A Telehealth Privacy and Security Self-Assessment Questionnaire for Telehealth Providers: Development and Validation





Privacy, Questionnaire Development, Reliability, Security


Background: Telehealth is a great approach for providing high quality health care services to people who cannot easily access these services in person. However, because of frequently reported health data breaches, many people may hesitate to use telehealth-based health care services. It is necessary for telehealth care providers to demonstrate that they have taken sufficient actions to protect their patients’ data security and privacy. The government provided a HIPAA audit protocol that is highly useful for internal security and privacy auditing on health care systems, however, this protocol includes extensive details that are not always specific to telehealth and therefore is difficult to be used by telehealth practitioners.

Objective: The goal of this study was to develop and validate a telehealth privacy and security self-assessment questionnaire for telehealth providers. 

Methods: In our previous work, we performed a systematic review on the security and privacy protection offered in various telehealth systems. The results from this systematic review and the HIPAA audit protocol were used to guide the development of the self-assessment questionnaire. The draft of the questionnaire was created by the research team and distributed to a group of telehealth providers for evaluating the relevance and clarity of each statement in the draft. The questionnaire was adjusted and finalized according to the collected feedback and face-to-face discussions by the research team. A website was created to distribute the questionnaire and manage the answers from study participants. A psychometric analysis was performed to evaluate the reliability of the questionnaire.

Results: There were 84 statements in the draft questionnaire. Five telehealth providers provided their feedback to the statements in this draft. They indicated that a number of these statements were either redundant or beyond the capacity of telehealth care practitioners, who typically do not have formal training in information security. They also pointed out that the wording of some statements needed to be adjusted. The final released version of the questionnaire had 49 statements. In total, 31 telehealth providers across the nation participated in the study by answering all the statements in this questionnaire. The psychometric analysis indicated that the reliability of this questionnaire was high.   

Conclusion: With the availability of this self-assessment questionnaire, telehealth providers can perform a quick self-assessment on their telehealth systems. The assessment results may be used to identify possible vulnerabilities in telehealth systems and practice or demonstrate to patients the sufficient security and privacy protection to patients’ data.


Author Biographies

Leming Zhou, The University of Pittsburgh

Associate Professor, Health Information Management Department, School of Health and Rehabilitation Sciences (SHRS)

Robert Thieret, The University of Pittsburgh

Recent graduate (summa cum laude) from the University of Pittsburgh's School of Rehabilitation Sciences with a Bachelor of Science in Health Information Management. Areas of interest include healthcare compliance, data analytics, and telehealth principles and research.

Valerie Watzlaf, The University of Pittsburgh

Vice Chair of Education, Health Information Management Department, School of Health and Rehabilitation Sciences (SHRS) 

Dilhari DeAlmeida, The University of Pittsburgh

Associate Professor, Health Information Management Department, School of Health and Rehabilitation Sciences (SHRS)

Bambang Parmanto, The University of Pittsburgh

Professor and Interim Chair, Health Information Management Department, School of Health and Rehabilitation Sciences (SHRS) 


Cherry, C. O., Chumbler, N. R., Richards, K., Huff, A., Wu, D., Tilghman, L. M., & Butler, A. (2017). Expanding stroke telerehabilitation services to rural veterans: A qualitative study on patient experiences using the robotic stroke therapy delivery and monitoring system program. Disability and Rehabilitation: Assistive Technology, 12(1), 21-27. doi:10.3109/17483107.2015.1061613

Davidsson, N., & Sodergard, B. (2016). Access to healthcare among people with physical disabilities in rural Louisiana. Social Work Public Health, 31, 188-195. doi:10.1080/19371918.2015.1099496

European Union. (2018). GDPR key changes. Retrieved from https://eugdpr.org/the-regulation/

Georgeadis, A., Brennan, D., Barker, L., & Baron, C. (2004). Telerehabilitation and its effects on story telling by adults with neurogenic communication disorders. Aphasiology, 18, 639-652.

