For telehealth to succeed, privacy and security risks must be identified and addressed

Health Affairs

Volumn 33, Issue 2, 2014, Pages 216-221

  Hall, Joseph L ^a   Mcgraw, Deven ^a  

^a Center for Democracy and Technology   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

AGGRESSION; ARTICLE; COMPUTER SECURITY; GOVERNMENT REGULATION; HEALTH CARE POLICY; HUMAN; LAW; PRIVACY; RISK ASSESSMENT; TELEHEALTH; TRUST; CONFIDENTIALITY; ELECTRONIC MEDICAL RECORD; INFORMATION DISSEMINATION; LEGISLATION AND JURISPRUDENCE; MEDICAL INFORMATION SYSTEM; NEEDS ASSESSMENT; QUALITY CONTROL; RISK; TELEMEDICINE; UNITED STATES;

COMPUTER SECURITY; CONFIDENTIALITY; HEALTH INFORMATION MANAGEMENT; INFORMATION DISSEMINATION; MEDICAL RECORDS SYSTEMS, COMPUTERIZED; NEEDS ASSESSMENT; PRIVACY; QUALITY CONTROL; RISK; TELEMEDICINE; UNITED STATES;

EID: 84893546070     PISSN: 02782715     EISSN: 15445208     Source Type: Journal    
DOI: 10.1377/hlthaff.2013.0997     Document Type: Article

References (26)

1. Hill K. Fitbit moves quickly after users' sex stats exposed. Forbes [serial on the Internet]. 2011 Jul 5 [cited 2014 Jan 6]. Available from: http:// www.forbes.com/sites/kashmirhill/ 2011/07/05/fitbit-moves-quicklyafter-users-sex-stats-exposed/
2. McGraw D, Dempsey JX, Harris L, Goldman J. Privacy as an enabler, not an impediment: building trust into health information exchange. Health Aff (Millwood). 2009; 28(2):416-27.
3. Dockser Markus A, Weaver C. Heart gadgets test privacy-law limits. Wall Street Journal. 2012 Nov 28.
4. Paul N, Kohno T, Klonoff D. A review of the security of insulin pump infusion systems. J Diabetes Sci Technol. 2011;5(6):1557-62.
5. Federal Trade Commission [Internet]. Washington (DC): FTC. Press release, FTC files complaint against LabMD for failing to protect consumers' privacy. 2013 Aug 29 [cited 2014 Jan 6]. Available from: http:// www.ftc.gov/opa/2013/08/labmd.shtm
6. For further technical discussion, see Luxton DD, Kayl RA, Mishkind MC. mHealth data security: the need for HIPAA-compliant standardization. Telemed J E Health. 2012;18(4): 284-8.
7. Mattsson UT. Everything enterprises need to know about end-to-end encryption [Internet]. Cos Cob (CT): Protegrity Corp.; [last updated 2009 Jun 11, cited 2014 Jan 6]. Abstract only available from: http://ssrn.com/abstract=1416856
8. National Institute of Standards and Technology, Information Security and Privacy Advisory Board. Minutes of meeting: October 10, 11, and 12, 2012 [Internet]. Gaithersburg (MD): NIST; 2013 Mar 8 [cited 2014 Jan 6]. Available from: http://csrc.nist.gov/ groups/SMA/ispab/documents/ minutes/2012-10/ispab_meetingminutes_ october-2012.pdf
9. 45sec. 160.102, 164.104.
10. 45 CFR sec. 164.312(a)(2)(iv) and (e)(2)(ii).
11. 45 CFR sec. 160.103.
12. Department of Health and Human Services. Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; other modifications to the HIPAA rules; final rule. Fed Regist. 2013;78(17):5565-702.
13. State laws regulating telehealth technologies are beyond the scope of this paper
14. 15 US Code secs. 41-58
15. Solove DJ, Hartzog W. The FTC and the new common law of privacy. Columbia Law Review. Forthcoming 2014.
16. Yang YT, Silverman RD. Mobile health applications: the patchwork of legal and liability issues suggests strategies to improve oversight. Health Aff (Millwood). 2014;33 (2):222-27.
17. Food and Drug Administration. Content of premarket submissions for management of cybersecurity in medical devices: draft guidance for industry and Food and Drug Administration staff [Internet]. Silver Spring (MD): FDA; 2013 Jun 14 [cited 2014 Jan 6]. Available from: http://www.fda.gov/downloads/ MedicalDevices/DeviceRegulation andGuidance/GuidanceDocuments/ UCM356190.pdf
18. Food and Drug Administration. Radio frequency wireless technology in medical devices: guidance for industry and Food and Drug Administration staff [Internet]. Silver Spring (MD): FDA; 2013 Aug 14 [cited 2014 Jan 6]. Available from: http://www.fda.gov/downloads/ MedicalDevices/DeviceRegulation andGuidance/GuidanceDocuments/ ucm077272.pdf
19. Food and Drug Administration. Mobile medical applications: guidance for industry and Food and Drug Administration staff [Internet]. Silver Spring (MD): FDA; 2013 Sep 25 [cited 2014 Jan 9]. Available from: http://www.fda.gov/downloads/ MedicalDevices/DeviceRegulation andGuidance/GuidanceDocuments/ UCM263366.pdf
20. Newton C. Fingerprint analysis: will the iPhone's newest sensor change the world again? The Verge [serial on the Internet]. 2013 Sep 10 [cited 2014 Jan 6]. Available from: http:// www.theverge.com/2013/9/10/ 4716098/fingerprint-analysis-touchid-sensor-iphone-5s
21. 47 US Code sec. 551.
22. 47 US Code sec. 222.
23. 15 US Code sec. 1681 et seq.
24. 15 US Code sec. 6801 et seq.
25. Department of Commerce, Internet Policy Task Force. Commercial data privacy and innovation in the Internet economy: a dynamic policy framework [Internet]. Washington (DC): DOC; 2010 Dec 16 [cited 2014 Jan 6]. Available from: http://www.ntia.doc.gov/reports/2010/ IPTF_Privacy_GreenPaper_ 12162010.pdf
26. Rubenstein I. Privacy and regulatory innovation: moving beyond voluntary codes. I/S, A Journal of Law and Policy for the Information Society. 2011;6:356.