A Systematic Review of Research Studies Examining Telehealth Privacy and Security Practices Used By Healthcare Providers
The objective of this systematic review was to systematically review papers in the United States that examine current practices in privacy and security when telehealth technologies are used by healthcare providers. A literature search was conducted using the Preferred Reporting Items for Systematic Reviews and Meta-Analyses Protocols (PRISMA-P). PubMed, CINAHL and INSPEC from 2003 – 2016 were searched and returned 25,404 papers (after duplications were removed). Inclusion and exclusion criteria were strictly followed to examine title, abstract, and full text for 21 published papers which reported on privacy and security practices used by healthcare providers using telehealth. Data on confidentiality, integrity, privacy, informed consent, access control, availability, retention, encryption, and authentication were all searched and retrieved from the papers examined. Papers were selected by two independent reviewers, first per inclusion/exclusion criteria and, where there was disagreement, a third reviewer was consulted. The percentage of agreement and Cohen’s kappa was 99.04% and 0.7331 respectively. The papers reviewed ranged from 2004 to 2016 and included several types of telehealth specialties. Sixty-seven percent were policy type studies, and 14 percent were survey/interview studies. There were no randomized controlled trials. Based upon the results, we conclude that it is necessary to have more studies with specific information about the use of privacy and security practices when using telehealth technologies as well as studies that examine patient and provider preferences on how data is kept private and secure during and after telehealth sessions.
Keywords: Computer security, Health personnel, Privacy, Systematic review, Telehealth
American Telemedicine Association. (2009). Evidence-based practice for telemental health. Retrieved from http://hub.americantelemed.org/resources/telemedicine-practice-guidelines
American Telemedicine Association. (2011). Telehealth practice recommendations for diabetic retinopathy. Retrieved from http://hub.americantelemed.org/resources/telemedicine-practice-guidelines
American Telemedicine Association. (2014a). Clinical guidelines for telepathology. Retrieved from http://hub.americantelemed.org/resources/telemedicine-practice-guidelines
American Telemedicine Association. (2014b). Core operational guidelines for telehealth services involving provider-patient interactions. Retrieved from http://hub.americantelemed.org/resources/telemedicine-practice-guidelines
American Telemedicine Association. (2016). Practice guidelines for teleburn care. Retrieved from http://hub.americantelemed.org/resources/telemedicine-practice-guidelines
Balshem, H., Helfand, M., Schunemann, H. J., Oxman, A. D., Kunz, R., Brozek, J., . . . Guyatt, G. H. (2011). GRADE Guidelines: 3. Rating the quality of evidence. Journal of Clinical Epidemiology, 64, 401-406. https://doi.org/10.1016/j.jclinepi.2010.07.015
Bramer, W. M., Giustini, D., de Jonge, G. B., Holland, L., & Bekhuis, T. (2016). De-duplication of database search results for systematic reviews in EndNote. Journal of the Medical Library Association, 104, 240-243. https://doi.org/10.3163/1536-5050.104.3.014
Brous, E. (2016). Legal considerations in telehealth and telemedicine. American Journal of Nursing, 116(9), 64-67. https://doi.org/10.1097/01.NAJ.0000494700.78616.d3
Cason, J., Behl, D., & Ringwalt, S. (2012). Overview of states' use of telehealth for the delivery of early intervention (IDEA Part C) services. International Journal of Telerehabilitation, 4(2), 39-46. https://doi.org/10.5195/IJT.2012.6105
Cohn, E., & Watzlaf, V. (2012). Telepractice and informed consent: Readability of VoIP privacy practices. Paper presented at the American Speech-Language Hearing Association.
Daniel, H., Sulmasy, L. S., & for the Health and Public Policy Committee of the American College of Physicians. (2015). Policy recommendations to guide the use of telemedicine in primary care settings: An American College of Physicians position paper. Annals of Internal Medicine, 163, 787-789. https://doi.org/10.7326/M15-0498
Demiris, G. (2004). Electronic home healthcare: Concepts and challenges. International Journal of Electronic Healthcare, 1(1), 4-16. https://doi.org/10.1504/IJEH.2004.004655
Demiris, G., Edison, K., & Schopp, L. H. (2004). Shaping the future: Needs and expectations of telehealth professionals. Telemedicine and e-Health, 10 (Suppl 2), S60-S63. https://doi.org/10.1089/tmj.2004.10.S-60
Fleiss, J. L., Cohen, J., & Everitt, B. S. (1969). Large sample standard errors of kappa and weighted kappa. Psychological Bulletin, 72, 323-327. https://doi.org/10.1037/h0028106
Garg, V., & Brewer, J. (2011). Telemedicine security: A systematic review. Journal of Diabetes Science and Technology, 5, 768-777. https://doi.org/10.1177/193229681100500331
Hall, J. L., & McGraw, D. (2014). For telehealth to succeed, privacy and security risks must be identified and addressed. Health Affairs (Millwood), 33, 216-221. https://doi.org/10.1377/hlthaff.2013.0997
Health Resources and Services Administration. (2015). Telehealth. Retrieved from https://www.hrsa.gov/rural-health/telehealth/index.html
Moher, D., Shamseer, L., Clarke, M., Ghersi, D., Liberati, A., Petticrew, M., . . . PRISMA-P Group. (2015). Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 Statement. Systematic Reviews, 4, 1. https://doi.org/10.1186/2046-4053-4-1
Mullen-Fortino, M., DiMartino, J., Entrikin, L., Mulliner, S., Hanson, C. W., & Kahn, J. M. (2012). Bedside nurses' perceptions of intensive care unit telemedicine. American Journal of Critical Care, 21(1), 24-32. https://doi.org/10.4037/ajcc2012801
Naam, N. H., & Sanbar, S. (2015). Advanced technology and confidentiality in hand surgery. Journal of Hand Surgery, 40, 182-187. https://doi.org/10.1016/j.jhsa.2014.03.011
Nieves, J. E., Candelario, J., Short, D., & Briscoe, G. (2009). Telemental health for our soldiers: A brief review and a new pilot program. Military Medicine, 174, xxi-xxii.
