A Systematic Review of Research Studies Examining Telehealth Privacy and Security Practices Used By Healthcare Providers

Valerie J.M. Watzlaf, Leming Zhou, Dilhari R. DeAlmeida, Linda M. Hartman


The objective of this systematic review was to systematically review papers in the United States that examine current practices in privacy and security when telehealth technologies are used by healthcare providers. A literature search was conducted using the Preferred Reporting Items for Systematic Reviews and Meta-Analyses Protocols (PRISMA-P). PubMed, CINAHL and INSPEC from 2003 – 2016 were searched and returned 25,404 papers (after duplications were removed). Inclusion and exclusion criteria were strictly followed to examine title, abstract, and full text for 21 published papers which reported on privacy and security practices used by healthcare providers using telehealth.  Data on confidentiality, integrity, privacy, informed consent, access control, availability, retention, encryption, and authentication were all searched and retrieved from the papers examined. Papers were selected by two independent reviewers, first per inclusion/exclusion criteria and, where there was disagreement, a third reviewer was consulted. The percentage of agreement and Cohen’s kappa was 99.04% and 0.7331 respectively. The papers reviewed ranged from 2004 to 2016 and included several types of telehealth specialties. Sixty-seven percent were policy type studies, and 14 percent were survey/interview studies. There were no randomized controlled trials. Based upon the results, we conclude that it is necessary to have more studies with specific information about the use of privacy and security practices when using telehealth technologies as well as studies that examine patient and provider preferences on how data is kept private and secure during and after telehealth sessions.

Keywords: Computer security, Health personnel, Privacy, Systematic review, Telehealth



American Telemedicine Association. (2009). Evidence-based practice for telemental health. Retrieved from http://hub.americantelemed.org/resources/telemedicine-practice-guidelines

American Telemedicine Association. (2011). Telehealth practice recommendations for diabetic retinopathy. Retrieved from http://hub.americantelemed.org/resources/telemedicine-practice-guidelines

American Telemedicine Association. (2014a). Clinical guidelines for telepathology. Retrieved from http://hub.americantelemed.org/resources/telemedicine-practice-guidelines

American Telemedicine Association. (2014b). Core operational guidelines for telehealth services involving provider-patient interactions. Retrieved from http://hub.americantelemed.org/resources/telemedicine-practice-guidelines

American Telemedicine Association. (2016). Practice guidelines for teleburn care. Retrieved from http://hub.americantelemed.org/resources/telemedicine-practice-guidelines

Balshem, H., Helfand, M., Schunemann, H. J., Oxman, A. D., Kunz, R., Brozek, J., . . . Guyatt, G. H. (2011). GRADE Guidelines: 3. Rating the quality of evidence. Journal of Clinical Epidemiology, 64, 401-406. https://doi.org/10.1016/j.jclinepi.2010.07.015

Bramer, W. M., Giustini, D., de Jonge, G. B., Holland, L., & Bekhuis, T. (2016). De-duplication of database search results for systematic reviews in EndNote. Journal of the Medical Library Association, 104, 240-243. https://doi.org/10.3163/1536-5050.104.3.014

Brous, E. (2016). Legal considerations in telehealth and telemedicine. American Journal of Nursing, 116(9), 64-67. https://doi.org/10.1097/01.NAJ.0000494700.78616.d3

Cason, J., Behl, D., & Ringwalt, S. (2012). Overview of states' use of telehealth for the delivery of early intervention (IDEA Part C) services. International Journal of Telerehabilitation, 4(2), 39-46. https://doi.org/10.5195/IJT.2012.6105

Cohn, E., & Watzlaf, V. (2012). Telepractice and informed consent: Readability of VoIP privacy practices. Paper presented at the American Speech-Language Hearing Association.

Daniel, H., Sulmasy, L. S., & for the Health and Public Policy Committee of the American College of Physicians. (2015). Policy recommendations to guide the use of telemedicine in primary care settings: An American College of Physicians position paper. Annals of Internal Medicine, 163, 787-789. https://doi.org/10.7326/M15-0498

Demiris, G. (2004). Electronic home healthcare: Concepts and challenges. International Journal of Electronic Healthcare, 1(1), 4-16. https://doi.org/10.1504/IJEH.2004.004655

Demiris, G., Edison, K., & Schopp, L. H. (2004). Shaping the future: Needs and expectations of telehealth professionals. Telemedicine and e-Health, 10 (Suppl 2), S60-S63. https://doi.org/10.1089/tmj.2004.10.S-60

Fleiss, J. L., Cohen, J., & Everitt, B. S. (1969). Large sample standard errors of kappa and weighted kappa. Psychological Bulletin, 72, 323-327. https://doi.org/10.1037/h0028106

