Cybersecurity: in healthcare, encryption Is not enough

The recent news that one major video conferencing provider is to backtrack on previous refusals to provide end-to-end encryption to free users is a major victory for the activists and civil liberties organisations campaigning for privacy and digital protection. Data transmission is one of the most vulnerable areas of video communication and ensuring a comprehensive level of security is paramount for those taking part in digital conversations – whether that’s personal, for business, or in a healthcare environment. During a video conversation, data travels over multiple networks - both public and private – and encryption is the foundation of protecting this data in transit.  

Security is vital

The news comes at a turning point for video conferencing. As we continue to move through the COVID-19 pandemic, most businesses are still navigating widespread remote working practices. Video conferencing use has skyrocketed. For many industries, this shift to remote working is unprecedented, and maintaining productivity in the face of significant disruption has been the key priority for most organisations. Security and compliance considerations have all too often been an afterthought. The recent campaign for access to encryption has highlighted how vital security is to video communications – but this is something heavily regulated industries like healthcare have known for a long time. 

In healthcare, end-to-end encryption is not enough – in fact, it’s expected. Video conversations contain highly sensitive personal information and medical records – they must meet the same levels of patient confidentiality as in-person consultations. Zoom-bombing – where an unauthorised stranger intrudes on another’s Zoom conversation – may be damaging in a business meeting, or even comical during a personal conversation. In a healthcare environment, this type of security breach can lead to clinical, legal and phycological repercussions – not to mention a substantial damage of trust between doctor and patient.    

Getting video right in healthcare

It’s crucial the healthcare industry gets this right. The video conferencing industry is predicted to surpass $50 billion by 2026, driven largely by growing adoption of the technology by healthcare institutions.

Even before the COVID-19 pandemic, video conferencing technology use in healthcare was increasing exponentially, with developing use cases in remote post-discharge programs, as well as specialist consultations such as speech therapy and dentistry boosting demand. And although randomised controlled trials (RCT) into the use of video conferencing in healthcare are still limited, reviews of the studies available – particularly into patients with long term chronic conditions – suggest video conferencing adoption can enhance care and management, improve access to care, improve patient outcomes, narrow health disparities and reduce healthcare costs overall.

Travel and consultation restrictions imposed by governments globally during the COVID-19 pandemic have acted as a substantial catalyst for video conferencing adoption in healthcare. The ability for the technology to protect patients – both for those where travel is challenging or untenable due to reduced services, as well as those at particular risk of illness – is clear.    

Quickly putting virtual systems in place during the pandemic has been vital in enabling even the most vulnerable in society to continue to communicate with medical professionals. At the same time, this has also ensured medical professionals have minimal physical contact with patients, reducing the potential for workplace transmission for some of the country’s most essential workers.

Going beyond encryption

Over recent months, organisations across all industries have been struggling to meet the challenge of quickly delivering seamless virtual connectivity. Under unprecedented pressure to roll out new technology, it can be easy to overlook the more fundamental requirements, in favour of rolling out new services and capabilities at speed. Enabling doctors, nurses and healthcare practitioners to meet and treat patients virtually should not come at the cost of privacy and security. 

End-to-end encryption technology – which is vital for privacy and security and will now soon be available via even the most basic video conferencing solutions – is not enough to meet the high standards healthcare requires. Instead, authentication is the key to ensuring the growing adoption of video conferencing in healthcare meets the same high standards delivered to patients in-person.  

Authentication provides a double layer of trust, ensuring both patient and care giver can be confident that they are speaking to the right person within an entirely confidential virtual space. Only by ensuring video conversations are both end-to-end encrypted and authenticated can healthcare professionals provide the same level of privacy and security afforded to patients during a face-to-face consultation. This ensures the identity of every conference participant – whether that’s a doctor, patient, carer, interpreter, or parent -– is fully authenticated before the conference is initiated.  

Looking to the future

The authentication process is simple, but hugely effective. It represents the first step in a more digital, video-driven healthcare future – providing all the necessary foundations for patient security and privacy. In the future, 2020 will undoubtedly be looked at as a year that changed healthcare forever – globally. The world has been at war with a novel virus and the effects have been profound. But as the great military, Sun Tzu, said, “In the midst of chaos, there is also opportunity.” Social distancing, lockdown and travel restrictions have forced us to rethink how we deliver essential services and given us the opportunity to roll out cutting edge technology. But while the results are already hugely positive, we need to ensure we are laying the right foundations for new innovation – building security and privacy in now – not later.

By Amit Walia, EVP Managing Partner at Compodium