VoIP for Telerehabilitation: A Pilot Usability Study for HIPAA Compliance

Consumer-based, free Voice and video over the Internet Protocol (VoIP) software systems such as Skype and others are used by health care providers to deliver telerehabilitation and other health-related services to clients. Privacy and security applications as well as HIPAA compliance within these protocols have been questioned by practitioners, health information managers, and other healthcare entities. This pilot usability study examined whether four respondents who used the top three, free consumer-based, VoIP software systems perceived these VoIP technologies to be private, secure, and HIPAA compliant;  most did not.  While the pilot study limitations include the number of respondents and systems assessed, the protocol can be applied to future research and replicated for instructional purposes.  Recommendations are provided for VoIP companies, providers, and users.

VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security, and HIPAA Compliance

Voice over the Internet Protocol (VoIP) systems such as Adobe ConnectNow, Skype, ooVoo, etc. may include the use of software applications for telerehabilitation (TR) therapy that can provide voice and video teleconferencing between patients and therapists.  Privacy and security applications as well as HIPAA compliance within these protocols have been questioned by information technologists, providers of care, and other health care entities. This paper develops a privacy and security checklist that can be used within a VoIP system to determine if it meets privacy and security procedures and whether it is HIPAA compliant. Based on this analysis, specific HIPAA criteria that therapists and health care facilities should follow are outlined and discussed, and therapists must weigh the risks and benefits when deciding to use VoIP software for TR. 

User Authentication in Smartphones for Telehealth

Many functions previously conducted on desktop computers are now performed on smartphones. Smartphones provide convenience, portability, and connectivity.  When smartphones are used in the conduct of telehealth, sensitive data is invariably accessed, rendering the devices in need of user authentication to ensure data protection. User authentication of smartphones can help mitigate potential Health Insurance Portability and Accountability Act (HIPAA) breaches and keep sensitive patient information protected, while also facilitating the convenience of smartphones within everyday life and healthcare. This paper presents and examines several types of authentication methods available to smartphone users to help ensure security of sensitive data from attackers. The applications of these authentication methods in telehealth are discussed. Keywords: Authentication, Biometrics, HIPAA, Mobile security, Telehealt

A Telehealth Privacy and Security Self-Assessment Questionnaire for Telehealth Providers: Development and Validation

Background: Telehealth is a great approach for providing high quality health care services to people who cannot easily access these services in person. However, because of frequently reported health data breaches, many people may hesitate to use telehealth-based health care services. It is necessary for telehealth care providers to demonstrate that they have taken sufficient actions to protect their patients’ data security and privacy. The government provided a HIPAA audit protocol that is highly useful for internal security and privacy auditing on health care systems, however, this protocol includes extensive details that are not always specific to telehealth and therefore is difficult to be used by telehealth practitioners.Objective: The goal of this study was to develop and validate a telehealth privacy and security self-assessment questionnaire for telehealth providers. Methods: In our previous work, we performed a systematic review on the security and privacy protection offered in various telehealth systems. The results from this systematic review and the HIPAA audit protocol were used to guide the development of the self-assessment questionnaire. The draft of the questionnaire was created by the research team and distributed to a group of telehealth providers for evaluating the relevance and clarity of each statement in the draft. The questionnaire was adjusted and finalized according to the collected feedback and face-to-face discussions by the research team. A website was created to distribute the questionnaire and manage the answers from study participants. A psychometric analysis was performed to evaluate the reliability of the questionnaire.Results: There were 84 statements in the draft questionnaire. Five telehealth providers provided their feedback to the statements in this draft. They indicated that a number of these statements were either redundant or beyond the capacity of telehealth care practitioners, who typically do not have formal training in information security. They also pointed out that the wording of some statements needed to be adjusted. The final released version of the questionnaire had 49 statements. In total, 31 telehealth providers across the nation participated in the study by answering all the statements in this questionnaire. The psychometric analysis indicated that the reliability of this questionnaire was high.   Conclusion: With the availability of this self-assessment questionnaire, telehealth providers can perform a quick self-assessment on their telehealth systems. The assessment results may be used to identify possible vulnerabilities in telehealth systems and practice or demonstrate to patients the sufficient security and privacy protection to patients’ data

Water from abandoned mines as a heat source: practical experiences of open- and closed-loop strategies, United Kingdom

