Appointments can now be more of a family affair. “We’re able to integrate a lot more family members into sessions now,” Salgado says. “We can have mom and dad, grandma and any other caregivers all join the meeting.”
Webex enables the agency to lock meetings once patients and caregivers have joined, ensuring that no one else can gain access, even if they were to somehow get credentials.
Also, Salgado adds, the setup allows only one-way traffic. “We can dial out, but no one can dial in to our network without prior coordination and clearance on our end,” she says.
As the agency expanded its telehealth offerings and pushed appointments into people’s homes, Salgado says, its primary security concern was the potential for hacking live meetings.
“We came to a good mutual understanding with Webex through a formal business associate agreement, which outlines who had what responsibility and how much data encryption was behind the solution,” she says. “Knowing that we had the compliance and ways to secure live meetings is really what sold us.”
Adapting with Security in Mind
“Before the pandemic, we were doing virtually no telehealth — no pun intended,” says Dr. Stephanie Lahr, chief medical information officer for Monument Health, a community-based, integrated healthcare system with headquarters in Rapid City, S.D.
The organization quickly rolled out a telehealth offering to nearly every provider across Monument Health’s five markets, which cover several hundred square miles. At the height of the pandemic, Monument Health conducted 600 to 800 telehealth visits each day, accounting for the majority of all outpatient visits.
“We looked at three different companies during the course of one morning, and by that evening we signed a contract,” Lahr says. “Two days later, it was live.”
Although the initial rollout was successful, the organization is now transitioning to Microsoft Teams, which will provide better integration with Monument’s electronic health record system. Teams will also enable features such as group appointments so that multiple providers or patients’ family members can join.
Monument kept some clinicians at home on a rotating basis to avoid internal spread of COVID-19. For clinicians working remotely, the organization relied on a secure virtual desktop infrastructure connection with multifactor authentication. Also, to protect patient privacy, clinicians had to ensure that their home workspaces were in closed rooms without interruptions, and they were prohibited from printing at home.
Monument recently completed the first year of a comprehensive three-year network overhaul, replacing its legacy equipment with Aruba Edge Services Platform infrastructure. Lahr says the network refresh will add another layer of security through measures such as network segmentation.
“If there’s something that is inherently more vulnerable to attack, we can segment that off,” she says. “We’re not left with that being a portal to the rest of our network.”
Security is a top concern when offering telehealth solutions. “Early on in the pandemic, people were using platforms that were not necessarily confirmed to be HIPAA compliant,” Lahr says. “I totally get why people were doing that; we were all looking for fast and easy. But because we went with a solution that had encryption and authentication built in, we knew we were meeting our compliance burden.”