A Telehealth Privacy and Security Self-Assessment Questionnaire for Telehealth Providers: Development and Validation

Authors

DOI:

https://doi.org/10.5195/ijt.2019.6276

Keywords:

Privacy, Questionnaire Development, Reliability, Security

Abstract

Background: Telehealth is a great approach for providing high quality health care services to people who cannot easily access these services in person. However, because of frequently reported health data breaches, many people may hesitate to use telehealth-based health care services. It is necessary for telehealth care providers to demonstrate that they have taken sufficient actions to protect their patients’ data security and privacy. The government provided a HIPAA audit protocol that is highly useful for internal security and privacy auditing on health care systems, however, this protocol includes extensive details that are not always specific to telehealth and therefore is difficult to be used by telehealth practitioners.

Objective: The goal of this study was to develop and validate a telehealth privacy and security self-assessment questionnaire for telehealth providers. 

Methods: In our previous work, we performed a systematic review on the security and privacy protection offered in various telehealth systems. The results from this systematic review and the HIPAA audit protocol were used to guide the development of the self-assessment questionnaire. The draft of the questionnaire was created by the research team and distributed to a group of telehealth providers for evaluating the relevance and clarity of each statement in the draft. The questionnaire was adjusted and finalized according to the collected feedback and face-to-face discussions by the research team. A website was created to distribute the questionnaire and manage the answers from study participants. A psychometric analysis was performed to evaluate the reliability of the questionnaire.

Results: There were 84 statements in the draft questionnaire. Five telehealth providers provided their feedback to the statements in this draft. They indicated that a number of these statements were either redundant or beyond the capacity of telehealth care practitioners, who typically do not have formal training in information security. They also pointed out that the wording of some statements needed to be adjusted. The final released version of the questionnaire had 49 statements. In total, 31 telehealth providers across the nation participated in the study by answering all the statements in this questionnaire. The psychometric analysis indicated that the reliability of this questionnaire was high.   

Conclusion: With the availability of this self-assessment questionnaire, telehealth providers can perform a quick self-assessment on their telehealth systems. The assessment results may be used to identify possible vulnerabilities in telehealth systems and practice or demonstrate to patients the sufficient security and privacy protection to patients’ data.

  

Author Biographies

Leming Zhou, The University of Pittsburgh

Associate Professor, Health Information Management Department, School of Health and Rehabilitation Sciences (SHRS)

Robert Thieret, The University of Pittsburgh

Recent graduate (summa cum laude) from the University of Pittsburgh's School of Rehabilitation Sciences with a Bachelor of Science in Health Information Management. Areas of interest include healthcare compliance, data analytics, and telehealth principles and research.

Valerie Watzlaf, The University of Pittsburgh

Vice Chair of Education, Health Information Management Department, School of Health and Rehabilitation Sciences (SHRS) 

Dilhari DeAlmeida, The University of Pittsburgh

Associate Professor, Health Information Management Department, School of Health and Rehabilitation Sciences (SHRS)

Bambang Parmanto, The University of Pittsburgh

Professor and Interim Chair, Health Information Management Department, School of Health and Rehabilitation Sciences (SHRS) 

References

Cherry, C. O., Chumbler, N. R., Richards, K., Huff, A., Wu, D., Tilghman, L. M., & Butler, A. (2017). Expanding stroke telerehabilitation services to rural veterans: A qualitative study on patient experiences using the robotic stroke therapy delivery and monitoring system program. Disability and Rehabilitation: Assistive Technology, 12(1), 21-27. doi:10.3109/17483107.2015.1061613

Davidsson, N., & Sodergard, B. (2016). Access to healthcare among people with physical disabilities in rural Louisiana. Social Work Public Health, 31, 188-195. doi:10.1080/19371918.2015.1099496

European Union. (2018). GDPR key changes. Retrieved from https://eugdpr.org/the-regulation/

Georgeadis, A., Brennan, D., Barker, L., & Baron, C. (2004). Telerehabilitation and its effects on story telling by adults with neurogenic communication disorders. Aphasiology, 18, 639-652.

Hale, T. M., & Kvedar, J. C. (2014). Privacy and security concerns in telehealth. Virtual Mentor, 16, 981-985. doi:10.1001/virtualmentor.2014.16.12.jdsc1-1412

Hall, J. L., & McGraw, D. (2014). For telehealth to succeed, privacy and security risks must be identified and addressed. Health Affairs (Millwood), 33, 216-221. doi:10.1377/hlthaff.2013.0997

Hall, N., Boisvert, M., & Steele, R. (2013). Telepractice in the assessment and treatment of individuals with aphasia: A systematic review. International Journal of Telerehabilitation, 5(1), 27-38. doi:10.5195/ijt.2013.6119

Harper, D. (2003). Telehealth. In M. Roberts (Ed.), Handbook of Pediatric Psychology (3rd ed.). New York: Guilford Press.

He, D., Naveed, M., Gunter, C. A., & Nahrstedt, K. (2014). Security concerns in Android mHealth apps. AMIA Annual Symposium Proceedings, 2014, 645-654.