Pilot heat pump systems have been installed at two former collieries in Yorkshire/Derbyshire, England, to extract heat from mine water. The installations represent three fundamental configurations of heat exchanger. At Caphouse Colliery, mine water is pumped through a heat exchanger coupled to a heat pump and then discharged to waste (an open-loop heat exchange system). The system performs with high thermal efficiency, but the drawbacks are: (1) it can only be operated when mine water is being actively pumped from the colliery shaft for the purposes of regional water-level management, and (2) the fact that the water is partially oxygenated means that iron oxyhydroxide precipitation occurs, necessitating regular removal of filters for cleaning. At Markham Colliery, near Bolsover, a small amount of mine water is pumped from depth in a flooded shaft, circulated through a heat exchanger coupled to a heat pump and then returned to the same mine shaft at a slightly different depth (a standing column arrangement). This system’s fundamental thermal efficiency is negatively impacted by the electrical power required to run the shaft submersible pump, but clogging issues are not significant. In the third system, at Caphouse, a heat exchanger is submerged in a mine water treatment pond (a closed-loop system). This can be run at any time, irrespective of mine pumping regime, and being a closed-loop system, is not susceptible to clogging issues

VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security and HIPAA Compliance: Part II

In a previous publication the authors developed a privacy and security checklist to evaluate Voice over the Internet Protocol (VoIP) videoconferencing software used between patients and therapists to provide telerehabilitation (TR) therapy.  In this paper, the privacy and security checklist that was previously developed is used to perform a risk analysis of the top ten VoIP videoconferencing software to determine if their policies provide answers to the privacy and security checklist. Sixty percent of the companies claimed they do not listen into video-therapy calls unless maintenance is needed. Only 50% of the companies assessed use some form of encryption, and some did not specify what type of encryption was used. Seventy percent of the companies assessed did not specify any form of auditing on their servers. Statistically significant differences across company websites were found for sharing information outside of the country (p=0.010), encryption (p=0.006), and security evaluation (p=0.005). Healthcare providers considering use of VoIP software for TR services may consider using this privacy and security checklist before deciding to incorporate a VoIP software system for TR.  Other videoconferencing software that is specific for TR with strong encryption, good access controls, and hardware that meets privacy and security standards should be considered for use with TR.Keywords: Voice over the Internet Protocol (VOIP), telerehabilitation, HIPAA, privacy, security, evaluatio

A Systematic Review of Research Studies Examining Telehealth Privacy and Security Practices Used By Healthcare Providers

The objective of this systematic review was to systematically review papers in the United States that examine current practices in privacy and security when telehealth technologies are used by healthcare providers. A literature search was conducted using the Preferred Reporting Items for Systematic Reviews and Meta-Analyses Protocols (PRISMA-P). PubMed, CINAHL and INSPEC from 2003 – 2016 were searched and returned 25,404 papers (after duplications were removed). Inclusion and exclusion criteria were strictly followed to examine title, abstract, and full text for 21 published papers which reported on privacy and security practices used by healthcare providers using telehealth.  Data on confidentiality, integrity, privacy, informed consent, access control, availability, retention, encryption, and authentication were all searched and retrieved from the papers examined. Papers were selected by two independent reviewers, first per inclusion/exclusion criteria and, where there was disagreement, a third reviewer was consulted. The percentage of agreement and Cohen’s kappa was 99.04% and 0.7331 respectively. The papers reviewed ranged from 2004 to 2016 and included several types of telehealth specialties. Sixty-seven percent were policy type studies, and 14 percent were survey/interview studies. There were no randomized controlled trials. Based upon the results, we conclude that it is necessary to have more studies with specific information about the use of privacy and security practices when using telehealth technologies as well as studies that examine patient and provider preferences on how data is kept private and secure during and after telehealth sessions.Keywords: Computer security, Health personnel, Privacy, Systematic review, Telehealth

Flooded Underground Coal Mines: A Significant Source of Inexpensive Geothermal Energy

Many mining regions in the United States contain extensive areas of flooded underground mines. The water within these mines represents a significant and widespread opportunity for extracting low-grade, geothermal energy. Based on current energy prices, geothermal heat pump systems using mine water could reduce the annual costs for heating to over 70 percent compared to conventional heating methods (natural gas or heating oil). These same systems could reduce annual cooling costs by up to 50 percent over standard air conditioning in many areas of the country. (Formatted full-text version is released by permission of publisher

Privacy and Security in Multi-User Health Kiosks

Enforcement of the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) has gotten stricter and penalties have become more severe in response to a significant increase in computer-related information breaches in recent years. With health information said to be worth twice as much as other forms of information on the underground market, making preservation of privacy and security an integral part of health technology development, rather than an afterthought, not only mitigates risks but also helps to ensure HIPAA and HITECH compliance. This paper provides a guide, based on the Office for Civil Rights (OCR) audit protocol, for creating and maintaining an audit checklist for multi-user health kiosks. Implementation of selected audit elements for a multi-user health kiosk designed for use by community-residing older adults illustrates how the guide can be applied.