Back to the Blog

Does Your Telehealth Provider Have the Proper Certifications and Security Protocols?

Posted: February 28, 2022

Over the last few years, telehealth has become a safe and convenient way for providers to offer medical care to their patients in the wake of the COVID-19 pandemic. In fact, telehealth is driving improved health outcomes for patients in rural areas because it gives patients access to more quality medical care.

For providers, though, there is more to consider than the convenience to patients. Seemingly every day, there are stories in the news about cyber-attacks and data leaks. While it may be concerning, there are secure ways to offer telehealth services in your practice by choosing a provider that has the proper certifications and security protocols.

The Data Security Dilemma

According to a recent survey conducted by Arlington Research, more than half of global telehealth providers say they have had patients refuse a virtual visit because of a distrust in technology or a data privacy concern. The providers themselves expressed concerns about data security in their organizations.

But despite the risks, 71% of the respondents said telehealth will continue to add value to the healthcare sector over the next five years. So where do you turn to bridge that gap? When selecting a telehealth provider, there are several certifications and protocols that can signify safety and security.

SOC-2 Certification

If a provider has a SOC-2 certification, they have undergone a rigorous audit of their procedures for managing data and securing privacy. The provider is evaluated on the resources they have in place to protect unauthorized users from accessing private information, such as firewalls and two-factor authentication. The audit also looks at how data is processed and delivered and checks for data security systems like encryption. Telehealth providers are not required to have a SOC-2 certification. However, if a vendor has this certification, they are meeting the most rigorous standards of compliance and security.


Let's Talk Interactive has a SOC-2 certification. 

Business Associate Agreements

If you are looking for a telehealth provider, ask potential vendors if they have a policy in place for Business Associate Agreements (BAA). A BAA is a contract between a HIPAA-covered entity and any third-party service provider, like a telehealth provider, who will have access to personal health information (PHI). The agreement lays out the permitted uses of protected information and dictates that the third party will not disclose any PHI and requires the third party to safeguard any PHI they encounter.

Let's Talk Interactive has a BAA policy in place. 

Encrypted Storage

A highly secure telehealth provider uses encrypted storage for both data in transit and on storage media. This means data is encrypted as it is transmitted to storage devices like hard disks, drives, or libraries. A storage encryption password protects the data and stores it in a way that cannot be read or understood by another human without proper access to descramble it into a readable state.

Let’s Talk Interactive – Your Secure Partner

You can securely implement telehealth in your practice to better serve your patients. Contact us today to learn how Let’s Talk Interactive can make telehealth work for your practice or facility in the safest way possible.