Ensuring security and confidentiality of patient data has always been a legal requirement for health professionals. With the health industry’s rapid shift to telehealth, this principle remains unchanged.
As we introduce video consultations to our practice, the selection of a safe and secure video platform is therefore paramount.
Why is platform quality important?
If you run a private health service in Australia, you are legally governed by the Privacy Act.
As a key part of the Act, health consumers can make a complaint about an organisation the Privacy Act covers, if they think they have mishandled their personal information.
A breach of an Australian Privacy Principle can lead to regulatory action and penalties.
For telehealth, the most relevant item is APP 11, which states
An APP entity must take reasonable steps to protect personal information it holds from misuse, interference and loss, and from unauthorised access, modification or disclosure.
This means that if the video software you use to convey sensitive information is, or can be, intercepted, unencrypted or hacked, you can be seen to have failed your duty under the Act.
The Act also states that
an entity is not excused from taking particular steps to protect information by reason only that it would be inconvenient, time-consuming or impose some cost to do so
That is, you can’t be excused from using a poor-quality video platform simply because it was inconvenient, or would incur a reasonable cost, to switch to a more secure platform.
Is your platform secure?
If you can demonstrate that you selected a platform based on its record of security and safety, you have performed your duty under the act.
Should the security of your platform become questionable in the future, you would be expected to reconsider your platform selection.
- Check that the platform encrypts video calls end to end, and that they cannot be unencrypted by third parties (eg for monitoring or data collection)
- Google your platform’s name and ‘security breach’ to see if there have been reported breaches of the security of the platform you are considering. This allows you to make a more informed decision regarding platform selection.
(NB Platforms will not generally publicise any security breaches on their own website)
- Make sure that the platform is user friendly and suits your usage needs
What platforms are recommended?
As at April 2020, the following platforms appear to be good options for telehealth:
This cloud based system is very easy to join for the patient by simply clicking a link. No download is required on either end. It is secure and encrypted, with a clean interface and the option for some great additional telehealth specific features. Australian made.
A cloud based video platform commonly used in the US. The free version provides lower quality resolution which may compromise the quality of the consultation.
This platform was developed by leading Australian telehealth academic, Trevor Russell. Trevor has been practicing telehealth for well over a decade and knows the industry inside out. It is is a software platform with advanced audio, video, multimedia and measurement capabilities
This is an exercise prescription app that has an in-built video feature. This platform is great for follow up consultations if the patient is already set up on Physitrack. If it’s an initial consultation, and the patient doesn’t have Physitrack yet, there are quite a few steps for them to do to access the consult, which can impact the user experience.
This is a practice management software that has just introduced an in-built video calling feature. It is still in beta mode, but it allows you to access the call straight from within the PMS, and makes it very easy to send the video link in appointment confirmation emails. Australian made and a great option if you are already a Cliniko user.
What About Platforms You Already Have/Use?
Zoom has a less streamlined interface, and a download can be required for patient the first time they use it, which creates user friction. It is designed for meetings and webinars, not telehealth, but can work well for group classes where sensitive information is not likely to be shared.
See this post about a security breach on the zoom platform in 2019. Zoom is currently under heavy use across all industries worldwide. This puts a huge target on its back for hackers. Those in the health data security industry also agree that Zoom is not ideal for conveying sensitive health data.
Zoom calls may not be encrypted by default. If you use it, ensure this setting is on:
Do you really want your patients to be able to Facetime you whenever they want? If you chat and video call with your patient via Facetime, that data could then be stored in your own personal iCloud, which is likely to deem you non-compliant.
Skype is owned by Microsoft. It is commonly known for poor call quality and security issues.
WhatsApp is tied to your mobile number, which means it is also tied to your patient’s mobile number. This can present issues for data security and compliance (eg the right to removal of data). It has a chequered past
This is a much more secure offering from Microsoft than Skype. It’s use in telehealth doesn’t seem to be prolific at this point. It appears that correct set up is crucial for compliance, and there may be security and user-friendliness issues due to the fact that each new patient is not an established teams user.
New video platforms are constantly being created, and existing platforms can fluctuate in quality, security and user friendliness over time.
As a health professional practicing telehealth, you are obligated by law to make a secure choice for your patients, and to continue to review the safety of this platform over time.
This can be a challenging task, but at the end of the day, the questionable platforms tend to have a lot more ‘noise’ and conflicting opinions surrounding them in discussions in telehealth communities, than the better-quality ones.