When it comes to telehealth, patient safety not only applies to physical safety, but also keeping medical records secure in a digital environment. Introducing new technologies, or any technology for that matter, in a healthcare setting requires applications with the highest levels of security for this very reason. It is essential that medical records and personal health information (PHI) always remain protected, all of which Third Eye Health takes very seriously.
Our partners and their patients trust that our services and technology always have their best interests at heart. Keeping patient medical records and passwords secure from attackers is our highest priority. They only need to get it right once, which means we must get it right every single time. To do this, we reduce the number of attack surfaces or ways they can penetrate our system. From our applications to our hardware, everything is safeguarded.
There are two primary criteria for ensuring secure data – 1) it must be encrypted in transit (HTTPS) and 2) it must be encrypted at rest. Often times a company will claim to “whole disk encrypt” the database claiming encryption at rest. The problem with this method lies in the possibility of accessibility to the database directly, virtually or physically. If one exists, it really is not encrypted at rest. We eliminate this threat by encrypting each record of data individually with its own initialization vector, or unique encryption, eliminating a common key to decrypt all the data. We also don’t store our data on internal servers or internal hard drives. Everything is kept in a highly secure cloud-based data centers.
When it comes to the iPads used for our telehealth consults with Third Eye Health physicians, similar measures are in place. Nothing is stored on the iPads, photos are sent to the device as a transmitted image file called a byte array and displayed directly on the screen, so no files are saved on the device. Texts or medical records viewed during the patient consult are gone as soon as it is complete.
Perhaps the best way to understand how we keep patient records and corresponding data secure, is by following the data through the workflow of one of our consultations. Third Eye Health works with some of the leading EHR providers for post-acute care, PointClickCare and MatrixCare, creating secure integrations with SNF EHRs. When a nurse is requesting a consult, the integration allows for the nurse to select the patient which loads encrypted data from the EHR directly in our application. During the consultation, any details shared (photos, text conversations) and metrics pertaining to the consult are then securely transferred with encryption to our cloud-based storage, where the data points are encrypted there, as well.
Of course, our workflow does not stop with the end of the consultation. We’ve found that patients experience better outcomes when there are not gaps in care, and so every encounter is reviewed by a Care Coordination Manager in Third Eye Health’s dashboard. Once again, the dashboard connects with each facility’s EHR in a similar fashion as when accessing and connecting the patient’s name through the iPad by encrypting the data. It is here where Third Eye Health physicians make notes and submit orders, sending them directly to the EHR. Care Coordination Managers can review this documentation in our system for quality assurance and provide care summaries to the SNF through our secure care coordination messaging platform, even providing links directly to the medical record.
Not all telehealth is created equal when it comes to security. During the pandemic, some physicians were using Zoom and other unsecure video conferencing platforms to conduct virtual patient visits. Being able to consult with patients in a secure digital environment ensures HIPAA compliance with The Security Rule, preventing unauthorized individuals from accessing health records. By partnering with Third Eye Health for your telehealth needs you can be certain your patients and their records are safe.