Office of the National Coordinator for Health Information Technology. (2016). Breaches of unsecured protected health information. Health IT Quick-Stat #53. Retrieved from https://dashboard.healthit.gov/quickstats/pages/breaches-protected-health-information.php
Paing, W. W., Weller, R. A., Welsh, B., Foster, T., Birnkrant, J. M., & Weller, E. B. (2009). Telemedicine in children and adolescents. Current Psychiatry Reports, 11, 114-119. https://doi.org/10.1007/s11920-009-0018-9
Peterson, C., & Watzlaf, V. (2014). Telerehabilitation store and forward applications: A review of applications and privacy considerations in physical and occupational therapy practice. International Journal of Telerehabilitation, 6(2), 75-84. https://doi.org/10.5195/ijt.2014.6161
Putrino, D. (2014). Telerehabilitation and emerging virtual reality approaches to stroke rehabilitation. Current Opinion in Neurology, 27, 631-636. https://doi.org/10.1097/WCO.0000000000000152
Rinehart-Thompson, L. (2013). Introduction to health information privacy and security. Chicago, IL: AHIMA Press.
US Department of Health and Human Services. (2013). HIPAA administrative simplification regulation text. Retrieved from http://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/combined/hipaa-simplification-201303.pdf
Watzlaf, V. (2010). Are your internet based technology practices HIPAA compliant? Paper presented at the American Telemedicine Association, Telerehabilitation SIG.
Watzlaf, V., & Ondich, B. (2012). VoIP for telerehabilitation: A pilot usability study for HIPAA compliance. International Journal of Telerehabilitation, 4(1), 25-32. https://doi.org/10.5195/ijt.2012.6096
Watzlaf, V., Moeini, S., & Firouzan, P. (2010). VOIP for telerehabilitation: A risk analysis for privacy, security, and HIPAA compliance. International Journal of Telerehabilitation, 2(2), 3-14. https://doi.org/10.5195/ijt.2010.6056
Watzlaf, V., Moeini, S., & Matusow, L. (2011). Privacy and security assessment for internet-based technologies. Paper presented at the Pennsylvania Speech and Hearing Association Conference, Pittsburgh, PA.
Watzlaf, V., Moeini, S., Matusow, L., & Firouzan, P. (2011). VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security and HIPAA Compliance: Part II. International Journal of Telerehabilitation, 3(1), 3-10. https://doi.org/10.5195/ijt.2011.6070
Watzlaf, V., DeAlmeida, D., Zhou, L., & Hartman, L. (2015). Protocol for a systematic review of telehealth privacy and security research to identify best practices. International Journal of Telerehabilitation, 7(2), 15-22. https://doi.org/10.5195/ijt.2015.6186
Watzlaf, V., DeAlmeida, D., Molinero, A., Zhou, L., & Hartman, L. (2015). Protocol for systematic review in privacy and security in telehealth: Best practices for healthcare professionals. PROSPERO, 2015, CRD42015020552. Retrieved from http://www.crd.york.ac.uk/PROSPERO/display_record.php?ID=CRD42015020552
Copyright (c) 2017 Valerie Watzlaf, Leming Zhou, Dilhari DeAlmeida, Linda Hartman
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- The Author retains copyright in the Work, where the term “Work” shall include all digital objects that may result in subsequent electronic publication or distribution.
- Upon acceptance of the Work, the author shall grant to the Publisher the right of first publication of the Work.
- The Author shall grant to the Publisher and its agents the nonexclusive perpetual right and license to publish, archive, and make accessible the Work in whole or in part in all forms of media now or hereafter known under a Creative Commons Attribution 4.0 International License or its equivalent, which, for the avoidance of doubt, allows others to copy, distribute, and transmit the Work under the following conditions:
- Attribution—other users must attribute the Work in the manner specified by the author as indicated on the journal Web site;
- The Author is able to enter into separate, additional contractual arrangements for the nonexclusive distribution of the journal's published version of the Work (e.g., post it to an institutional repository or publish it in a book), as long as there is provided in the document an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post online a prepublication manuscript (but not the Publisher’s final formatted PDF version of the Work) in institutional repositories or on their Websites prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work. Any such posting made before acceptance and publication of the Work shall be updated upon publication to include a reference to the Publisher-assigned DOI (Digital Object Identifier) and a link to the online abstract for the final published Work in the Journal.
- Upon Publisher’s request, the Author agrees to furnish promptly to Publisher, at the Author’s own expense, written evidence of the permissions, licenses, and consents for use of third-party material included within the Work, except as determined by Publisher to be covered by the principles of Fair Use.
- The Author represents and warrants that:
- the Work is the Author’s original work;
- the Author has not transferred, and will not transfer, exclusive rights in the Work to any third party;
- the Work is not pending review or under consideration by another publisher;
- the Work has not previously been published;
- the Work contains no misrepresentation or infringement of the Work or property of other authors or third parties; and
- the Work contains no libel, invasion of privacy, or other unlawful matter.
- The Author agrees to indemnify and hold Publisher harmless from Author’s breach of the representations and warranties contained in Paragraph 6 above, as well as any claim or proceeding relating to Publisher’s use and publication of any content contained in the Work, including third-party content.
Revised 7/16/2018. Revision Description: Removed outdated link.