Video Platform Selection For Telehealth – A Definitive Guide For Australian Health Professionals
Content supplied by: Karen Finnin, BAppSc(Physio), MMuscPhys
Ensuring security and confidentiality of patient data has always been a legal requirement for health professionals. With the health industry’s rapid shift to telehealth, this principle remains unchanged.
As we introduce video consultations to our practice, the selection of a safe and secure video platform is therefore paramount.
Why is platform quality important?
If you run a private health service in Australia, you are legally governed by the Privacy Act.
The Privacy Act regulates the way individuals’ personal information is handled, and is defined by 13 Australian Privacy Principles.
As a key part of the Act, health consumers can make a complaint about an organisation the Privacy Act covers, if they think they have mishandled their personal information.
A breach of an Australian Privacy Principle can lead to regulatory action and penalties.
For telehealth, the most relevant item is APP 11, which states:
An APP entity must take reasonable steps to protect personal information it holds from misuse, interference and loss, and from unauthorised access, modification or disclosure.
This means that if the video software you use to convey sensitive information is, or can be, intercepted, unencrypted or hacked, you can be seen to have failed your duty under the Act.
The Act also states that:
An entity is not excused from taking particular steps to protect information by reason only that it would be inconvenient, time-consuming or impose some cost to do so.
That is, you can’t be excused from using a poor quality video platform simply because it was inconvenient, or would incur a reasonable cost, to switch to a more secure platform.
Is your platform secure?
If you can demonstrate that you selected a platform based on its record of security and safety, you have performed your duty under the act.
Should the security of your platform become questionable in the future, you would be expected to reconsider your platform selection.
Tips:
Check that the platform encrypts video calls end to end, and that they cannot be unencrypted by third parties (eg for monitoring or data collection)
Google your platform’s name and ‘security breach’ to see if there have been reported breaches of the security of the platform you are considering. This allows you to make a more informed decision regarding platform selection. (NB Platforms will not generally publicise any security breaches on their own website)
Make sure that the platform is user friendly and suits your usage needs
What platforms are recommended?
As at March 2020, the following platforms appear to be good options for telehealth:
Cliniko
This is a practice management software that has just introduced an in-built video calling feature. It is still in beta mode, but it allows you to access the call straight from within the PMS, and makes it very easy to send the video link in appointment confirmation emails. Australian made and a great option if you are already a Cliniko user.
Coviu
This cloud based system is very easy to join for the patient by simply clicking a link. No download is required on either end. It is secure and encrypted, with a clean interface and the option for some great additional telehealth specific features. Australian made.
Doxy.me
A cloud based video platform commonly used in the US. The free version provides lower quality resolution which may compromise the quality of the consultation.
Physitrack
This is an exercise prescription app that has an in-built video feature. This platform is great for follow up consultations if the patient is already set up on Physitrack. If it’s an initial consultation, and the patient doesn’t have Physitrack yet, there are quite a few steps for them to do to access the consult, which can impact the user experience.
What About Platforms You Already Have/Use?
Facetime
Do you really want your patients to be able to Facetime you whenever they want? If you chat and video call with your patient via Facetime, that data could then be stored in your own personal iCloud, which is likely to deem you non-compliant. Here is an example of a security issue
Microsoft Teams
This is a much more secure offering from Microsoft than Skype. It’s use in telehealth doesn’t seem to be prolific at this point. It appears that correct set up is crucial for compliance, and there may be security and user-friendliness issues due to the fact that each new patient is not an established teams user.
Skype
Skype is owned by Microsoft. It is commonly known for poor call quality and security issues.
WhatsApp is tied to your mobile number, which means it is also tied to your patient’s mobile number. This can present issues for data security and compliance (eg the right to removal of data). It has a chequered past.
Zoom
Zoom has a less streamlined interface, and a download can be required for patient the first time they use it. It is designed for meetings and webinars, not telehealth, but can work well for group classes where sensitive information is not likely to be shared.
See this post about a security breach on the zoom platform in 2019.
Zoom calls may not be encrypted by default. If you use it, ensure this setting is on.
In summary
New video platforms are constantly being created, and existing platforms can fluctuate in quality, security and user friendliness over time.
As a health professional practicing telehealth, you are obligated by law to make a secure choice for your patients, and to continue to review the safety of this platform over time.
This can be a challenging task, but at the end of the day, the questionable platforms tend to have a lot more ‘noise’ and conflicting opinions surrounding them in discussions in telehealth communities, than the better-quality ones.