VoIP for Telerehabilitation: A Pilot Usability Study for HIPAA Compliance

Consumer-based, free Voice and video over the Internet Protocol (VoIP) software systems such as Skype and others are used by health care providers to deliver telerehabilitation and other health-related services to clients. Privacy and security applications as well as HIPAA compliance within these protocols have been questioned by practitioners, health information managers, and other healthcare entities. This pilot usability study examined whether four respondents who used the top three, free consumer-based, VoIP software systems perceived these VoIP technologies to be private, secure, and HIPAA compliant;  most did not.  While the pilot study limitations include the number of respondents and systems assessed, the protocol can be applied to future research and replicated for instructional purposes.  Recommendations are provided for VoIP companies, providers, and users.

VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security, and HIPAA Compliance

Voice over the Internet Protocol (VoIP) systems such as Adobe ConnectNow, Skype, ooVoo, etc. may include the use of software applications for telerehabilitation (TR) therapy that can provide voice and video teleconferencing between patients and therapists.  Privacy and security applications as well as HIPAA compliance within these protocols have been questioned by information technologists, providers of care, and other health care entities. This paper develops a privacy and security checklist that can be used within a VoIP system to determine if it meets privacy and security procedures and whether it is HIPAA compliant. Based on this analysis, specific HIPAA criteria that therapists and health care facilities should follow are outlined and discussed, and therapists must weigh the risks and benefits when deciding to use VoIP software for TR. 

User Authentication in Smartphones for Telehealth

Many functions previously conducted on desktop computers are now performed on smartphones. Smartphones provide convenience, portability, and connectivity.  When smartphones are used in the conduct of telehealth, sensitive data is invariably accessed, rendering the devices in need of user authentication to ensure data protection. User authentication of smartphones can help mitigate potential Health Insurance Portability and Accountability Act (HIPAA) breaches and keep sensitive patient information protected, while also facilitating the convenience of smartphones within everyday life and healthcare. This paper presents and examines several types of authentication methods available to smartphone users to help ensure security of sensitive data from attackers. The applications of these authentication methods in telehealth are discussed. Keywords: Authentication, Biometrics, HIPAA, Mobile security, Telehealt

Flooded Underground Coal Mines: A Significant Source of Inexpensive Geothermal Energy

Many mining regions in the United States contain extensive areas of flooded underground mines. The water within these mines represents a significant and widespread opportunity for extracting low-grade, geothermal energy. Based on current energy prices, geothermal heat pump systems using mine water could reduce the annual costs for heating to over 70 percent compared to conventional heating methods (natural gas or heating oil). These same systems could reduce annual cooling costs by up to 50 percent over standard air conditioning in many areas of the country. (Formatted full-text version is released by permission of publisher

VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security and HIPAA Compliance: Part II

In a previous publication the authors developed a privacy and security checklist to evaluate Voice over the Internet Protocol (VoIP) videoconferencing software used between patients and therapists to provide telerehabilitation (TR) therapy.  In this paper, the privacy and security checklist that was previously developed is used to perform a risk analysis of the top ten VoIP videoconferencing software to determine if their policies provide answers to the privacy and security checklist. Sixty percent of the companies claimed they do not listen into video-therapy calls unless maintenance is needed. Only 50% of the companies assessed use some form of encryption, and some did not specify what type of encryption was used. Seventy percent of the companies assessed did not specify any form of auditing on their servers. Statistically significant differences across company websites were found for sharing information outside of the country (p=0.010), encryption (p=0.006), and security evaluation (p=0.005). Healthcare providers considering use of VoIP software for TR services may consider using this privacy and security checklist before deciding to incorporate a VoIP software system for TR.  Other videoconferencing software that is specific for TR with strong encryption, good access controls, and hardware that meets privacy and security standards should be considered for use with TR.Keywords: Voice over the Internet Protocol (VOIP), telerehabilitation, HIPAA, privacy, security, evaluatio

A Telehealth Privacy and Security Self-Assessment Questionnaire for Telehealth Providers: Development and Validation

Background: Telehealth is a great approach for providing high quality health care services to people who cannot easily access these services in person. However, because of frequently reported health data breaches, many people may hesitate to use telehealth-based health care services. It is necessary for telehealth care providers to demonstrate that they have taken sufficient actions to protect their patients’ data security and privacy. The government provided a HIPAA audit protocol that is highly useful for internal security and privacy auditing on health care systems, however, this protocol includes extensive details that are not always specific to telehealth and therefore is difficult to be used by telehealth practitioners.Objective: The goal of this study was to develop and validate a telehealth privacy and security self-assessment questionnaire for telehealth providers. Methods: In our previous work, we performed a systematic review on the security and privacy protection offered in various telehealth systems. The results from this systematic review and the HIPAA audit protocol were used to guide the development of the self-assessment questionnaire. The draft of the questionnaire was created by the research team and distributed to a group of telehealth providers for evaluating the relevance and clarity of each statement in the draft. The questionnaire was adjusted and finalized according to the collected feedback and face-to-face discussions by the research team. A website was created to distribute the questionnaire and manage the answers from study participants. A psychometric analysis was performed to evaluate the reliability of the questionnaire.Results: There were 84 statements in the draft questionnaire. Five telehealth providers provided their feedback to the statements in this draft. They indicated that a number of these statements were either redundant or beyond the capacity of telehealth care practitioners, who typically do not have formal training in information security. They also pointed out that the wording of some statements needed to be adjusted. The final released version of the questionnaire had 49 statements. In total, 31 telehealth providers across the nation participated in the study by answering all the statements in this questionnaire. The psychometric analysis indicated that the reliability of this questionnaire was high.   Conclusion: With the availability of this self-assessment questionnaire, telehealth providers can perform a quick self-assessment on their telehealth systems. The assessment results may be used to identify possible vulnerabilities in telehealth systems and practice or demonstrate to patients the sufficient security and privacy protection to patients’ data

