Privacy Concerns When Going Virtual
Last updated: June 2020
Telehealth has become a popular way to see a doctor. Today, you can get many health services remotely. And, some studies show you may get better care at a lower cost than with an in-person visit.1
But one limitation of telehealth is the potential threat to personal privacy that comes with online services. This risk includes the collection and use of your personal health information.
Privacy laws are frequently changing and may not apply to every telehealth service. Most experts and telehealth users believe that the benefits outweigh the privacy risks.2 Even so, it is good to be aware of the privacy policies of the telehealth platform you choose before receiving services.
What are the potential privacy risks of telehealth?
Any exchange of personal information can create certain privacy risks. For telehealth, this risk involves how your electronic devices and apps collect or use your personal information.
For example, remote monitors can collect sensitive information about household activities. This could include personal discussions with your spouse or signs that no one is home. Also, data may be stored by the app or device manufacturer, not just with your doctor. These data may be shared with advertisers who then target ads based on how you use the device or app.3
Telehealth companies and privacy policies
Here are some ways that telehealth companies may use your personal information once you provide your consent:4-6
- Performing treatment, payment, and healthcare operations
- Helping with public health activities, such as tracking and reporting diseases
- Informing authorities to protect victims of abuse
- Complying with government oversight activities
- Informing workers’ compensation programs
- Communicating with family members involved in care
- Informing advertisers of online activity
Each telehealth company has slightly different privacy policies. You may want to ask a customer service representative about how the company keeps your health information private. They are required by law to disclose this information to you when you ask. For example, the Teladoc service has a Privacy and Security Officer devoted to answering patient questions. Another service, Doctor On Demand, has a compliance hotline you can call.
How do laws or guidelines keep my online health data private?
Federal and state laws can protect your privacy to some extent. This includes your right to access and update your health information, ways to limit its collection and use, and the ability to make choices about it.
The federal Health Insurance Portability and Accountability Act (HIPAA) is one law designed to accomplish this. But the HIPAA Privacy Rule may not presently cover every telehealth technology. So the collection and use of information may be different depending on the telehealth company and what state you live in.3
HIPAA offers guidelines for medical professionals who provide virtual services. One part of this is using a secure communication system. Unsecure channels, like SMS, Skype, and email, should not be used to communicate personal health information.
What can I do to keep my online health data private?
HIPAA law still applies during public health emergencies. But some provisions may be waived by the Federal government. During this current epidemic, for example, the Federal government has decided that communication platforms can be used for telehealth services even if they are not considered secure. This includes Facebook Messenger video, Google hangouts video, and FaceTime.8,9
Here are tips to keep your information private and secure:10
Did you know you can read advice and stories from other community members in our new Community Hub?