How Telemedicine Delivers Privacy, Security & Compliance Affordably


Doctors Without Borders sends challenging questions about cases from the South Sudan, Niger, and other areas to its 280 worldwide experts about 5-10 times daily. Outside of St. Louis, doctors and nurses work 24/7 in the new Virtual Care Center, a facility run by Mercy that offers remote support to 38 smaller hospitals spread out from Oklahoma to North Carolina. The at-a-distance help is vital for emergency rooms and intensive-care units at these hospitals; some of them do not have a doctor on-premises 24/7.

One of the doctors working in the facility’s ICU department said that it is very similar to being bedside. Critical-care specialist Vinaya Sermdevi said, "I can’t shock a patient [restart his heart with electrical paddles], but I can give an order to the nurses there."

Through telemedicine, patients can get healthcare more affordably. A report published by the nonprofit Alliance for Connected Care in 2014, "Assessment of the Feasibility and Cost of Replacing In-Person Care with Acute Care Telehealth Services," revealed that telemedicine could lower costs by over $100 in comparison to a traditional office visit. The whitepaper found that the expense of a typical traditional appointment is $136-176, while a virtual visit averages $40-50.

To better understand the savings of telemedicine, it helps to look at what people use in its absence. Here is where participants in the Connected Care study would have received treatment if they had not had access to telemedicine:

urgent care centers – 45.8%
doctor’s offices – 30.9%
hospital emergency rooms – 5.6%
other clinics – 5.4%
no treatment – 12.3%.

Note that the amount of savings can be much more than $100, if you look at the case of that small percentage who instead visit the ER. The average cost of an emergency room visit is $1595, according to the report – so that would be a savings of more than $1500 vs. telemedicine.

Another study from the University of California – Davis looked at the use of telemedicine among its patients. The research found that patients avoided a total 5 million miles of travel, which calculates to over 9 years of road time and $3 million of associated expenses. These savings estimates were actually not based on the patient meeting with the doctor from home; in this situation, the patients visited a telemedicine facility located close to their home rather than driving the full distance to the UC Davis Health office in Sacramento.

Related to the above savings, those represent either individuals or relatively small study samples. When we really see the power of telemedicine is when we look at how it gets healthcare costs down generally. The total cost savings throughout healthcare were projected at $6 billion in a study by consultancy Towers Watson. However, the research team concluded that there would need to be a change in perspective to realize those full potential savings. "Achieving these savings requires a shift in patient and physician mindsets, health plan willingness to integrate and reimburse such services, and regulatory support in all states," said the lead author, Towers Watson senior consultant Allan Khoury, MD.

Top priority for healthcare environments: privacy & security

A poll that was published in February 2017, the Substitutable Medical Applications, Reusable Technology (SMART) Health IT study, looked specifically at what providers said they needed from software – revealing top priorities related to their technologies.

Nearly half of the providers polled named privacy and security as a top concern with apps. The second most important issue related to adoption, said respondents, was the software’s credibility. The third concern was its maintenance.

The study, conducted by KLAS Research, talked with clinical leaders at healthcare enterprises about their practice’s use of applications and their primary worries related to healthcare technology. The paper was funded by the Health and Human Services Department’s Office of the National Coordinator for Health Information Technology (ONC), the subagency created by the Health Information Technology for Economic and Clinic Health Act (HITECH) and charged with its enforcement.

Notably, all of those above issues – privacy and security, credibility, and maintenance –are solved with the adoption of a telemedicine service that is highly rated and handles its own software updates and hardware maintenance (standard with telemedicine delivered as a virtual service).

This poll on concerns related to deployment of healthcare apps was timely when it was released because providers were beginning to turn away from integrated, single-vendor solutions at that time. Moving away from those catch-all models, "many organizations [are] looking to third-party vendors to supply niche solutions to improve organizational efficiency and patient care," said the researchers.

How does telemedicine deliver a private and secure environment?

First, it is worth noting the concern with third-party systems using the example of cloud computing. Cloud is often maligned in terms of its supposed inability to deliver strong data protection. However, it should be noted that the HHS Department specifically states in its "Guidance on HIPAA & Cloud Computing" that public, private, and hybrid clouds can all be HIPAA-compliant as long as an appropriate business associate agreement (BAA) with the provider is in place.

It is also worth noting that third-party virtual systems are considered, on the whole, more secure than on-site systems. As David Linthicum noted, "those who build cloud-based platforms for enterprises typically focus more on security and governance than those who build systems that will exist inside firewalls."

Like a cloud provider, telemedicine providers must be incredibly vigilant about creating protections for their users – since in both cases, it has long been the top concern.

Security and privacy within telemedicine

Many people think that transmitting electronic protected health information (ePHI) remotely is acceptable as long as the two parties are the doctor, or a similar authorized party, and patient. That communication channel must be properly secured, though, as well as monitored for breaches. In terms of the security mechanisms that are needed, those should be "reasonable and appropriate," per the Health and Human Services Department.

HIPAA requirements are related to the general goals to be achieved as opposed to a set of specific tasks to complete. For that reason, there is no definitive list of necessary technologies to include in a HIPAA-compliant telemedicine environment. Rather, the telemedicine provider should be fundamentally focused on using up-to-date standards to meet the needs of the healthcare law as they design their ecosystems. Key technologies to include are SSL certificates, virtual private networks (VPNs), two-factor authentication, firewalls, and intrusion-detection systems (IDSs).

Why do telemedicine providers care as much as you do about HIPAA compliance?

Whenever you are signing a business associate agreement with a third party, it is essential to consider the degree to which that entity is concerned with protecting your patient data; your credibility could depend on their commitment to those protections. Here are two primary reasons that a strong telemedicine provider, just like a HIPAA compliant web host, should be as committed to protecting healthcare data as you are: 1.) Their credibility is on the line too. Since healthcare communication is fundamentally concerned with abiding by federal law, any organization that provides telemedicine knows that safeguarding data must be the central point of focus. If a telemedicine provider is breached, the fallout is understandably incredible. 2.) They are liable for failure to protect the data. As of the Omnibus Final Rule of 2013, business associates are responsible to meet the parameters of HIPAA (whereas previously all liability was squarely on the shoulders of covered entities).


Clearly telemedicine is a highly affordable alternative to a traditional doctor’s office visit (or other alternatives such as trips to the ER). Privacy and security can be delivered seamlessly through telemedicine as well. It is simply critical, when telemedicine is provided, or when seeking other services through third parties, that you use high-quality providers that are highly familiar with the special needs of healthcare hosting.

Adnan Raja has been the Vice President of Marketing at Atlantic.Net for 14 years. During Raja’s tenure, the Orlando-based, privately held hosting company has grown from having a primarily regional presence to garnering and developing attention nationwide and internationally. In collaboration with a skilled and dedicated team, Raja has successfully led a full spectrum of marketing campaigns, as well as handling PR work with major news outlets and the formation of key strategic alliances.