An innovative and integrated approach for using energy from the flooded coal mines for pre-warming of a gas engine in standby mode using GSHP

The effort to reduce energy consumption and carbon emission is driving companies to integrate multiple energy technologies to achieve the goal of reducing overall energy consumption, enhancing efficiency and decreasing operational cost. This paper outlines an innovative approach for integrating energy from flooded coal mines via a Ground Source Heat Pump (GSHP) to provide heating to buildings and at the same time to pre-warm a gas engine in standby mode. Once operational, the gas engine will produce significant waste heat that will replace the GSHP in heating the buildings. The results show that this energy integration technology provides much improved overall Coefficient of Performance and reduce carbon emission

Privacy and Security in Multi-User Health Kiosks

Enforcement of the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) has gotten stricter and penalties have become more severe in response to a significant increase in computer-related information breaches in recent years. With health information said to be worth twice as much as other forms of information on the underground market, making preservation of privacy and security an integral part of health technology development, rather than an afterthought, not only mitigates risks but also helps to ensure HIPAA and HITECH compliance. This paper provides a guide, based on the Office for Civil Rights (OCR) audit protocol, for creating and maintaining an audit checklist for multi-user health kiosks. Implementation of selected audit elements for a multi-user health kiosk designed for use by community-residing older adults illustrates how the guide can be applied.

A Systematic Review of Research Studies Examining Telehealth Privacy and Security Practices Used By Healthcare Providers

The objective of this systematic review was to systematically review papers in the United States that examine current practices in privacy and security when telehealth technologies are used by healthcare providers. A literature search was conducted using the Preferred Reporting Items for Systematic Reviews and Meta-Analyses Protocols (PRISMA-P). PubMed, CINAHL and INSPEC from 2003 – 2016 were searched and returned 25,404 papers (after duplications were removed). Inclusion and exclusion criteria were strictly followed to examine title, abstract, and full text for 21 published papers which reported on privacy and security practices used by healthcare providers using telehealth.  Data on confidentiality, integrity, privacy, informed consent, access control, availability, retention, encryption, and authentication were all searched and retrieved from the papers examined. Papers were selected by two independent reviewers, first per inclusion/exclusion criteria and, where there was disagreement, a third reviewer was consulted. The percentage of agreement and Cohen’s kappa was 99.04% and 0.7331 respectively. The papers reviewed ranged from 2004 to 2016 and included several types of telehealth specialties. Sixty-seven percent were policy type studies, and 14 percent were survey/interview studies. There were no randomized controlled trials. Based upon the results, we conclude that it is necessary to have more studies with specific information about the use of privacy and security practices when using telehealth technologies as well as studies that examine patient and provider preferences on how data is kept private and secure during and after telehealth sessions.Keywords: Computer security, Health personnel, Privacy, Systematic review, Telehealth

The design and evaluation of an open loop ground source heat pump operating in an ochre-rich coal mine water environment

Mine water from the abandoned coal mines is considered a good source of low enthalpy energy resource as the temperature of the mine water remains stable throughout the year and is suitable to be used for heating and cooling applications when implemented in conjunction with Ground Source Heat Pump (GSHP). The GSHP is considered to be a low carbon technology and its application for space heating and cooling is being actively investigated and developed by companies and local councils around the world. The open loop GSHP installations, in comparison to closed loop systems, are suitable and economical for large scale heating and cooling demands. This is because there is no time delay for heat transfer when compared with closed loop systems and because they use large volumes of coal mine water at a relatively constant temperatures. A few installations both large and small scale open loop mine water heating and cooling systems have been recently constructed throughout the world. However, coal mine water is associated with relatively poor water quality in some cases, often characterised by high salinity and pyrite oxidation. Despite the fact that mine water temperatures are favourably inclined for an efficient GSHP operations, concerns have been raised over the possibility of damage to the equipment due to poor water quality caused by clogging of the heat exchangers due to pyrite oxidation (ochre) in particular. Not much information is available on the impact of ochre has on the performance of an open loop GSHP when it is operated using the coal mine water rich in pyrite. This paper presents a novel design and implementation of an open loop system of GSHP operating in an ochre rich mine water environment. The results show that open loop systems, when combined with suitable heat pump and the associated design configurations of heat exchangers and maintenance procedures, could provide an efficient and reliable heating system at a lower cost