NetworkingTelecommSecurity

Integration

DataManagement

9/16/2015

7


Mediating Factors

Environmental Cultural Structure

BusinessProcesses

PoliticsDecisionSupport

13


Technology Selection

▪ Build vs Buy

1. Agility versus sustainability

2. How to choose the right technology partner

How to address internally developed solutions

The use of technology consultants

▪ What is feasible?

▪ What does scale look like?

▪ Could this be an Enterprise System?

9/16/2015

8


Integration

▪ How can technology integration add value?

1. Automation

2. Cost Reduction

3. Capacity building

▪ Where to focus

1. Reducing disparate systems

2. Tying in with clinical systems

3. SaaS and PaaS based models


Privacy and Security Overview

The challenge: protect PHI as it moves through thehealthcare system

▪ Potential obstacles:

1. Internal

▪ Workflow

▪ Politics

▪ Organizational Culture

2. External

▪ Hackers

▪ Identify Theft

▪ State Sponsored Attacks

▪ Consumerization of IT

9/16/2015

9


Approaches to Security

▪ Cyber Security Changing Landscape

▪ Encryption and HIPAA compliance

▪ Two Factor Authentication

▪ Data Management


Security Breaches

▪ 62% increase in security breaches since 2013

▪ 2.5 billion exposed records in 2014

▪ Telehealth is an unfamiliar territory to most securityprofessionals

▪ How to prevent IT security breaches

1. Third Party Code Audits2. Hosting Security Reporting3. Active Monitoring4. Standards

9/16/2015

10



9/16/2015

11



9/16/2015

12


Media relayserver

©2015 Foley & Lardner LLP http://chimera.labs.oreilly.com/books/1230000000545/ch18.html

Peer-to-peer(P2P)

Real-time

interaction

9/16/2015

13



HIV TREATMENTCLINIC

9/16/2015

14



9/16/2015

15



vs

Communication andinteraction Documentation

9/16/2015

16



9/16/2015

17


Contact Information33

Visit: www.foley.com/telemedicine www.healthcarelawtoday.com

■ Brandon M. Welch, M.S., Ph.D.Co-Founder of Doxy.me; AssistantProfessor, Medical University of [email protected]

Twitter: @WelchBM

■ Michael CarterEnterprise Manager of Media andTelemedicine SystemsPartners [email protected]

■ Nathaniel M. LacktmanPartnerFoley & Lardner [email protected]

Twitter: @Lacktman

■ Leeann HabteSenior CounselFoley & Lardner [email protected]

Register Today at personalizedmedicinesummit.com

Foley Web Conference Attendees Save 40%!

VIP Rate: $175 • Discount Code: FOLEYVIP15

Join Us Next Month for the Best Value inPersonalized Medicine Thought Leadership!

Telehealth Data Privacy and Security -PowerPoint ... · PDF fileMedia relay server ©2015...

Documents

Transcript of Telehealth Data Privacy and Security -PowerPoint ... · PDF fileMedia relay server ©2015...