Health Resources and Services Administration. (2014). Distribution of U.S. health care providers residing in rural and urban areas. National Center for Health Workforce Analysis. Retrieved from https://www.ruralhealthinfo.org/assets/1275-5131/rural-urban-workforce-distribution-nchwa-2014.pdf

Iezzoni, L. I., Killeen, M. B., & O'Day, B. L. (2006). Rural residents with disabilities confront substantial barriers to obtaining primary care. Health Services Research, 41(4, Part 1), 1258-1275. doi:10.1111/j.1475-6773.2006.00534.x

Jones, C. A., Parker, T. S., Ahearn, M., Mishra, A. K., & Variyam, J. N. (2009). Health status and health care access of farm and rural populations. Retrieved from https://www.ers.usda.gov/webdocs/publications/44424/9371_eib57_1_.pdf?v=0

Kairy, D., Lehoux, P., Vincent, C., & Visintin, M. (2009). A systematic review of clinical outcomes, clinical process, healthcare utilization and costs associated with telerehabilitation. Disability and Rehabilitation, 31, 427-447. doi:10.1080/09638280802062553

Kruse, C. S., Frederick, B., Jacobson, T., & Monticone, D. K. (2017). Cybersecurity in healthcare: A systematic review of modern threats and trends. Technology and Health Care, 25(1), 1-10. doi:10.3233/THC-161263

Kruse, C. S., Krowski, N., Rodriguez, B., Tran, L., Vela, J., & Brooks, M. (2017). Telehealth and patient satisfaction: A systematic review and narrative analysis. British Medical Journal Open, 7(8), e016242. doi:10.1136/bmjopen-2017-016242

Meinert, E., Alturkistani, A., Brindley, D., Knight, P., Wells, G., & de Pennington, N. (2018). Weighing benefits and risks in aspects of security, privacy and adoption of technology in a value-based healthcare system. BMC Medical Informatics and Decision Making, 18(1), 100. doi:10.1186/s12911-018-0700-0

Pew Research Center. (2018a). Demographics of mobile device ownership and adoption in the United States. Retrieved from http://www.pewinternet.org/fact-sheet/mobile/ [Website: http://www.webcitation.org/6xDIpUN2z]

Pew Research Center. (2018b). Internet/Broadband fact sheet. Retrieved from http://www.pewinternet.org/fact-sheet/internet-broadband/

Ponemon Institute, & IBM Security. (2018). 2018 Cost of data breach study. Retrieved from https://www.ibm.com/security/data-breach

U.S. Census Bureau. (2016). New census data show differences between urban and rural populations. Retrieved from https://www.census.gov/newsroom/press-releases/2016/cb16-210.html

Wade, S. L., Wolfe, C., Brown, T. M., & Pestian, J. P. (2005). Putting the pieces together: Preliminary efficacy of a web-based family intervention for children with traumatic brain injury. Journal of Pediatric Psychology, 30, 437-442. doi:10.1093/jpepsy/jsi067

Watzlaf, V. J. M., Zhou, L., DeAlmeida, D. R., & Hartman, L. M. (2017). A systematic review of research studies examining telehealth privacy and security practices used by healthcare providers. International Journal of Telerehabilitation, 9(2), 39-59. doi:10.5195/ijt.2017.6231

Downloads

Published

2019-06-12

How to Cite

Zhou, L., Thieret, R., Watzlaf, V., DeAlmeida, D., & Parmanto, B. (2019). A Telehealth Privacy and Security Self-Assessment Questionnaire for Telehealth Providers: Development and Validation. International Journal of Telerehabilitation, 11(1), 3–14. https://doi.org/10.5195/ijt.2019.6276

Issue

Vol. 11 No. 1 (2019)

Section

Privacy and Security

License

Authors who publish with this journal agree to the following terms:

  1. The Author retains copyright in the Work, where the term “Work” shall include all digital objects that may result in subsequent electronic publication or distribution.
  2. Upon acceptance of the Work, the author shall grant to the Publisher the right of first publication of the Work.
  3. The Author shall grant to the Publisher and its agents the nonexclusive perpetual right and license to publish, archive, and make accessible the Work in whole or in part in all forms of media now or hereafter known under a Creative Commons Attribution 4.0 International License or its equivalent, which, for the avoidance of doubt, allows others to copy, distribute, and transmit the Work under the following conditions:
    1. Attribution—other users must attribute the Work in the manner specified by the author as indicated on the journal Web site;
    with the understanding that the above condition can be waived with permission from the Author and that where the Work or any of its elements is in the public domain under applicable law, that status is in no way affected by the license.
  4. The Author is able to enter into separate, additional contractual arrangements for the nonexclusive distribution of the journal's published version of the Work (e.g., post it to an institutional repository or publish it in a book), as long as there is provided in the document an acknowledgement of its initial publication in this journal.
  5. Authors are permitted and encouraged to post online a prepublication manuscript (but not the Publisher’s final formatted PDF version of the Work) in institutional repositories or on their Websites prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work. Any such posting made before acceptance and publication of the Work shall be updated upon publication to include a reference to the Publisher-assigned DOI (Digital Object Identifier) and a link to the online abstract for the final published Work in the Journal.
  6. Upon Publisher’s request, the Author agrees to furnish promptly to Publisher, at the Author’s own expense, written evidence of the permissions, licenses, and consents for use of third-party material included within the Work, except as determined by Publisher to be covered by the principles of Fair Use.
  7. The Author represents and warrants that:
    1. the Work is the Author’s original work;
    2. the Author has not transferred, and will not transfer, exclusive rights in the Work to any third party;
    3. the Work is not pending review or under consideration by another publisher;
    4. the Work has not previously been published;
    5. the Work contains no misrepresentation or infringement of the Work or property of other authors or third parties; and
    6. the Work contains no libel, invasion of privacy, or other unlawful matter.
  8. The Author agrees to indemnify and hold Publisher harmless from Author’s breach of the representations and warranties contained in Paragraph 6 above, as well as any claim or proceeding relating to Publisher’s use and publication of any content contained in the Work, including third-party content.

Revised 7/16/2018. Revision Description: Removed outdated link. 

Most read articles by the same author(s)

> >>