Introduction

Videoconferencing is a live (synchronous), visual and audio connection between at least two people who are in different locations. 
Providers may need the following equipment to conduct a teleconference:

  • Computer or internet enabled smart device (i.e., iPhone, android or windows phone, iPad or tablet) or videoconferencing machine
  • Webcam or camera
  • Monitor
  • Microphone
  • Speakers/Headset
  • A reliable internet connection
  • Videoconferencing software, application or access to a web-based teleconferencing service.

The choice of videoconferencing technology should be guided by the following principles:

  • Providers take a client-centred approach to their choice of technology for use with telehealth
  • Telehealth providers select and use videoconferencing technology that is fit for purpose
  • Providers take reasonable steps to ensure the videoconferencing technology meets privacy obligations.

 

PRINCIPLE 1: Telehealth Providers take a client-centred approach to their choice of technology

The Medicare Better Access telehealth items are designed to improve access to psychological services for clients in rural and remote areas of Australia. Providers of these services need to select technology and software that facilitates access, including being user-friendly and affordable for clients.  Providers should consider selecting software, hardware and related equipment that:

  • Allows clients access to the telehealth service at no or minimal set up cost
  • is accessible for clients who may connect through various types of browsers, devices and platforms (for example, Mac, PC, android, iPhone, tablet, Internet Explorer, Firefox, Chrome)
  • Is likely to successfully operate across the bandwidth available in rural and particularly remote areas of Australia
  • Can provide high quality audio and visual communications giving due consideration to the bandwidth available to rural and remote clients, and
  • Is simple for clients to install, access, and operate.

PRINCIPLE 2: Providers select and use videoconferencing technology that is fit for purpose

The selection of videoconferencing software and equipment needs to align with the needs of the service being provided. Providers of psychological services should select technology (hardware, software and internet connectivity) that is fit for the purpose of delivering psychological services, while also meeting the business needs of the practice delivering the service. 

To ensure that the technology is fit for the purpose of delivering a psychological service, providers should consider:

  • How they will securely exchange documents with the client? Does the software include this capacity?
  • Does the chosen technology minimise interruptions and dropouts?
  • Does the chosen equipment and software enable a high quality and reliable audio and video transfer to facilitate synchronous real time exchanges between users?
  • Is there interoperability between platforms? For example, if the client is using a PC and the provider is using a MAC, will the software allow the two platforms to communicate?
  • Does the practice have adequate internet connectivity to support the audio and video quality required for clinical purposes? For example, is there adequate upload and download bandwidth and speeds, minimal delay between audio and video (synchronised), minimal lag time between user communications and minimal internet dropout rates?
  • Does the chosen technology include instant chat messaging, as this may be helpful for communicating during internet dropouts or lags to arrange re-establishing the session?
  • If you plan to deliver groups, does the chosen technology provide for a group-based service?

To ensure that the technology is fit for the purpose of meeting the business needs of the practice, providers should consider:

  • How many providers in the practice will use the technology and does the technology provide a cost-effective solution given expected level of usage? For example, does each user require a license to use the technology?
  • How many clients are likely to be accessing telehealth and does the technology provide a cost-effective solution given expected level of usage? For example, is there a monthly flat rate to access the technology or is the fee on a per client per session basis?
  • How often does the particular software need updating? What is the cost associated with upgrading and will older versions of the software become redundant or inoperable within a specified time?
  • Is there a need for technological support? Is support provided by the software company or a reseller and what is the cost of this service? Will you need to engage a technician to assist you to establish the service?
  • Will providers require specific training to use the technology?

PRINCIPLE 3: Providers take reasonable steps to ensure the videoconferencing technology and security measures meet relevant privacy obligations

Providers are responsible for selecting videoconferencing technologies that can support the privacy and security of the client’s personal information. Providers are required to take reasonable and active steps to ensure that their clients’ personal information is collected, stored, used and disposed of in a manner that upholds the protection of information provided by Australia’s Privacy and Health laws (see www.legislation.gov.au). This includes selecting technology where:

  • Technical protocols provide interoperability between platforms and devices (for example, this might include video and audio codecs, advanced encryption standard (AES), or secure real time transport protocols (SRTP) for SIP (session initiation protocols) encryption)
  • Strong passwords, two-factor (step) authentication and an audit trail of user’s access to client/patient information can be implemented
  • The transfer of data is secure from end-to-end using appropriate security protocols that comply with Australian Privacy Principle 11 of the Privacy Act 1998 (Commonwealth) (see www.legislation.gov.au)(i.e., transport layer security (TLS), end-to-end encryption or VPN technology)
  • The provider can regularly update security measures to protect against malware, viruses, intrusions and email threats on computers used for videoconferencing services and to store personal client information.

