Software Error in Telehealth App Allowed Patients to Access Videos of Other Patients’ Consultations

A chatbot and telehealth startup company located in the UK has sustained an embarrassing privacy breach this week. Babylon Health made a telehealth application that general practitioners could utilize for virtual consultations with patients. The app permits users to make consultations with their physicians, make use of an AI-based chatbot for triage, and conduct voice and video meetings with their doctor by means of the app.

On June 9, 2020, a patient utilizing the app to get his prescribed medications saw the video clips of 50 patients’ consultation sessions in the archive area of the app. The files included video replays of meetings between patients and doctors, exposing private and, possibly, very sensitive data.

The patient shared the discovery on Twitter. Getting access to video appointments of patients in the application is an extensive data breach with more than 50 video clips.

Babylon Health gave a statement stating that the incident was because of a glitch in the applicatioin and not a malicious attack. Babylon Health mentioned that it found out about the error prior to the patient’s announcement of the data breach on Twitter and stated that the problem was fixed in several hours.

Based on the investigation, three patients got access to the video clips of other patients, nevertheless in two instances, the patients didn’t see any of the video footage. The glitch just occurred in the UK app version and did not impact its global operations. The glitch was introduced during the app udate to enable switching between video and audio while a patient is on a conference with a doctor.

Babylon Health already filed a report of the data breach to the UK Information Commissioner’s Office as ordered by the EU’s General Data Protection Regulation and will publish complete details concerning the data breach.

In this incident the software problem doesn’t seem to have compromised a lot of patients’ meetings, however it causes worry considering the highly sensitive health data compromised using the app. There are presently roughly 2.3 million application users in the United Kingdom, hence the breach can potentially grow a lot worse.

Telehealth services had a big expansion in the U.S. due to the COVID-19 pandemic. The HHS’ Centers for Medicare and Medicaid Services (CMS) increased coverage for reimbursable telehealth services throughout the COVID-19 pandemic and the HHS’ Office for Civil Rights (OCR) gave a notice of enforcement discretion for telehealth services, enabling healthcare organizations to employ communications solutions that might not be completely HIPAA compliant.

Given the growth in telehealth services, and the wide selection of apps being utilized to offer telehealth services, this may well be only the initial of a number of privacy breaches that involve telehealth services this 2020.

Although no financial penalties might be issued because of privacy and security concerns linked to the honest offering of telehealth services at this time of COVID_19 public health crisis, care must still be exercised whenever picking a telehealth service. A lot of video conferencing platforms were not created with adequate security protections to make sure patient information is appropriately secured, which puts patient privacy in jeopardy. As this occurrence shows, data leaks could transpire even with purpose-built health apps.

To make certain to secure patient privacy , every new technology must have security check. Now that the COVID-19 pandemic is more under control, it is the appropriate time to perform a check of any telehealth apps and other program which was introduced to make certain there are enough protections of patient data.

It is additionally worth noting the advice to switch to a HIPAA-compliant healthcare telehealth solution that has extensive data privacy and security controls. TigerTouch is a provider of telehealth solutions that enable healthcare organizations to quickly message with care team members and do telehealth consultations with patients from home using the same app. The solution follows all HIPAA requirements, integrates a lot of safety measures to make certain patient data is safe, and the platform permits the sharing of files, photos, and ePHI immediately and securely. View an on-demand webinar here to know more regarding the app.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone