How to Address Telehealth Cloud Security RisksJim Angle of Trinity Health and the Cloud Security Alliance Discusses Top Issues
With the surge in telehealth use during the COVID-19 pandemic, healthcare organizations must be prepared to deal with cloud security and privacy risks, says Jim Angle, manager of vulnerability management at Trinity Health and author of a recent report from the Cloud Security Alliance.
"If you're using a cloud service for your telehealth, then you have a third party involved. Anytime you're transmitting that data, it's leaving your facility - and you have additional concerns compared with face-to-face visits with a doctor," he says.
"Big issues I see are in both ends of the connection. One issue is to make sure the [healthcare] provider secures his system. If it's not, then it's easily compromised or snooped on by somebody else. But the bigger issue is on the user's end - how do we get the patients to understand that they need to secure their systems? Home computers are notoriously unsecure."
If the telehealth data is going to the cloud, healthcare providers have to address "who has the ability to [access] that data as it's going through the cloud," he adds.
Back to the Drawing Board
Due to the pandemic, many telehealth applications "were put up very quickly and not vetted properly," Angle says. So organizations "should take the time to go back and assess the process from end to end. Do it over, and do it completely," he advises.
In the interview (see audio link below photo), Angle also discusses:
- Other top cloud security and privacy issues involving telehealth;
- Risks and regulatory concerns involving third-party vendors and subcontractors - including companies based outside the U.S. - that work with telehealth services providers;
- Identity and access management and authentication issues for telehealth services and the cloud;
- Security concerns for medical devices and remote patient monitoring systems.
Angle is manager of vulnerability management at Trinity Health, a healthcare system based in Livonia, Mich., which includes 93 hospitals in 22 states. Angle, who has more than 20 years of security experience in both government and the private sector, is also the co-chair of the health information management working group for the Cloud Security Alliance and conducts research on cloud security.