Is web based video conferencing “secure”?
A colleague asked a very important and common question
“”In talking with a local IT director he asked if there is a security concern with transmitting information via the web instead of phone/fax. Did I misunderstand something in your description of the model for virtual care? I am still learning.”
If there are security concerns about using the internet for video conferencing, secure web conferencing tools, or encrypted collaboration methods, such as we use and encourage…..then there are far greater worries about “data transactions” that occur WITHOUT the people involved seeing, hearing and interacting with other live….such as….putting in a credit card anywhere regardless of the encryption or transmitting records to an EMR etc etc.. or..doing online banking
When one talks on the phone, does one know if anyone else is listening, whether the person on the other end has a speaker phone, and whether anyone or any organization has access to the conversation in real time or later via recording or archive? answer–we have no clue
When one sends a fax that is historically supported by IT because it is a “point to point transmission from one device to another”….does one know whether a digit was entered wrong and it went to a different number? Does one know whether that fax number has been set to auto forward to another fax number on a nother machine or location, etc? NO…and why?
These are traditionally viewed as safe because it is a phone to a phone or a fax to a fax, but in reality, they are not what they need to be for true security/privacy, which is a “identifiable live human being to another identifiable live human being”…. So we substitute for latter with the idea of HIPAA compliant transactions to secured repositories with various access controls, etc
But at the end of the day are you worried about the security of your credit card transaction or are you worried about someone stealing your credit card and then being able to USE it (whether they steal it or not is not the primary issue, it is whether they are able to USE it once it is taken from your person)
What is so interesting about this is that the things we do all day long are touted as “secure” for some rather unsupportable reasons, but “new” methods of communicating seem to be presumed “not secure” even when you look at the basic attributes of those new methods, they are overcoming the fundamental lack of intrinsic personal privacy protection (an attribute the person needs to control anyway) of the existing means of communication.
A purely web based encrypted (as all these methods (vidyo, citrix, webex, google chat, etc are to varying levels) that has individual users identifying themselves, seeing themselves, consenting to each other face to face, recognizing who is on, who is not, deciding what to share, etc……is far, far more protective of personal privacy than the non-personal asynchronous methods of fax/store-forward/emr repository or the non-visual methods of phone calls…..
I think there is alot of mythology out there. But the question is a good and legitimate one. It is worth taking the time to discuss because it is in fact a very fundamental issue that is, in my opinion, holding people up from making major advances in collaboration that could save people lives, time, gas money, and other forms of risk based on inefficient communication.