A man talks to his doctor via video call with a padlock representing privacy on the device.

Privacy Concerns When Going Virtual

Telehealth has become a popular way to see a doctor. Today, you can get many health services remotely. And, some studies show you may get better care at a lower cost than with an in-person visit.1

But one limitation of telehealth is the potential threat to personal privacy that comes with online services. This risk includes the collection and use of your personal health information.

Privacy laws are frequently changing and may not apply to every telehealth service. Most experts and telehealth users believe that the benefits outweigh the privacy risks.2 Even so, it is good to be aware of the privacy policies of the telehealth platform you choose before receiving services.

What are the potential privacy risks of telehealth?

Any exchange of personal information can create certain privacy risks. For telehealth, this risk involves how your electronic devices and apps collect or use your personal information.

For example, remote monitors can collect sensitive information about household activities. This could include personal discussions with your spouse or signs that no one is home. Also, data may be stored by the app or device manufacturer, not just with your doctor. These data may be shared with advertisers who then target ads based on how you use the device or app.3

Telehealth companies and privacy policies

Telehealth companies have policies that explain how they protect your privacy. This statement includes a list of ways they use your information. It also contains a listing of your legal rights. These policies are usually available to read before you click “accept” before downloading an app or service. Note that by clicking “accept” you are consenting to the use of your information according to the law and those terms of service. After downloading, you can often find the privacy policy in the “settings” or “about” section of the app. It is also good to save a copy of this privacy policy for later reference.

By providing your email address, you are agreeing to our Privacy Policy and Terms of Use.

Here are some ways that telehealth companies may use your personal information once you provide your consent:4-6

  • Performing treatment, payment, and healthcare operations
  • Helping with public health activities, such as tracking and reporting diseases
  • Informing authorities to protect victims of abuse
  • Complying with government oversight activities
  • Informing workers’ compensation programs
  • Communicating with family members involved in care
  • Informing advertisers of online activity

Each telehealth company has slightly different privacy policies. You may want to ask a customer service representative about how the company keeps your health information private. They are required by law to disclose this information to you when you ask. For example, the Teladoc service has a Privacy and Security Officer devoted to answering patient questions. Another service, Doctor On Demand, has a compliance hotline you can call.

How do laws or guidelines keep my online health data private?

Federal and state laws can protect your privacy to some extent. This includes your right to access and update your health information, ways to limit its collection and use, and the ability to make choices about it.

The federal Health Insurance Portability and Accountability Act (HIPAA) is one law designed to accomplish this. But the HIPAA Privacy Rule may not presently cover every telehealth technology. So the collection and use of information may be different depending on the telehealth company and what state you live in.3

HIPAA offers guidelines for medical professionals who provide virtual services. One part of this is using a secure communication system. Unsecure channels, like SMS, Skype, and email, should not be used to communicate personal health information.

Secure messaging apps are easy to use and have a similar interface to common messaging apps. And all communication is encrypted. This means that the message or file is packaged electronically and sent in a way that can only be understood by the receiver. You can tell if a website is secure by looking at the beginning part of the address. In your web browser, if the online address begins with “https” rather than “http” without the “s” it is a secure website.

HIPAA law still applies during public health emergencies. But some provisions may be waived by the Federal government. During this current epidemic, for example, the Federal government has decided that communication platforms can be used for telehealth services even if they are not considered secure. This includes Facebook Messenger video, Google hangouts video, and FaceTime.8,9

What can I do to keep my online health data private?

It is a good idea to be familiar with your telehealth service’s privacy policy. This information may be available online or you can talk to your doctor. You should know what rights you have regarding your health information. And you should be aware of how your information may be used.

Here are tips to keep your information private and secure:10

  • Use “strong,” unique passwords and change them often (a strong password includes a combination of letters and numbers and or/symbols)
  • Avoid using telehealth accounts on a public Wi-Fi network, such as in a coffee shop or restaurant
  • If you use a public computer, do not save your password, log out of every account every time, delete your browser history, and clear cookies from your browser settings
  • Monitor your credit reports and health care bills regularly to see any suspicious charges
  • Assume that whatever you provide online could be seen by someone else, or “hacked,” unless it is secure
  • Update older devices with newer software

Join the conversation

Please read our rules before commenting.