Ensuring security and confidentiality of patient data has always been a legal requirement for health professionals. With the health industry’s rapid shift to telehealth, this principle remains unchanged.

As we introduce video consultations to our practice, the selection of a safe and secure video platform is therefore paramount.

 

Why is platform quality important?

 

If you run a private health service in Australia, you are legally governed by the Privacy Act.

 

The Privacy Act regulates the way individuals’ personal information is handled, and is defined by 13 Australian Privacy Principles.

 

As a key part of the Act, health consumers can make a complaint about an organisation the Privacy Act covers, if they think they have mishandled their personal information.

 

A breach of an Australian Privacy Principle can lead to regulatory action and penalties.

 

For telehealth, the most relevant item is APP 11, which states

 

An APP entity must take reasonable steps to protect personal information it holds from misuse, interference and loss, and from unauthorised access, modification or disclosure.

 

This means that if the video software you use to convey sensitive information is, or can be, intercepted, unencrypted or hacked, you can be seen to have failed your duty under the Act.

 

The Act also states that

 

an entity is not excused from taking particular steps to protect information by reason only that it would be inconvenient, time-consuming or impose some cost to do so

 

That is, you can’t be excused from using a poor-quality video platform simply because it was inconvenient, or would incur a reasonable cost, to switch to a more secure platform.

 

 

Is your platform secure?

 

If you can demonstrate that you selected a platform based on its record of security and safety, you have performed your duty under the act.

 

Should the security of your platform become questionable in the future, you would be expected to reconsider your platform selection.

 

Tips:

  • Check that the platform encrypts video calls end to end, and that they cannot be unencrypted by third parties (eg for monitoring or data collection)

 

  • Google your platform’s name and ‘security breach’ to see if there have been reported breaches of the security of the platform you are considering. This allows you to make a more informed decision regarding platform selection.

(NB Platforms will not generally publicise any security breaches on their own website)

 

  • Make sure that the platform is user friendly and suits your usage needs

 

 

What platforms are recommended?

 

As at April 2020, the following platforms appear to be good options for telehealth:

 

Coviu

This cloud based system is very easy to join for the patient by simply clicking a link. No download is required on either end. It is secure and encrypted, with a clean interface and the option for some great additional telehealth specific features. Australian made.

 

Doxy.me

A cloud based video platform commonly used in the US. The free version provides lower quality resolution which may compromise the quality of the consultation.

 

Neorehab

This platform was developed by leading Australian telehealth academic, Trevor Russell. Trevor has been practicing telehealth for well over a decade and knows the industry inside out. It is is a software platform with advanced audio, video, multimedia and measurement capabilities

 

Physitrack

This is an exercise prescription app that has an in-built video feature. This platform is great for follow up consultations if the patient is already set up on Physitrack. If it’s an initial consultation, and the patient doesn’t have Physitrack yet, there are quite a few steps for them to do to access the consult, which can impact the user experience.

 

Cliniko

This is a practice management software that has just introduced an in-built video calling feature. It is still in beta mode, but it allows you to access the call straight from within the PMS, and makes it very easy to send the video link in appointment confirmation emails. Australian made and a great option if you are already a Cliniko user.

 

 

 

What About Platforms You Already Have/Use?

 

Zoom

Zoom has a less streamlined interface, and a download can be required for patient the first time they use it, which creates user friction. It is designed for meetings and webinars, not telehealth, but can work well for group classes where sensitive information is not likely to be shared.

See this post about a security breach on the zoom platform in 2019. Zoom is currently under heavy use across all industries worldwide. This puts a huge target on its back for hackers. Those in the health data security industry also agree that Zoom is not ideal for conveying sensitive health data.

Zoom calls may not be encrypted by default. If you use it, ensure this setting is on:

 

 

 

Facetime

Do you really want your patients to be able to Facetime you whenever they want? If you chat and video call with your patient via Facetime, that data could then be stored in your own personal iCloud, which is likely to deem you non-compliant.

