Published April 24, 2020

Telehealth: Swimming With Sharks

The Office for Civil Rights (OCR) and the Centers for Medicare & Medicaid Services (CMS) have temporarily relaxed rules regarding the use of social video applications such as FaceTime, Zoom, and Google Meet for the delivery of telehealth. Many providers have jumped at the opportunity for inexpensive, familiar, readily available tools to meet with their patients.

PYA’s recent webinar, “Getting Online With Telehealth: Practical Guidance for Physician Practices,” recommends providers look before they leap.

The fact is, providers looking at social video applications for their telehealth solutions are attracting cybercriminals like blood in shark-infested waters. There were reasons these applications were prohibited in the past. These reasons still exist, and the only change is the OCR will not seek to impose penalties for breaches that occur while using these applications. While that may head off an OCR audit and investigation, providers must still report the breach, and deal with the fallout in the court of public opinion.

Recently the FBI published a security alert regarding cybercriminals taking advantage of users of video teleconferencing to deliver services or conduct business.

“While telework software provides individuals, businesses, and academic institutions with a mechanism to work remotely, users should consider the risks associated with them and apply cyber best practices to protect critical information, safeguard user privacy, and prevent eavesdropping. Cyber actors may use any of the below means to exploit telework applications.”

Failing to use the correct settings for the video meeting dramatically increases the possibility of exposure. Once criminals find a vulnerability, they can potentially eavesdrop on all future telehealth sessions without being discovered, exposing the private information of hundreds of patients.

There is a much more secure way to get started in telehealth quickly and safely. The COVID-19 pandemic has created a leap in the telehealth adoption timeline. There are now hundreds of inexpensive telehealth solutions that are HIPAA compliant and boast a start-up timeline of only a few hours—in some cases, minutes. Many of these solutions offer built-in features, such as:

  • Multi-window calling that helps include caregivers in the session
  • Mobile apps
  • Patient invitation to your branded waiting room by email or website button
  • Customized intake forms
  • Virtual waiting rooms and patient queues
  • Educational videos or articles as patients wait
  • Online credit card payments
  • Ability for patients to self-schedule follow-up visits
  • Auto-confirmations and reminders via email & SMS
  • E-Prescriptions

So, before you jump into the deep end with the sharks, take some time to review and consider the available HIPAA-compliant solutions that offer integrated and secure services.

If your practice would like help making the move to telehealth, or needs other guidance related to COVID-19, visit PYA’s COVID-19 hub, or contact one of our PYA executives below at (800) 270-9629.

Executive Contacts

Interested in Learning More?

Sign Up for Our Latest Thought Leadership!



    Select Your Subscriptions