Recently I decided to donate an older Acer laptop that I had laying around with Windows installed on it. When I went to go erase everything the anti-virus software informed me that my laptop was infected with spyware. This spyware had probably been stealing information from my laptop for months.
I rarely used this laptop as it was slow, serving as my backup in case my primary laptop broke down. To find out that it had spyware, which my anti-virus software never detected, was a big deal. Worse if I had actually used it for doing telemedicine.
Telemedicine Internet Security
One of the telemedicine companies I work for has a very weak internet security protocol on their platform. I can log in from pretty much anywhere, using any unsecured internet connection, and from any old laptop.
Telemedicine internet security is another way for telemedicine risk to be curbed by us clinicians.
If patient data is compromised then it’s logical to expect that the telemedicine company would have to take the majority of the blame. But what’s to stop a civil suit or other legal pursuit of the individual physician?
When I am first hired by a telemedicine company I read each of their lengthy documents before signing. The details are certainly lost on me because of the wording, which doesn’t make me any less liable. How protected am I as a physician in case of patient data compromise? How much risk am I taking if I don’t take steps to secure patient information transmitted over the web?
In this post I’ll discuss how to maximize telemedicine internet security from both a hardware and software perspective.
A Dedicated Computer
One of the best ways to decrease the risk of patient data compromise is to use a dedicated computer for telemedicine.
It’s likely that the laptop which I wanted to donate above got infected by spyware while I was on a random website – possibly a porn website. The spyware probably was too sophisticated to be detected by my anti-virus software until recently.
A dedicated computer where you are only doing telemedicine will decrease the risk of malware or spyware which could leech off sensitive data. On this laptop you will only visit websites with HTTPS protocols which allows for a secure computer network.
Unfortunately, even with a dedicated computer, you may find yourself needing to hop over to YouTube or a medical website to fetch resources for a patient.
Most telemedicine companies do not provide safe research resources for physicians such as UpToDate. That’s why we find ourselves sifting through potentially unsafe websites for facts.
Beyond a dedicated laptop for my telemedicine work, a Virtual Private Network (VPN) is a way for me to create a protected, secure, and encrypted connection to the internet.
Oscar has one of the best telemedicine internet security protocols. They provide me with a laptop which also has a company VPN installed on it. These guys take security and patient data protection seriously. More so than any other telemedicine company I work with.
Without a VPN, the websites you visit and the data you transmit over the internet are trackable and viewable by others. My internet service provider, for example, can know whether I’m watching Netflix, porn, or logged on to my telemedicine website.
A VPN isn’t unique to companies such as Oscar. I can install my own VPN software either on my computer or directly on my router. Let’s discuss both options.
The simpler of the two options is to install a VPN client on your computer locally. It can also be installed on your phone or tablet as an app as well.
The limitations are that a VPN client installed on a web-browser will only protect the data transmitted over the browser. If you do anything outside of that, like using a non-web based email or a file sharing software, then you won’t get the VPN protection.
VPN Hardware – Router
This is probably the best thing a physician can do in order to protect their telemedicine work. A router can have a VPN client installed on it which means that any connection that’s made in your house is secured because it’s routed through your VPN.
The added advantage of a VPN router is that there are portable ones which you can travel with. This makes staying at an AirBnb headache free from a telemedicine internet security standpoint.
ExpressVPN offers their VPN client services for around $7/month if you pay for a whole year. Otherwise they are $13/month.
NordVPN has similar pricing. With a 2 year plan it’s around $3/month, otherwise it’s $12/month.
Dr. Mo is incredibly paranoid when it comes to employers. After my experience with Kaiser Permanente I have realized that I am nothing but a medical license to an employer. I will be kicked to the curb as soon as I’m no longer a convenient employee.
I respect patient privacy as much as my own privacy. Okay, I respect my privacy much more than my patient’s – therefore, here is my recipe for protecting your privacy.
Broadcasting Your Location
My employer has no business logging my private information such as my location but they do it anyways. When I log into their telemedicine platform then they will record my IP address. Think of the IP address as your phone number.
The IP address can tell my employer which city/country I’m calling from and which internet service provider (Comcast, AT&T, etc.) I’m using. And a lot more.
But why the paranoia, Dr. Mo? Well, it’s just that I don’t know what I don’t know – I have no idea how such information can later be used against me.
