Revision as of 08:07, 26 October 2022

COVID-19 Pandemic Influences on Healthcare Delivery and Information Security in the United States

Contents Introduction

The COVID-19 Pandemic changed healthcare information organization and delivery. Prior to the Pandemic, one estimation reported that in the year 2016 only 15.4 % of physicians in the US belonged to practices employing telemedicine for patient interaction and only 11.2% used telemedicine for interactions between healthcare professionals 1,2. Telemedicine techniques remained largely confined to larger practices and institutions while impacting a range of healthcare information practices including information delivery platforms such as video conferencing, and virtual visits, in addition to changing the storage and transfer of radiological and pharmaceutical data1,2,3,4. Many of these changes caused an increase in cybersecurity burden and fallout with costly consequences that may take years to be properly understood3,4,5.

Introduction

The COVID-19 Pandemic changed healthcare information organization and delivery. Prior to the Pandemic, one estimation reported that in the year 2016 only 15.4 % of physicians in the US belonged to practices employing telemedicine for patient interaction and only 11.2% used telemedicine for interactions between healthcare professionals 1,2. Telemedicine techniques remained largely confined to larger practices and institutions while impacting a range of healthcare information practices including information delivery platforms such as video conferencing, and virtual visits, in addition to changing the storage and transfer of radiological and pharmaceutical data1,2,3,4. Many of these changes caused an increase in cybersecurity burden and fallout with costly consequences that may take years to be properly understood3,4,5.

Background and Impact Conditions in the United States

In January of 2020, US healthcare groups struggled to adapt to evolving healthcare needs of the Pandemic with only 24% of organizations reporting an established telehealth program1. Changes in Health Insurance Portability and Accountability Act (HIPAA) policy enforcement coupled with societal lockdowns influenced dramatic changes in delivery and documentation. For example, urgent care access in certain New York healthcare centers saw an 80% decrease regarding in-person visits with a simultaneous 683% increase in virtual urgent care triage as well as a 4,345% increase in non-urgent video visits1,4. Likewise medical providers classified as facilitating urgent care grew from 40 to 289 within the same system. The delivery system and methods of information exchanged shifted dramatically. Healthcare vendors as well reported increasing adoption and utilization of their platforms1. Amwell, a Boston based telemedicine company for example, reported a 2000% increase in registered visits across their platform prior to May 20201.

Facing an unprecedented situation, many organizations scrambled to alter informational and workflow approaches with heterogenous needs and pursuits. While the Office for Civil Rights shifted enforcement of HIPAA to allow traditionally non-healthcare-oriented platforms such as Zoom, the increased attack surface combined with worker strain and inexperience to plague an already vulnerable system5.

US Factors Contributing to Compromised Information Security During in the Pandemic

A full list of factors influencing healthcare information exchange in the Pandemic are not well established and vary with a variety of human, environmental, and end-point conditions, however they include but are not limited to3:

• Increased reliance on vulnerable remote technology

• Employment of new and non-traditional healthcare platform access not designed for healthcare information security standards

• Limited worker experience, awareness, and training to combat cyberattacks

• Lack of Board-Level Risk Assessment and Planning

• Economic and Budgetary Concerns

• Prior vulnerabilities of the large and diverse healthcare information network including medical device liability, interoperability issues, and cybersecurity device literacy

• Increased supply strain and digital scam potential

Impact

The full extent of the impact on the healthcare information ecosystem from the ongoing COVID-19 represents a diverse and evolving area of discussion, however conditions related to the first few years yield several empirical points of context. A significant rise in healthcare scams and ransomware was reported5. Healthcare data-breach costs under the pandemic increased, with a 29.5% increase from 7.13 to 9.23 million dollars on average per breach5.

References

[1]. Kaplan B. REVISITING HEALTH INFORMATION TECHNOLOGY ETHICAL, LEGAL, and SOCIAL ISSUES and EVALUATION: TELEHEALTH/TELEMEDICINE and COVID-19. Int J Med Inform. 2020 Nov;143:104239. doi: 10.1016/j.ijmedinf.2020.104239. Epub 2020 Jul 31. PMID: 33152653; PMCID: PMC7831568.

[2]. Kane CK, Gillis K. The Use Of Telemedicine By Physicians: Still The Exception Rather Than The Rule. Health Aff (Millwood). 2018 Dec;37(12):1923-1930. doi: 10.1377/hlthaff.2018.05077. PMID: 30633670.

[3]. Williams CM, Chaturvedi R, Chakravarthy K. Cybersecurity Risks in a Pandemic. J Med Internet Res. 2020 Sep 17;22(9):e23692. doi: 10.2196/23692. PMID: 32897869; PMCID: PMC7528623.

[4]. He Y, Aliyu A, Evans M, Luo C. Health Care Cybersecurity Challenges and Solutions Under the Climate of COVID-19: Scoping Review. J Med Internet Res. 2021 Apr 20;23(4):e21747. doi: 10.2196/21747. Erratum in: J Med Internet Res. 2021 Apr 28;23(4):e29877. PMID: 33764885; PMCID: PMC8059789.

[5]. IBM Security. Cost of a Data Breach Report 2021 [Internet]. IBM. IBM; 2021 [cited 2021Sep1]. Available from: https://www.ibm.com/downloads/cas/OJDVQGRY