D_052219_ConnectedCare_Blog_1500x679
Matt Goggin

Connected Care Compliance: How New Networks Are Enabling HIPAA Standards as More Healthcare Happens Online

It’s no secret that the cost of healthcare is continuing to skyrocket, with the average cost for insurance alone in the U.S. is around $10K annually, and with higher deductibles, some cannot use their insurance until they pay out-of-pocket based on their plans.

To lower the cost of care, and improve the quality of this care, more and more consultations are being delivered online, including those covered by insurance. Another consultation option can now be delivered through emerging “direct primary care” models where family physicians are providing an alternative to fee-for-service insurance by charging patients a monthly, quarterly or annual fee, which in some cases includes clinical and laboratory services, consultations and comprehensive care management.

This is good news for patients and providers, who are burdened by too many patients, and not enough time, resulting in a poor patient experience nobody feels good about.

This trend and the movement to provide Medicare and Medicaid services in the U.S. online to reduce costs and improve outcomes is driving online visits to record levels.

Medicare’s telehealth services include office visits and consultations that are provided using an interactive 2-way telecommunications system (with real-time audio and video) by a doctor or other health care provider who isn’t at the patient’s location (including remote specialists experienced in addressing rare illnesses).

These services are available and delivered online from these places, according to the Medicare.gov website:

  • A hospital
  • A critical access hospital (CAH)
  • A rural health clinic
  • A federally qualified health center
  • A hospital-based or critical access hospital-based dialysis facility
  • A skilled nursing facility
  • A community mental health center

The U.S. is behind other developed countries in providing online care: the U.K. has been innovating in this space for many years and seeing success, notwithstanding push back from traditional doctors.

A direct-to-consumer telehealth service launched in London in late 2017 is very popular with residents –the G.P. at Hand program, which enables residents to access online healthcare services and make an appointment through a smartphone app.

The free program, commissioned by the U.K.’s National Health Service and developed by telehealth company Babylon Health, enables consumers to check their symptoms on a mobile app, then book a virtual visit with a physician at one of five participating clinics within two hours.

Consumers (mainly those between 20 – 40 years old) love the platform because it gives them access to on-demand care when and where they want it, but providers are not fans as the system requires them to adapt workflows and invest in technologies, including security.

There is an inevitability here – how can society not embrace such an intelligent and efficient way to provide care?

For one, it’s time to think about how any connected care network is not a detriment, but rather an enhancement to security, including compliance with HIPAA and other personal privacy regulations.

Attackers seek out health data for its high value, including records that often include social security numbers, credit card information, and other “financial” attractions. 

When it comes to health, however, and the advent of the Internet of Medical Things (IoMT) – health devices connected via wireless networks, their physical health at risk.

To manifest sustainable value and protect patients and organizations from adversaries, care providers need to protect this data by complying with regulations and putting tools and expertise in place.

Whether detecting insider threats to reducing risk from a third-party attack to preventing ransomware from shutting down life-saving equipment, cybersecurity is a risk-management issue unlike any we’ve seen before.

HIPAA compliance remains a challenge for healthcare organizations, even in the most traditional sense. With the expanding attack surface and mega-breaches, hospitals, clinics, medical universities, and insurance companies need to make cybersecurity a priority – and before we connect even more patients and doctors, and patients’ embedded devices it is mission-critical that we to put network security into place that can identify and stop attacks before they penetrate applications and impact end-points.

While there are many levels, and often complex levels of security required to make connected care work – without risk of attack – the high-level strategy is simple: identify and stop attacks before they cause epic damage.

Damage can include interruption in operations, temporary or permanent loss of patient data, reputational harm, and with the IoMT the risk of patient injury or death due to compromised systems.

The financial risk is also potentially massive. This includes fines for non-compliance, which is why nearly every care provider and their partners are conducting risk analysis in line with mandates from HIPAA HITECH.

Security must be present everywhere: cloud, applications, third-party API-connected systems, and of course – I.P. networks. Transactions going in and out of the network must be comprehensively managed. And that requires a new approach – ultra-secure, highly performant private networks. Traffic streams that are going in and out of the network.

Dispersive’s Virtual Network (DVN) technology allows for the management and protection of every device connected to the network, every machine, and human communications happening in real time. Our software-defined approach also makes high-quality video consultations possible, with security across every transaction designed in such a way that does not slow down performance but improves it.

Our virtual network dynamically splits session-level I.P. traffic at the edge into smaller packets, allowing for greater security for patient data as it transits the internet. Using advanced algorithms, our DVN delivers packets to applications, enhancing the quality of voice and video for better, less frustrating communications. Finally, our DVN helps to protect patient safety by thwarting medical device hacks with a call-out-only approach that limits inbound connections.

Want to learn more? Feel free to reach out to us for a demo and discussion. Securing connected care is now possible, not with legacy approaches, but with advanced software solutions that allow organizations to spin up and scale private networks that reduce risk, and support innovations that make all the sense in the world – but only if they are secure.