Skip to main content
  • Capability

Secure Telehealth Infrastructure Auditing

Help enable safer and more secure virtual collaboration between patients and their physicians.

Father and daughter online with dr

Telehealth as the new normal

While telehealth technologies have evolved slowly for well over a decade, recent world events are accelerating this process as patients and healthcare providers reexamine the need for in-person care. Pervasive computing devices like smartphones now put these capabilities in the hands of almost every clinician and patient around the world.

However, when first getting involved with telehealth, some questions may arise:

  • Can I get/provide vitals remotely? 
  • Could someone else be watching the webcam during the visit?
  • Is the clarity of my screen image adequate?
  • How should I store or share this data?
  • Is my new virtual procedure still within government reimbursement guidelines?

UL can help healthcare and technology providers navigate these issues as telehealth becomes part of the “new normal” during and after the fight against COVID-19.

UL’s telehealth infrastructure auditing

We provide comprehensive audit services to evaluate protocols and processes pertaining to new virtual procedures that replace previously off-line practices. Our healthcare industry experts can share insights into the use of new telehealth technologies by either patients or clinicians. We conduct protocol-level cybersecurity and regulatory compliance assessments to identify potential data transfer vulnerabilities and conflicts in pre-established, end-to-end system dataflows as operations move online.

The following activities are critical steps for establishing safe and secure telehealth practices:

  • Telehealth implementation – We help healthcare providers understand Centers for Medicare & Medicaid Services (CMS) insurance reimbursement policies and practices for telemedicine, making the most of the transition to this new mode of care. We articulate the capabilities and performance characteristics of the telemedicine infrastructure and identify deployment considerations. Our Verification Mark program can also help manufacturers provide confidence in their telehealth product’s performance and quality.
  • Network and healthcare ecosystem security – A thorough interoperability and cybersecurity audit of the technology framework between patient apps and devices and the receiving clinical systems should be performed before offering telehealth services. In any given implementation, two key stakeholders must work in cooperation to achieve ISO 27001 conformance:
    • Healthcare providers – We provide a comprehensive technology evaluation of the enabling network, including penetration testing of infrastructure (with appropriate permission and coordination with technology vendors included in the system). Our cybersecurity team can perform remote “bench” rather than live clinical environment testing for added safety efficiency.
    • Technology manufacturers – We can assess the security processes under which telemedicine products are developed (e.g. Quality Management systems, Risk Management processes, and Secure Software Development Life Cycle processes). We conduct static binary analysis to establish Software Bill of Materials (SBOM) and Common Vulnerabilities and Exposures (CVE), static source code analysis to characterize Common Weakness Enumerations (CWE), and perform known malware scanning to help minimize the likelihood of malware introduction during production. Our security control verification can help ensure security is implemented as specified, penetration testing can target any vulnerabilities or weaknesses, and malformed input testing (aka Fuzzing) helps expose any “unknown knowns” in a product’s cybersecurity posture.
  • Conformance with Electronic Healthcare Records (EHR) regulations – UL is an approved and authorized testing and certification lab for the Office of the National Coordinator (ONC) for Health Information Technology. Conforming to EHR/Health IT requirements has many institutional benefits such as improved clinical workflow, 24/7 patient record access for patients and physicians and improved collaboration with other healthcare professionals. We test and certify that Office of the National Coordinator for Health Information Technology (ONC) and CMS criteria have been satisfied and that software technology will allow heathcare providers to meet CMS incentives programs. The EHR/Health IT certification program now includes the 21st Century Cures Act requirements, which improves interoperability and prevents information blocking.
  • Conference and video call quality – We test and certify video display quality to IEC 62563-1:2009 and IEC 62563-, the harmonized Standards that describe the evaluation methods for testing medical image display systems and associated medical electrical equipment. Part 1 of IEC 62563 is directed to practical tests that can be visually evaluated or measured using basic test equipment for medical image display systems used for rendering a clinical diagnosis or viewing medical images for medical purposes other than for providing a medial interpretation and therefore have specific requirements in terms of image quality. UL is the only test lab in the world accredited as a CBTL for this standard under the IECEE CB Scheme. We also participate in the development process for the new standard IEC 62563-2, which establishes the performance criteria and test frequencies for the Acceptance Test and the Constance Test defined by the part 1 standard.
  • Companion Application Interoperability - Mobile apps, mobile medical apps, and software as a medical device (SaMD) play a growing role with medical devices and pharmaceutical products and processes, especially in regard to data visualization and interpretation of patient behavioral and data collected by the companion device’s sensor(s). A medical device’s relationship with the controlling app enables remote monitoring, enhanced medication compliance and more efficient clinical trial management. UL can provide gap assessments to the latest health software standards to help such technologies gain greater trust and acceptance in the market.

Get in touch

Have questions, need specifics? Let's get this conversation started.

Help and support

How can we help?