Glossary

  • Advanced encryption standard (AES): is a symmetric encryption (meaning the same key is used for both encrypting and decrypting data) algorithm (block cipher) designed to be efficient in both hardware and software. AES encryption algorithms support a block length of 128 bits and key lengths of 128, 192, and 256 bits.
  • Audit trail: refers to the monitoring and logging of user activity in a system or application. Keeping an audit trail assists with monitoring of access to data.
  • Bandwidth: refers to the maximum data transfer rate (speed) of a network or internet connection. It measures how much data can be sent or received over a specific connection within a specified time frame. Typically internet connections have both upload and download speeds. Often bandwidth relates to the internet connection speed provided by the internet service provider. For example, your internet service provider may offer different internet plans depending upon the speed you require (e.g., 100 Mbps download and 25Mbps upload speeds). Mbps refers to megabits per second. Providers can check the speed of their network by conducting a network speed test at www.speedtest.net in order to ensure successful use of the videoconference software. It is recommended that clients also run this speed test to ensure their internet connectivity is capable of conducting videoconferencing. The bandwidth required for videoconferencing may depend upon the technology, specifically the teleconferencing software, being utilised.
  • Broadband: refers to high-speed data transmission in which a single cable can carry a large amount of data simultaneously. The most common types of broadband connections in Australia are cable, ADSL and NBN.
  • Encryption: is the process of converting data into an unrecognisable or “encrypted” form and is commonly used to protect sensitive information from unauthorised parties. Files and storage devices can be encrypted as can data transferred over wireless networks and the internet. There are many different types of encryption algorithms however the most common type is AES (Advanced Encryption Standard). The larger the encryption key the more secure the data. For example, AES-256 is recommended for securing personal information.
  • Firewall: is a piece of software or hardware that sits between your computer and the internet and acts as the gatekeeper for all incoming and outgoing traffic. It helps to protect against hackers and also to inhibit the activities of malware and viruses.
  • Hardware (computer): Computer hardware refers to the physical components of a computer system such as the internal hard drive, motherboard, video card etc.
  • ICT: refers to information and communication technology
  • Information security: means all measures used to protect any information generated by an entity or individual that is not intended to be made publicly available from compromise, loss of integrity or unavailability.
  • Internet dropouts: refers to a loss of internet access, including temporary outages.
  • Internet Protocol (IP): provides a standard set of rule for sending and receiving data over the internet. It also allows devices running on different platforms to communicate with each other as long as they are connected to the internet.
  • Interoperability: is the ability of different information technology systems and software applications to communicate and exchange information.
  • Network latency: the amount of time a message (or packets of data) takes to get from one designated point to another (i.e., from the provider to the client via a computer network). Latency in communication is the wait time associated with the signal travelling the geographical distance including the time it takes for computing equipment to process the data.
  • Malware: is short for malicious software or code that can stop your computer working properly, deletes or corrupts files, steals information or allows others to access your computer and your business information. It is specifically designed to cause damage and/or disruptions and can come in the form of viruses, Trojans, worms or spyware.
  • Virus: is a type of malware that attaches itself to a program or file, which is how it spreads from one computer to another. It can be spread by human action, such as sharing infected files or sending emails with viruses as attachments.
  • Intrusion: refers to the act of gaining unauthorised access to a system by breaking the security or causing the computer system to enter an insecure state (i.e., hacking).
  • Information security: all measures used to protect information (not intended to be made publicly available) generated by an entity or individual from compromise, loss of integrity or unavailability.
  • Personal information has a specific meaning as set out in s 6(1) of the Privacy Act:
    • Information or an opinion about an identified individual, or an individual who is reasonably identifiable:
    • whether the information or opinion is true or not; and
    • whether the information or opinion is recorded in a material form or not.
  • Computer platform: generally refers to the operating system and computer hardware. Platforms conform to a set of standards that enable software developers to develop applications for that platform. The most common example is the difference between software that can run on Apple MAC computers and devices compared with those designed to run on PC or android devices.
  • Secure real time transport protocols (SRTP): is a protocol that provides encryption (typically AES), authentication and integrity verification of data and messages (passed through the RTP-based communication protocol).
