Embedded scoring methodology for the self - Assessment of the privacy and security concerns in telemedicine systems in Sri Lanka

Abstract

Telemedicine, a subset of telehealth, has garnered increasing attention for its potential to transform healthcare delivery. This analysis was undertaken with the goal of developing an embedded scoring system for a self-assessment questionnaire aimed at gauging patients' familiarity with privacy and security concerns associated with telemedicine adoption in Sri Lanka. To achieve this objective, our methodology commenced with an exhaustive review of published research papers pertaining to privacy and security issues within the telemedicine sector and associated scoring mechanisms. Subsequently, we deployed an online questionnaire to gather comprehensive data encompassing a range of scenarios, including privacy, data storage, consent, encryption, authentication, authorisation, and network security. The selection of these categories was rooted in international policies such as HIPAA, adapted to suit the Sri Lankan telemedicine landscape. Upon the formulation of the questionnaire, we employed the Likert scale to quantify responses, enabling us to assess the significance of various dimensions. Data analysis was executed utilising IBM SPSS (Statistical Package for Social Sciences) software, with qualitative inquiries supplemented by predefined response options. Key findings from our study revealed notable gaps in patient awareness and understanding. Over 45% of telemedicine users admitted to not having reviewed the privacy or security policies associated with their telemedicine applications. Similarly, more than 40% of telemedicine system users lacked knowledge of wellestablished privacy and security regulations, including HIPAA, HL7, and GDPR. Additionally, patients exhibited uncertainty regarding the average size of documents or images shared through telemedicine applications. Alarmingly, approximately 50% of patients were unfamiliar with encryption algorithms such as DES, AES, RSA, Blowfish, and Twofish, despite being well-versed in data-recovery techniques and antivirus software usage. This study, conducted with a sample size of 100 respondents, underscores the pervasive limitations in patient understanding of critical aspects related to telemedicine application use. Moreover, it emerged that telemedicine system users often accessed government-blocked, insecure, or unavailable websites within their regions. In response to these findings, we have developed an informative website aimed at enhancing telemedicine users' knowledge by disseminating the insights gleaned from our analysis. In conclusion, the implementation of our embedded scoring method yielded not only high completion rates but also valuable, thoughtful responses. This study underscores the imperative of bolstering patient education and awareness to ensure the secure and responsible adoption of telemedicine in Sri Lanka's healthcare landscape.