Garg, V., & Brewer, J. (2011). Telemedicine security: A systematic review. Journal of Diabetes Science and Technology, 5, 768-777. https://doi.org/10.1177/193229681100500331

Hall, J. L., & McGraw, D. (2014). For telehealth to succeed, privacy and security risks must be identified and addressed. Health Affairs (Millwood), 33, 216-221. https://doi.org/10.1377/hlthaff.2013.0997

Health Resources and Services Administration. (2015). Telehealth. Retrieved from https://www.hrsa.gov/rural-health/telehealth/index.html

Moher, D., Shamseer, L., Clarke, M., Ghersi, D., Liberati, A., Petticrew, M., . . . PRISMA-P Group. (2015). Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 Statement. Systematic Reviews, 4, 1. https://doi.org/10.1186/2046-4053-4-1

Mullen-Fortino, M., DiMartino, J., Entrikin, L., Mulliner, S., Hanson, C. W., & Kahn, J. M. (2012). Bedside nurses' perceptions of intensive care unit telemedicine. American Journal of Critical Care, 21(1), 24-32. https://doi.org/10.4037/ajcc2012801

Naam, N. H., & Sanbar, S. (2015). Advanced technology and confidentiality in hand surgery. Journal of Hand Surgery, 40, 182-187. https://doi.org/10.1016/j.jhsa.2014.03.011

Nieves, J. E., Candelario, J., Short, D., & Briscoe, G. (2009). Telemental health for our soldiers: A brief review and a new pilot program. Military Medicine, 174, xxi-xxii.

Office of the National Coordinator for Health Information Technology. (2016). Breaches of unsecured protected health information. Health IT Quick-Stat #53. Retrieved from https://dashboard.healthit.gov/quickstats/pages/breaches-protected-health-information.php

Paing, W. W., Weller, R. A., Welsh, B., Foster, T., Birnkrant, J. M., & Weller, E. B. (2009). Telemedicine in children and adolescents. Current Psychiatry Reports, 11, 114-119. https://doi.org/10.1007/s11920-009-0018-9

Peterson, C., & Watzlaf, V. (2014). Telerehabilitation store and forward applications: A review of applications and privacy considerations in physical and occupational therapy practice. International Journal of Telerehabilitation, 6(2), 75-84. https://doi.org/10.5195/ijt.2014.6161

Putrino, D. (2014). Telerehabilitation and emerging virtual reality approaches to stroke rehabilitation. Current Opinion in Neurology, 27, 631-636. https://doi.org/10.1097/WCO.0000000000000152

Rinehart-Thompson, L. (2013). Introduction to health information privacy and security. Chicago, IL: AHIMA Press.

US Department of Health and Human Services. (2013). HIPAA administrative simplification regulation text. Retrieved from http://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/combined/hipaa-simplification-201303.pdf

Watzlaf, V. (2010). Are your internet based technology practices HIPAA compliant? Paper presented at the American Telemedicine Association, Telerehabilitation SIG.

Watzlaf, V., & Ondich, B. (2012). VoIP for telerehabilitation: A pilot usability study for HIPAA compliance. International Journal of Telerehabilitation, 4(1), 25-32. https://doi.org/10.5195/ijt.2012.6096

Watzlaf, V., Moeini, S., & Firouzan, P. (2010). VOIP for telerehabilitation: A risk analysis for privacy, security, and HIPAA compliance. International Journal of Telerehabilitation, 2(2), 3-14. https://doi.org/10.5195/ijt.2010.6056

Watzlaf, V., Moeini, S., & Matusow, L. (2011). Privacy and security assessment for internet-based technologies. Paper presented at the Pennsylvania Speech and Hearing Association Conference, Pittsburgh, PA.

Watzlaf, V., Moeini, S., Matusow, L., & Firouzan, P. (2011). VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security and HIPAA Compliance: Part II. International Journal of Telerehabilitation, 3(1), 3-10. https://doi.org/10.5195/ijt.2011.6070

Watzlaf, V., DeAlmeida, D., Zhou, L., & Hartman, L. (2015). Protocol for a systematic review of telehealth privacy and security research to identify best practices. International Journal of Telerehabilitation, 7(2), 15-22. https://doi.org/10.5195/ijt.2015.6186

Watzlaf, V., DeAlmeida, D., Molinero, A., Zhou, L., & Hartman, L. (2015). Protocol for systematic review in privacy and security in telehealth: Best practices for healthcare professionals. PROSPERO, 2015, CRD42015020552. Retrieved from http://www.crd.york.ac.uk/PROSPERO/display_record.php?ID=CRD42015020552

DOI: https://doi.org/10.5195/ijt.2017.6231



  • There are currently no refbacks.

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.