  • Securely exchange documents: involves the secure delivery of documents and other information. It typically involves an online exchange of documents using a server-based approach where the recipient is personally identified and transactions are logged by the secure platform.
  • SIP (session initiation protocols) encryption: is used for establishing sessions between two or more telecommunications devices over the internet. SIP can be used to initiate videoconferences, transfer files, instant messaging, and multiplayer games. SIP encryption means SIPs are encrypted so they cannot be read if intercepted. This helps to ensure the communication is protected against interception.
  • Smart device: refers to any device that has internet connectivity and includes toys, tablets, phones, fridges, televisions etc.
  • Software: is a general term for various kinds of programs and applications used to operate computers and related devices and typically perform certain tasks, including word processing, spreadsheet, email and videoconferencing.
  • Strong passwords: refers to unique and long passwords to lower the overall risk of a security breach. Strong passwords do not include repeated characters; words from the dictionary; numerical sequences (such as 1234567); personal information or a previously used password. Strong password systems also include the requirement to change passwords often but not frequently enough that poor passwords are created.
  • Synchronous: is the real time communication between two people.  Within ICT, synchronous means both the transmitter and receiver are in step with each other through a continuous stream of data signals.  
  • Technical support: is a service provided or engaged to assist with ICT issues/matters.
  • Telehealth technology: includes all hardware, software and equipment required to enable a teleconference session between the provider and the client.
  • Teleconferencing software: is a software program that enables an audio and visual connection between two or more people.
  • Transport layer security (TLS): is a cryptographic protocol that provides secure communications over the internet.
  • End-to-end encryption (E2EE):  E2EE is a system of communication security where the communication can only be read by the two people communicating. That is, the message is encrypted at the transmitting end and remains encrypted until received and decrypted on the intended recipients device.
  • VPN (Virtual Private Network): is a technology that creates a safe and encrypted connection over a less secure network (such as the internet).  
  • Two-factor (step) authentication (2FA): refers to the use of two checks in place to confirm the user’s identity before access to the system is granted. An example of two steps is: 1) the use of a password to initially access the system, and 2) the use of a token, such as a dynamic number sent to your mobile phone, to confirm your identity and grant access (‘2 steps’). 
  • Upload speed: refers to how quickly data can be uploaded to the internet and is measured as megabits per second (Mbps).
  • Download speed: refers to how quickly data can be downloaded from the internet and is measured as megabits per second (Mbps).
  • Video and audio codecs: Codecs are compression technologies that have two components, an encoder to compress the file and a decoder to decompress the file. In order to stream information quickly, codecs help to compress the data required for transmission. In videoconferencing the Codec must be at both the source and destination of a communication link. The coder compresses the signal for data transmission and the decoder expands the signal when received. In order for two video conferencing systems to communicate they must negotiate their video and audio codecs at the start of the connection.
  • Web-based teleconferencing service: refers to providers of teleconferencing services where, rather than using downloaded software on each person’s computer, parties to the teleconference connect by logging into the website of the videoconference provider.
  • Wi-Fi: is short for Wireless Fidelity and refers to wireless networking technology.

Disclaimers:

This publication was produced by the Australian Psychological Society Ltd (APS). The information provided does not replace clinical judgment and decision-making or legal advice. While every reasonable effort has been made to ensure the accuracy of the information, no guarantee can be given that the information is free from error or omission. The APS, their employees and agents shall accept no liability for any act or omission occurring from reliance on the information provided, or for the consequences of any such act or omission. The APS does not accept any liability for any injury, loss or damage incurred by use of or reliance on the information. Such damages include, without limitation, direct, indirect, special, incidental or consequential. The information provided by APS does not replace the need to obtain independent legal advice specific to your situation.

The Commonwealth does not make any representation about the completeness, accuracy or currency of the contents of this document and does not accept any legal liability for any loss or damage that may be alleged to have resulted from reliance on it.  The Commonwealth advises all readers to seek, and rely on, their own legal advice about statements in the document, including those that purport to represent an interpretation of the law.  Access to current versions of Commonwealth legislation (such as the Privacy Act 1988) is available at www.legislation.gov.au