Here is an example of a security issue

 

 

Skype

Skype is owned by Microsoft. It is commonly known for poor call quality and security issues.

 

 

WhatsApp

WhatsApp is tied to your mobile number, which means it is also tied to your patient’s mobile number. This can present issues for data security and compliance (eg the right to removal of data). It has a chequered past

 

 

Microsoft Teams

This is a much more secure offering from Microsoft than Skype. It’s use in telehealth doesn’t seem to be prolific at this point. It appears that correct set up is crucial for compliance, and there may be security and user-friendliness issues due to the fact that each new patient is not an established teams user.

 

 

In summary

 

New video platforms are constantly being created, and existing platforms can fluctuate in quality, security and user friendliness over time.

 

As a health professional practicing telehealth, you are obligated by law to make a secure choice for your patients, and to continue to review the safety of this platform over time.

 

This can be a challenging task, but at the end of the day, the questionable platforms tend to have a lot more ‘noise’ and conflicting opinions surrounding them in discussions in telehealth communities, than the better-quality ones.

10 Comments

  1. Mohamed Kassim on April 11, 2020 at 6:11 pm

    HI Karen,

    What is your take on Rehabguru.com platform

    • Karen Finnin on April 12, 2020 at 6:16 pm

      Hi Mohamed, thanks for your question. I haven’t got personal experience with this platform, however i would expect the feedback would be the same as for the Physitrack platform.

  2. Asha on April 17, 2020 at 8:50 am

    Two questions:

    1) I have a client that is happy to communicate via Whats App. I have read your link of the platform and wonder if I update my security pin and she does, why would using this platform be a problem. I don’t mind that she has access to my number.

    2) I have a teenage client who has asked me to teach her core exercises over zoom – this is her preferred platform as she is already using it to do dance classes and online pilates classes. If zoom is her choice and her parents consent to its use via documentation do I have any legal concerns.

    • Karen Finnin on April 20, 2020 at 10:28 am

      Hi Asha,
      Thank you so much for your questions.
      1) I would like to see more secure, health specific messaging apps on the market, because this is a huge need. I use the secure messaging feature in Physitrack to message my clients. I don’t recommend WhatsApp for exchanging clinical information. If you use it to coordinate the logistics of a secure video call, that may be ok. We also need to be wary of clients saying they are ok with certain technologies. They are generally less educated than us regarding the security levels and risks, and it is up to us to override them sometimes to keep their information safe.
      2) I have no issue with Zoom being used for exercise based sessions, as the client is not generally revealing sensitive health information during an exercise class. I recommend a more secure platform for the 1 on 1 assessment prior to the exercise class, if the client is not known to you already.
      I hope this helps!

  3. Julie on April 18, 2020 at 6:02 pm

    Hi Karen,
    Do you have any concerns or comments regarding using Webex?
    Thank you.

    • Karen Finnin on April 20, 2020 at 10:35 am

      Hi Julie, thanks for your question.
      For transparency, i haven’t really used webex, except for being a participant on a few conferences. I guess i’d put it into a similar category as Zoom. There are some security issues in Webex’s past. I guess i would say i’d still ideally recommend a platform more customised for telehealth.

  4. Maude on May 5, 2020 at 6:55 pm

    Hi Karen! Do you have any concerns with Doxy.me and security? On the free version most of the settings seem to be build for American practitioner including the BAA section.

    • Karen Finnin on May 6, 2020 at 3:58 pm

      Hi Maude, doxy.me is built for telehealth, so the platform understands the importance of data security. The free version has lower quality video, so the image may not be as crisp or clear

  5. Evie Martin on June 3, 2020 at 3:20 pm

    Hi Karen,
    I’ve been using confrere.com. Here in Norway the majority of GPs and physios use it I think.

    • Karen Finnin on June 4, 2020 at 11:24 am

      Hi Evie, thanks so much for this tip – I will be sure to check it out.

Leave a Comment