By Albert Fox Cahn and Melissa Giddings

阿尔伯特·福克斯·卡恩(Albert Fox Cahn)和梅利莎·吉丁斯(Melissa Giddings)

Doctors are quick to adopt new technologies when they are used to treat illnesses, but they are practically luddites when it comes to the technology used to communicate with us, their patients. But one of the pandemic’s more surprising side effects has been the new drive to treat patients remotely via telemedicine. Now, in the rush to expand contactless medicine, doctors are moving much faster than the regulators, potentially leaving some patients at risk.

当医生用来治疗疾病时，他们很快就会采用新技术，但是当涉及到与我们，他们的患者进行沟通的技术时，他们几乎不愿接受。 但是，这种大流行病最令人惊讶的副作用之一是通过远程医疗远程治疗患者的新动力。 现在，在急于扩大非接触式药物的领域中，医生的行动速度比监管机构快得多，有可能使一些患者处于危险之中。

Routine appointments that once happened in person are moving onto digital platforms, raising the risk of hacking in real time and threatening doctor-patient confidentiality. Telehealth was a multibillion-dollar industry before the arrival of COVID-19, but use increased nationally by more than 5,000% in both April and May 2020 when compared to the prior year. The money involved is staggering. Earlier this month virtual healthcare provider Teledoc announced the purchase of Livongo, a mobile health management platform, for $18.5 billion in what amounted to the largest digital health deal in history. But there was consolidation even prior to the pandemic.

曾经亲自进行的例行约会正在转移到数字平台上，从而增加了被实时黑客攻击的风险，并威胁到医患的机密性。 在COVID-19到来之前，远程医疗是一个价值数十亿美元的产业，但是与上一年相比，2020年4月和2020年5月全国使用量增长了5,000％以上。 涉及的资金惊人。 本月初，虚拟医疗保健提供商Teledoc宣布以185亿美元的价格收购移动健康管理平台Livongo ，这是有史以来最大的数字健康交易。 但是，甚至在大流行之前就已经进行了整合。

In 2019, Amazon purchased PillPack for $753 million, giving the tech behemoth an entry point to the consumer prescription delivery sector. Google attempted to snap up Fitbit for a cool $2.1 billion, but the acquisition is delayed pending a European Union investigation into data protection.

2019年，亚马逊以7.53亿美元的价格收购了PillPack，这为这家科技巨头提供了进入消费者处方药交付领域的切入点。 Google试图以21亿美元的高价收购Fitbit，但由于欧盟对数据保护展开调查，收购被推迟了。

It is easy to see why companies like Amazon are interested in exploiting the telehealth market. The average PillPack user in 2018 generated $5,000 in revenue, nearly four times the typical Prime user. And as most PillPack users are in their 50s and 60s, they are statistically less likely to switch away to rival firms.

显而易见，为什么像亚马逊这样的公司对开发远程医疗市场感兴趣。 PillPack用户在2018年的平均收入为5,000美元，几乎是典型Prime用户的四倍。 而且，由于大多数PillPack用户的年龄在50到60岁之间，因此从统计学上讲，他们转投竞争对手公司的可能性较小。

More importantly, these patients are an invaluable source of data. Amazon is already utilizing AWS and the Alexa voice division to consolidate medical records and data mine customer information. Independent pharmacists have warned that Amazon violates patient privacy, calling rival pharmacists’ customers to request that they transfer their prescriptions to Amazon. Amazon has refused to reveal how it obtained these patients health and contact data. Additionally, one Amazon data vendor, ReMy Health, recently came under fire for concealing who has access to its sensitive patient information.

更重要的是，这些患者是宝贵的数据来源。 亚马逊已经在利用AWS和Alexa语音部门来整合病历和数据挖掘客户信息。 独立药师警告说 ，亚马逊侵犯了患者的隐私，并呼吁竞争对手药师的顾客要求他们将处方转移到亚马逊。 亚马逊拒绝透露如何获得这些患者的健康和联系数据。 此外，亚马逊数据供应商ReMy Health最近因隐瞒谁可以访问其敏感的患者信息而受到抨击 。

Even without corporate consolidation, telemedicine poses pronounced privacy and security risks. As the number of telehealth transactions grows, so too does the attractiveness of telehealth providers as targets for hackers and other malicious actors. Last year, prior to the pandemic, the healthcare industry already saw a 49% increase in hacking, impacting 41.4 million patient records.

即使没有公司合并，远程医疗也会带来明显的隐私和安全风险 。 随着远程医疗交易数量的增加，远程医疗提供商作为黑客和其他恶意行为者的目标的吸引力也在增加。 去年，在大流行之前，医疗保健行业的黑客入侵已经增长了49％，影响了4,140万患者记录。

Sadly, the federal laws that protect this growing pool of data have gone largely unchanged for a quarter century. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) offers several protections for patient data. But in March, the Department of Health and Human Services Office for Civil Rights announced it would “exercise enforcement discretion and waive penalties for HIPAA violations” for remote healthcare service. In other words, telemedicine providers got a free pass on privacy. Suspending privacy protections as an emergency measure makes sense, but more than five months later, there’s a real risk that this temporary workaround will become a permanent loophole.

