It's normal to have questions around the security of a feature like this, especially when you're going to be using it to talk to your patients. Below, we've outlined the measures that we've taken to ensure the security of your telehealth sessions.
Encryption
All telehealth sessions are encrypted end-to-end utilising Datagram Transport Layer Security/Secure Real-time Transport Protocol (DTLS/SRTP), which is used to transfer video, audio and text chat sent between you and your patients.
Peer-to-Peer (P2P)
We're using a Peer-to-Peer (P2P) service, that means the communications between the participants on the telehealth session is direct, without any third party mediator—in plainer terms, this means that the conversation is not being accessed by anyone other than the participants on the session.
We (Cliniko) do not have a copy of the telehealth session, and no information is stored anywhere on our services.
Compliance
For General Data Protection Regulation (GDPR), Australian Privacy Principles (APP), Health Insurance Portability and Accountability Act (HIPAA), and Personal Information Protection and Electronic Documents Act (PIPEDA) compliance, we have ensured that:
Personal Health Information (PHI) or Personal Identifiable Information (PII) will not be transmitted anywhere for the telehealth session;
The P2P connection is as secure as possible;
Any logs that are created will not contain any PHI or PII;
The service we are using has implemented the ISO 27001, Privacy Shield, Cloud Security Alliance, and SOC 2 security best practices to ensure that their systems are secure.
For more information about Cliniko and security, take a look here.
If you have any specific questions about the security of Cliniko's telehealth feature, please reach out to our support team—we're happy to help! 🙂