In my particular case with American Well, I wasn’t told that I couldn’t do telemedicine work from another country. One day I found myself locked out of their telemedicine platform without any explanation. The per diem recruiter was clueless and it took 2 weeks for the IT guy to get back to me and tell me that because I had logged in from Spain they decided to terminate me.
The proper response for American Well would have been to tell me that it’s their policy that I cannot do telemedicine from another country. I asked them to show me this particular policy from all the documents they had me sign – no such policy existed in writing.
It might seem petty to some readers but how is it that this particular telemedicine company was able to use my broadcasted location against me? Why was I being punished for my honesty?
Masking Your Location
I try to avoid making repeat mistakes. Now I protect myself from a snoopy employer. Obviously, there is information that can be gathered from me that I’m not even aware of. The least I can do is to minimize such information leakage on my part.
Masking your location is easily done by setting your VPN to broadcast a particular location. All VPN providers who sell you their service will allow you to choose your desired IP location.
I can be online in Austin, Texas and by using my VPN I can have an IP address which masks my location to Oakland, California.
I can be in Oaxaca, Mexico and broadcast my location with an IP address in Miami, Florida.
In countries where the internet is censored, citizens make use of VPN’s in order to circumvent censorship laws.
VPN Client vs Router
A VPN client takes seconds to install and use. It’s by far the easiest way to get your VPN up and running. If you only have one laptop that you use to access a telemedicine site then it might be more than enough for you.
However, I prefer the VPN router option because I don’t have to install a software or app on every device I use. I also don’t have to make sure that the software runs properly. After all, if the software crashes my telemedicine internet security will be compromised and my real location will leak.
With a VPN router the VPN software is installed onto the router itself. If the VPN client goes down then so does the router connection and I’ll lose the WiFi signal. No information will leak.
AirBnb & Telemedicine
One of the best things about telemedicine is that I can do it from anywhere in the country. I can hop around from AirBnb to AirBnb, turn on my laptop, and start generating travel income.
The problem is that I don’t know what internet service provider my host is using. I don’t know who else has the password to the WiFi router. I don’t know if the host is a hacker and snooping on my digital shit.
I certainly know that if something should go wrong and patient data is breached, I could be held liable.
Travel VPN Router
In order to protect my own privacy and prevent patient data breach, I have decided to use my own portable travel VPN router from GL-iNet. I can configure their AR300M router with my particular VPN company of choice.
This unit will cost me less than $50. The only other thing I would need is a subscription to a VPN client.
I can use a cable to connect the AirBnb host’s WiFi router to my VPN router and then all the information going through my connected devices will be secure.
Easier VPN Router Options
The above option is a bit of a DIY project, though minimally so. For someone who wants a plug-n-play option I would recommend a preconfigured router based on the VPN client you choose.
If, for example, you decide to use ExpressVPN then you can purchase a pre-configured router directly from them. These are a little bulkier than the mini travel router above but they are easy enough to travel with from AirBnb to AirBnb.
If you want to use a different VPN client or desire a different router then I would recommend checking out FlashRouters.
These guys have a pretty big selection of preconfigured routers based on the VPN client you have.
Physicians Fighting Back
This physician blogger recently posted a great article as to why doctors should seek to become financially independent. Medicine is always changing but besides the rise in income, everything else is getting worse.
For every one doctor who might become financially independent early in their medical career, there will be many who will continue to suffer.
Patients have accepted the healthcare cost premium in return for the right to sue physicians. In return, physicians get to enjoy incredibly higher salaries because of this.
Physician have fought back brilliantly. Surgeons no longer operate on poor candidates because they don’t want their rankings to drop with insurers. These patients will have to suffer which is a shame but it’s the consequence of this medical system.
Other physicians have escaped traditional medicine and perform aesthetic medicine. Though lawsuits are still prevalent here, the return on investment is much higher.
Mental health providers stopped scheduling patients out in advance in order to comply with faster access requirements. Patients instead have to call back every morning hoping there is a cancellation or wait on-hold for hours to get plugged into a same-day appointment.
I have structured my documentation to fit the disease diagnosis that I enter into the EHR. When statisticians and researchers later go to dissect this information they are coming up with dirty data which hurts medical progress.
Protecting our security and privacy are simple steps that may not make a huge difference externally. However, they will empower us and it’s just another way to fight back against overbearing employers and overzealous medical boards.