Video consultations: IG and Security
A more detailed look at security and Information Governance for Praktice.ai Video Consultations
The video consultation service is hosted on Praktice WebRTC, Whereby, Microsoft teams who are all fully compliant with GDPR and HIPAA. The video and audio communication is only visible to participants on the call and is not recorded or stored on any server. The connection prioritises ‘peer-to-peer’ between the clinician’s and patient’s phone and follows MOHF INDIA Telemedicine Practice Guidelines and HHS.gov best practice guidelines on health and social care cloud security.
A unique URL to the video consultation is generated and all participants are visible in the consultation, no third party can 'listen in'. The video and audio communication of the video consultation is only visible to participants on the call, and is not recorded or stored on any server (not Praktice’s, not Microsoft teams or Whereby’s and not on any third party's servers).
Is the video call recorded?
No. The video and audio communication is only visible to participants on the call and is not recorded or stored in any form.
Can you tell me more about the video platform's security?
All communication between the user’s browser, or the patient's browser, and Microsoft team's or Whereby’s service, is transmitted over an encrypted connection (secure web traffic using HTTPS and TLS or secure websocket traffic or secure WebRTC). Furthermore, the video consultation connection prioritises ‘peer-to-peer’ connections between the clinician’s and patient’s phone over connections via their servers. In some cases, due to NAT/firewall restrictions, the encrypted data content will be relayed through Microsoft teams or Whereby’s TURN server, but never recorded or stored.
How does video consultation compare with a phone call?
The use of video consultation via Praktice is more secure than speaking to patients by phone. The connection prioritises ‘peer-to-peer’ between the clinician’s and patient’s phone in line with the principle of data minimisation. Most phones are Voice over Internet Protocol (VoIP). However, phone connections typically include personal information (such as patient phone number). In contrast, the Praktice video consultation does not use any personal demographic information as it is initiated via a unique URL which does not use any patient or user information. Praktice specifically selected Microsoft teams and Whereby services to host video consultations because it fulfilled Praktice privacy by design requirements in not using any personal demographic data for the calls.
How does it work with patient consent?
The patient agrees to take part in the process by clicking on the link to the video consultation. They can dissent at any point by either not clicking on the link to the video consultation or leaving the video consultation.