Cloud 101CircleEventsBlog
Take the Understanding Data Risk Survey to help shape the future of data security!

Download Publication

Telehealth Risk Management
Telehealth Risk Management

Telehealth Risk Management

Release Date: 06/10/2021

The recent COVID-19 pandemic has increased the demand for data and accelerated the use of telehealth. The Health Resources and Services Administration (HRSA) of the U.S. Department of Health and Human Services (HHS) defines telehealth as the use of electronic information and telecommunications technologies to support and promote long-distance clinical health care, patient and professional health-related education, and public health and health administration. Technologies include videoconferencing, the internet, store and-forward imaging, streaming media, and landline and wireless communications.

This paper focuses on having the processes and controls in place necessary to ensure the privacy and security of telehealth patient information in the cloud with respect to the HIPAA privacy rule and the GDPR. Maintaining the sanctity and integrity of healthcare data is of paramount importance not just from a regulatory perspective but also from a patient safety point of view. In this paper, we have presented privacy and security issues in each phase of the data lifecycle and discussed methods to mitigate privacy and security concerns.

Download this Resource

Prefer to access this resource without an account? Download it now.

Bookmark
Share
Related resources
Zero Trust Guidance for Critical Infrastructure
Zero Trust Guidance for Critical Infrastructure
AI in Medical Research: Applications & Considerations
AI in Medical Research: Applications & Consider...
Zero Trust Guiding Principles v1.1
Zero Trust Guiding Principles v1.1
Modernization Strategies for Identity and Access Management
Modernization Strategies for Identity and Access Management
Published: 11/04/2024
Dispelling the ‘Straight Line’ Myth of Zero Trust Transformation
Dispelling the ‘Straight Line’ Myth of Zero Trust Transformation
Published: 11/04/2024
Zero Standing Privileges: The Essentials
Zero Standing Privileges: The Essentials
Published: 11/01/2024
How to Get your Cyber Essentials Certification: A Process Guide
How to Get your Cyber Essentials Certification: A Process Guide
Published: 10/31/2024

Acknowledgements

Vincent Campitelli
Vincent Campitelli

Vincent Campitelli

After retiring from McKesson Corporation in 2016, Vince joined the Office of the President within the Cloud Security Alliance (CSA). Serving as an Enterprise Security Specialist, Vince supports the vast membership base of CSA in consuming and leveraging the numerous services, tools and expanding scope of research devoted to Cloud Computing. With his background in both the healthcare and financial service industries, Vince actively works wit...

Read more

Michael Roza
Michael Roza
Risk, Audit, Control and Compliance Professional at EVC

Michael Roza

Risk, Audit, Control and Compliance Professional at EVC

Since 2012 Michael has contributed to over 100 CSA projects completed by CSA's Internet of Things, Zero Trust/Software-Defined Perimeter, Top Threats, Cloud Control Matrix, Containers/Microservices, DevSecOps, and other working groups. He has also served as co-chair of CSA's Enterprise Architecture, Top Threats, and Security-as-a-Service working groups while also serving as the Standards Liaison Officer for IoT, ICS, EA, SECaaS, and Cloud K...

Read more

Dr. Jim Angle
Dr. Jim Angle

Dr. Jim Angle

Jim has dedicated hundreds of hours to CSA and was instrumental in reviving CSA’s Health Information Management working group. In doing so, he drafted the group’s first charter and went on to become its co-chair. In this role, he authored three papers — Managing the Risk for Medical Devices Connected to the Cloud, Telehealth in the ...

Read more

Ashish Vashishtha
Ashish Vashishtha
Security Compliance Leader

Ashish Vashishtha

Security Compliance Leader

Analytical, results-oriented IS/IT Audit, Governance, Risk, and Compliance (GRC) leader over 19 years of experience managing enterprise-wide IT/IS security risk approach for large healthcare and IT services organizations. Passionate design thinker with an ability to harness innovation by facilitating collaboration to develop enterprise-wide security risk assessments (onsite as well as remote) for high-risk Third-Parties leveraging NIST 800-...

Read more

Patty Ryan Headshot Missing
Patty Ryan

Patty Ryan

Michael Roza
Michael Roza
Risk, Audit, Control and Compliance Professional at EVC

Michael Roza

Risk, Audit, Control and Compliance Professional at EVC

Since 2012 Michael has contributed to over 100 CSA projects completed by CSA's Internet of Things, Zero Trust/Software-Defined Perimeter, Top Threats, Cloud Control Matrix, Containers/Microservices, DevSecOps, and other working groups. He has also served as co-chair of CSA's Enterprise Architecture, Top Threats, and Security-as-a-Service working groups while also serving as the Standards Liaison Officer for IoT, ICS, EA, SECaaS, and Cloud K...

Read more

Alex Kaluza
Alex Kaluza
Research Analyst, CSA

Alex Kaluza

Research Analyst, CSA

Diego Diviani Headshot Missing
Diego Diviani

Diego Diviani

Ashish Vashishtha
Ashish Vashishtha
Security Compliance Leader

Ashish Vashishtha

Security Compliance Leader

Analytical, results-oriented IS/IT Audit, Governance, Risk, and Compliance (GRC) leader over 19 years of experience managing enterprise-wide IT/IS security risk approach for large healthcare and IT services organizations. Passionate design thinker with an ability to harness innovation by facilitating collaboration to develop enterprise-wide security risk assessments (onsite as well as remote) for high-risk Third-Parties leveraging NIST 800-...

Read more

Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?

Related Certificates & Training