U.S. flag

An official website of the United States government

Woman sitting on floor, legs folded, with laptop in lap. Lock image on laptop screen.

Privacy and security for telehealth

Getting started

Better understand how privacy and security requirements can benefit your telehealth practice.

On this page:

What are telehealth privacy and security risks?

Telehealth comes with privacy and security risks that need to be addressed so providers comply with laws and regulations and patients trust that their health information is secure.

Below are some of the main telehealth privacy and security risks:

  • Data breaches and unauthorized access. The collection, transmission, and storing of sensitive patient data, such as medical records, through telehealth platforms have come with an increase in data breaches. In March 2024, the HHS Office for Civil Rights (OCR) reported a 256 percent increase in large breaches involving hacking over the past five years (2018 – 2023).
  • Unsecure devices and networks. Patients and providers who use unsecure devices or public Wi-Fi networks to access telehealth services increase their risk of data interception or unauthorized access.
  • Inadequate policies and training. Providers may lack comprehensive policies and training programs for staff and patients, which can lead to potential privacy and security lapses when using telehealth technologies.

To mitigate these risks, providers and health care organizations should implement robust privacy and security measures. These efforts include complying with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules, using a password protected telehealth platform, and establishing comprehensive policies and training programs for telehealth use.

There are many benefits that come with safeguarding against privacy and security risks. Communications with patients about these safeguards encourages trust between providers and their patients in the use of telehealth technologies.

How to set up a privacy compliant telehealth practice?

Setting up a privacy-compliant telehealth practice involves following various laws, regulations, and guidelines to ensure the protection of patient data. Key steps and resources to consider, include:

  • Understand and comply with HIPAA regulations for telehealth services and secure communication channels, including patient portals.
  • Develop and document telehealth privacy and security policies and procedures, including patient consent and data handling practices.
  • Stay up to date with evolving regulations and guidance on health data privacy at the federal level and in your state.

More information

Telehealth privacy tips for providers (PDF) — Health Resources and Services Administration

Health privacy — Federal Trade Commission

Health care sector cybersecurity (PDF) — U.S. Department of Health and Human Services

Office for Civil Rights – U.S. Department of Health and Human Services

Telehealth security and privacy tips for providers — National Institute of Standards and Technology