December 20, 2021

3 min

Ensuring Telehealth Compliance in a Post-Pandemic World

These five steps can help providers shore up security issues created by rapid implementations.

The COVID-19 pandemic upended the world of healthcare. In addition to the crushing burden it placed on all aspects of the healthcare system, the pandemic required healthcare providers to transform the way they deliver care almost overnight. That’s particularly true of telemedicine. Providers who had never considered using telemedicine or used it only in unusual circumstances found themselves delivering most of their care over videoconferences, sometimes from their homes.

This transformation happened out of necessity, and healthcare organizations implemented the tools they needed very quickly. Information security and compliance teams loosened standards and granted exceptions to security policies in an effort to deliver quality patient care. Now that we’re nearly two years into the pandemic, it’s time that we take another look at the security of these deployments. Here are five things healthcare providers can do now to ensure the security and compliance of their telehealth operations.

Assess Your Environment

Healthcare organizations should deconstruct the rapid changes that took place during the pandemic and evaluate the risks that have resulted from these operations. CDW provides rapid assessments that help healthcare providers get an independent view of their security posture. Best of all, these assessments can be performed remotely.

Implement Multifactor Authentication Judiciously

Multifactor authentication is an incredibly important and effective security control, but it’s also burdensome. While it’s a good idea to deploy multifactor technology for accounts that belong to healthcare providers and administrators, it’s probably not necessary to do so for patients who have access only to their own records.

Deploy Privileged Access Management Technology

In addition to securing the account authentication process, organizations should deploy privileged access management solutions that track and audit the activity of authorized users. PAM technology builds a comprehensive audit trail, enabling cybersecurity teams to detect suspicious activity as it occurs and to perform forensic investigations after a security incident.

Centralize Patient Records

Providers adopted many new technologies to get things done during the pandemic. Pulling patient records back into a centralized store allows cybersecurity teams to build a secure repository where those records are protected against threats to their confidentiality, integrity and availability.

Enforce the Principle of Least Privilege

As organizations moved to remote access of electronic medical records, many allowed authenticated users to access any medical record. Now is the time to go back and audit those privileges, ensuring that providers have access to the records they need to do their jobs but cannot browse the system and view records indiscriminately. 

We’re all going to look back on the pandemic as a time of upheaval but also as a time of transformation. Providers around the world were pushed to deliver care using state-of-the-art technologies, and the change that we’ve seen will have lasting benefits. By properly securing these systems today, we can ensure safe and secure telemedicine into the future.

Story by Nick Schurman, a CDW senior inside solution security architect who specializes in pre-sales design and consulting. He provides innovative network security solutions by leveraging years of industry experience and client interaction. Nick can articulate technical subject matter within all levels of an organization. He discusses long-term business objectives and crafts security solutions to solve business problems, not just technical problems.


Others stop at notification. Sophos takes action. Get 24/7 threat hunting, detection and response.