Hale, T. M., & Kvedar, J. C. (2014). Privacy and security concerns in telehealth. Virtual Mentor, 16, 981-985. doi:10.1001/virtualmentor.2014.16.12.jdsc1-1412

Hall, J. L., & McGraw, D. (2014). For telehealth to succeed, privacy and security risks must be identified and addressed. Health Affairs (Millwood), 33, 216-221. doi:10.1377/hlthaff.2013.0997

Hall, N., Boisvert, M., & Steele, R. (2013). Telepractice in the assessment and treatment of individuals with aphasia: A systematic review. International Journal of Telerehabilitation, 5(1), 27-38. doi:10.5195/ijt.2013.6119

Harper, D. (2003). Telehealth. In M. Roberts (Ed.), Handbook of Pediatric Psychology (3rd ed.). New York: Guilford Press.

He, D., Naveed, M., Gunter, C. A., & Nahrstedt, K. (2014). Security concerns in Android mHealth apps. AMIA Annual Symposium Proceedings, 2014, 645-654.

Health Resources and Services Administration. (2014). Distribution of U.S. health care providers residing in rural and urban areas. National Center for Health Workforce Analysis. Retrieved from https://www.ruralhealthinfo.org/assets/1275-5131/rural-urban-workforce-distribution-nchwa-2014.pdf

Iezzoni, L. I., Killeen, M. B., & O'Day, B. L. (2006). Rural residents with disabilities confront substantial barriers to obtaining primary care. Health Services Research, 41(4, Part 1), 1258-1275. doi:10.1111/j.1475-6773.2006.00534.x

Jones, C. A., Parker, T. S., Ahearn, M., Mishra, A. K., & Variyam, J. N. (2009). Health status and health care access of farm and rural populations. Retrieved from https://www.ers.usda.gov/webdocs/publications/44424/9371_eib57_1_.pdf?v=0

Kairy, D., Lehoux, P., Vincent, C., & Visintin, M. (2009). A systematic review of clinical outcomes, clinical process, healthcare utilization and costs associated with telerehabilitation. Disability and Rehabilitation, 31, 427-447. doi:10.1080/09638280802062553

Kruse, C. S., Frederick, B., Jacobson, T., & Monticone, D. K. (2017). Cybersecurity in healthcare: A systematic review of modern threats and trends. Technology and Health Care, 25(1), 1-10. doi:10.3233/THC-161263

Kruse, C. S., Krowski, N., Rodriguez, B., Tran, L., Vela, J., & Brooks, M. (2017). Telehealth and patient satisfaction: A systematic review and narrative analysis. British Medical Journal Open, 7(8), e016242. doi:10.1136/bmjopen-2017-016242

Meinert, E., Alturkistani, A., Brindley, D., Knight, P., Wells, G., & de Pennington, N. (2018). Weighing benefits and risks in aspects of security, privacy and adoption of technology in a value-based healthcare system. BMC Medical Informatics and Decision Making, 18(1), 100. doi:10.1186/s12911-018-0700-0

Pew Research Center. (2018a). Demographics of mobile device ownership and adoption in the United States. Retrieved from http://www.pewinternet.org/fact-sheet/mobile/ [Website: http://www.webcitation.org/6xDIpUN2z]

Pew Research Center. (2018b). Internet/Broadband fact sheet. Retrieved from http://www.pewinternet.org/fact-sheet/internet-broadband/

Ponemon Institute, & IBM Security. (2018). 2018 Cost of data breach study. Retrieved from https://www.ibm.com/security/data-breach

U.S. Census Bureau. (2016). New census data show differences between urban and rural populations. Retrieved from https://www.census.gov/newsroom/press-releases/2016/cb16-210.html

Wade, S. L., Wolfe, C., Brown, T. M., & Pestian, J. P. (2005). Putting the pieces together: Preliminary efficacy of a web-based family intervention for children with traumatic brain injury. Journal of Pediatric Psychology, 30, 437-442. doi:10.1093/jpepsy/jsi067

Watzlaf, V. J. M., Zhou, L., DeAlmeida, D. R., & Hartman, L. M. (2017). A systematic review of research studies examining telehealth privacy and security practices used by healthcare providers. International Journal of Telerehabilitation, 9(2), 39-59. doi:10.5195/ijt.2017.6231



How to Cite

Zhou, L., Thieret, R., Watzlaf, V., DeAlmeida, D., & Parmanto, B. (2019). A Telehealth Privacy and Security Self-Assessment Questionnaire for Telehealth Providers: Development and Validation. International Journal of Telerehabilitation, 11(1), 3–14. https://doi.org/10.5195/ijt.2019.6276



Privacy and Security

Most read articles by the same author(s)

> >>