可悲的是，保护这个不断增长的数据池的联邦法律在25年的时间里基本上没有变化。 1996年的《健康保险携带和责任法案》(HIPAA)为患者数据提供了多种保护。 但是在三月份，卫生与公众服务部民权办公室宣布将“针对远程医疗服务行使执法自由裁量权，并免除违反HIPAA的处罚”。 换句话说，远程医疗提供商可以免费获得隐私权。 将隐私保护作为紧急措施是有意义的，但是五个多月后，确实存在这种暂时性解决方法将成为永久漏洞的风险。

HIPAA was enacted to protect Americans with preexisting conditions from discrimination and marginalization. Without HIPAA’s minimal protections, our health data is vulnerable to an array of abuses. While these dangers have to be balanced out against the exigencies of our current public health crisis, they shouldn’t be ignored. Rather than simply responding to the latest crisis, policy makers should create privacy protections that balance patient safety and the need for flexibility.

HIPAA的颁布旨在保护已有条件的美国人免受歧视和边缘化。 没有HIPAA的最低限度保护，我们的健康数据很容易受到一系列滥用的攻击。 尽管必须将这些危险与我们当前的公共卫生危机的紧迫性相抵消，但也不应忽视它们。 决策者不仅应该简单地应对最新的危机，还应该创建保护患者安全和灵活性需求之间平衡的隐私保护。

As remote healthcare services are extended beyond the pandemic, providers must take all steps necessary to secure our sensitive health data. Encryption, threat monitoring, risk assessment, user training, and informed consent are all vital to reducing the risk of data breaches. The companies capitalizing on the rapid expansion of the telehealth industry must also formalize and document their security practices, with real accountability when they fall short. When reassessing the HIPAA waivers enacted during the pandemic, regulators must take the time to consider data security concerns unique to digital healthcare and interoperable technology, updating the standards accordingly.

随着远程医疗服务扩展到大流行之外，提供者必须采取所有必要步骤来保护我们的敏感健康数据。 加密，威胁监视，风险评估，用户培训和知情同意对于降低数据泄露风险至关重要。 充分利用远程医疗行业的Swift发展的公司还必须正式制定并记录其安全做法，并在出现不足时承担真正的责任。 在重新评估大流行期间颁布的HIPAA豁免时，监管机构必须花时间考虑数字医疗和可互操作技术独有的数据安全问题，并相应地更新标准。

Lastly, regulators and lawmakers should tend to those left behind in the transition to telehealth. Video consultations and other online services threaten to leave many untreated, with broadband internet access becoming a literal lifeline. Americans on the far side of the digital divide — those without smartphones, computers, or consistent connectivity — are increasingly shut out from the virtual physician’s office. This means that many of those lower-income communities hit hardest by COVID-19 will also have the hardest time finding medical help.

最后，监管机构和立法者应该偏向向远程医疗过渡的那些人。 视频咨询和其他在线服务有可能使许多人得不到治疗，宽带互联网接入已成为真正的生命线。 处于数字鸿沟另一端的美国人-那些没有智能手机，计算机或连贯连接的人-越来越多地被虚拟医生的办公室拒之门外。 这意味着，许多受COVID-19打击最严重的低收入社区也将最难找到医疗帮助。

It won’t be easy to create rules for an entire subfield of medicine, but it is certainly urgent. Health data is held to a heightened privacy standard for a reason. As we open the door to the provision of digital healthcare and the development of related technology, we cannot leave that door open to new and dangerous security risks.

为整个医学子领域创建规则并非易事，但无疑很紧迫。 由于某种原因，健康数据必须遵守严格的隐私标准。 当我们为提供数字医疗保健和相关技术的发展打开大门时，我们不能为新的危险安全风险敞开大门。

Albert Fox Cahn (@FoxCahn) is the founder and executive director of the Surveillance Technology Oversight Project (S.T.O.P.) at the Urban Justice Center, a New York-based civil rights and privacy group, and a fellow at the Engelberg Center for Innovation Law & Policy at N.Y.U. School of Law. Melissa Giddings is a legal fellow at the Surveillance Technology Oversight Project.

阿尔伯特·福克斯·卡恩(@FoxCahn)是城市司法中心(位于纽约的民权和隐私小组)城市监视技术监督项目(STOP)的创始人和执行董事，也是英格堡创新法律与研究中心的研究员纽约大学法学院的政策。 梅利莎·吉丁斯(Melissa Giddings)是监视技术监督项目的法律研究员。