On February 3, 2015, a bipartisan group of Florida lawmakers, including Senate Health and Human Services Committee Chairman Aaron Bean (R-Fernandina Beach) and House Health Policy Committee Chairman Jason Brodeur (R-Sanford) said they expect to reach an agreement on legislation regarding telemedicine. “Telehealth programs are a cost-effective alternative to traditional consultations and examinations between providers and patients,” said state Rep. Travis Cummings, who has filed a telemedicine bill in the House. “Telemedicine increases access to healthcare for patients who do not have access to care and is generally available at a reduced cost.”

Telemedicine is the practice of using information technologies to provide medical service. Telemedicine may be employed by physicians, hospitals, and other health care providers to provide medical services from great distance.   One example of telemedicine is a virtual visit program by which a provider can provide virtual consultations.  The provider, through the virtual consultation, may see the patient’s medical record and notes, and the patient would not have to leave their home.

Providing medical services through information technologies creates the risk of data breaches. Inherent in providing medical services over information technology is sharing a patient’s personal information through that technology.  Depending on the practice of the health care provider engaging in telemedicine, the patient’s personal information may be transmitted over a network, stored on a hard drive, or shared in the cloud.  The patient’s  personal information transmitted, stored or shared may include his or her date of birth, social security number, and medical information, all of which may be protected by state and federal laws, such as the Health Insurance Portability and Accountability Act of 1996.  Other laws may govern how that personal information is to be treated in the event that a data breach occurs, such as the Florida Information Protection Act of 2014.

While telemedicine will no doubt eliminate barriers to providing medical services, it will also eliminate some barriers to data breaches. In the rush to providing such services, health care providers, such as hospitals and physicians will inevitable risk cyber vulnerability.  In advance of legislation permitting telemedicine, and in advance of engaging in the practice of telemedicine, medical service providers should consult with external security providers and an attorney to determine what practices if any they should engage in to protect the security of the data that they will exchange through telemedicine.