Security First: A Guide to Teleneurology Platforms

Safe and effective solutions for teleneurology practice are widely available. These remote care platforms are enabled by the same leaps in computing power and networking capabilities that led to the connected world we live in today. Ubiquitous connectivity presents major concerns, as telemedicine networks must comply with HIPAA requirements for the privacy and security of sensitive patient information. As technology continues to drive our ability to practice patient-centered neurology from a distance, it is increasingly important to understand the basic structure of secure connections and to prevent patient data breaches.

Neurologists already frequently use telemedicine networks in everyday practice and the security of patient information is under constant threat of data breaches and hacking. For example, the neurologist may perform rounds in the morning at the hospital, and later check labs, images, and place orders all from a workstation located at an outpatient center. Accessing this data from a remote location may risk that the data is exposed even during this routine task. Thus, security and networking features must provide a HIPAA compliant solution.

Ideally, the physician should use a dedicated workstation that is not used for non-clinical purposes. Therefore, it’s important to log in with a username and password each time using the system. It goes without saying that this information should not be shared. Some devices use biometric data such as a thumbprint for access. With two-factor authentication, the user provides the password, and then a random access code is texted to the user’s phone number which then must be provided to enter the workstation. An important HIPAA compliant feature known as a firewall provides a layer of defense against unwanted incoming internet traffic. A software firewall along with a physical firewall such as a router may also deny specific or unknown IP addresses and unauthorized connection attempts. A firewall alone, however, does not provide adequate security, as data transmitted over the internet may be intercepted at multiple points. To allow secure transfer, a virtual private network both encrypts the data being transmitted from a remote user to the center that holds the patient data and also requires authentication in order for a user to sign on to the network. The remote doctor may then sign on to a remote server, a remote desktop connection, or a screenshare that allows the delivery of services. Auditing each component of the system for events or intrusions may lead to further steps that can help prevent any breach of critical data. The data center should have an off-site backup in the case of power failure or other unforeseen interruptions in services.

Real-time high definition audio-video communication is easily accomplished via portable a/v carts, smartphones, laptops, or even from autonomous remote driven robotic platforms. It is important to resist the temptation to use free video chat platforms, as they are not secure. There are multiple vendors that provide HIPAA compliant audiovisual solutions. Secure real-time audiovisual connections allow for very effective communication with patients and allow facilitate consultation with onsite staff. Other services such as intraoperative neurophysiological monitoring and electroencephalography only require a secure computer-to-computer connection. The remote neurologist should be mindful of the local environment and seek a private spot particularly during audio-visual transmission to avoid serious breaches in patient privacy. A high-speed broadband connection provides the most robust connectivity for these purposes, but it is important to have backup connectivity.

While the physician’s note is relied upon as documentation of an on-site patient visit, durable records of the telemedicine audiovisual data and written communication logs are stored and may later be reviewed. A final suggestion: it is a security prerequisite to possess a password of sufficient length that is easily remembered but difficult to guess and contains a mixture of upper-and lower-case alphanumeric and special characters. As with all information technology, passwords should never be shared.

Shawn Masia, MD is a board certified neurologist and clinical Neurophysiologist. He provides evidence-based, patient-centered care via telemedicine platforms at hospitals across the country.