Attorney Betsy Hodge of Akerman on Critical Telehealth Risk Considerations
It's critical for healthcare providers that offer telehealth and remote patient monitoring services to incorporate these systems into their enterprisewide risk programs, including how they plan to address issues such as patch management from afar, said regulatory attorney Betsy Hodge of the law firm Akerman LLP.
"Covered entities that are deploying these systems need to make sure they are including remote patient monitoring and telehealth programs in their enterprisewide risk analysis - and then flowing from that - should incorporate this in their organization's risk management plan," she said.
This should include describing the covered organization's plan to address patching or updating these devices that are now being deployed outside of its four walls, she said. "That is something that needs to be considered before you roll out a telehealth or a remote patient monitoring program. And then there are some of these devices - including implantables - that may not be able to be patched because of how they were designed," she said.
"The covered entity needs to consider what compensating controls they're going to have in place to maintain the security of those devices."
In this audio interview with Information Security Media Group (see audio link below photo), Hodge also discussed:
Hodge, a partner in law firm Akerman LLP's healthcare and data privacy practices, focuses on compliance and regulatory issues affecting healthcare providers, payers and employer-sponsored health plans. Hodge, an author and frequent speaker on healthcare law, also chairs the American Health Law Association's Health and Information Technology Practice Group.