Is web based video conferencing “secure”?

A colleague asked a very important and common question

“”In talking with a local IT director he asked if there is a security concern with transmitting information via the web instead of phone/fax.  Did I misunderstand something in your description of the model for virtual care?  I am still learning.”

I like to think of this very simply:

If there are security concerns about using the internet for video conferencing, secure web conferencing tools, or encrypted collaboration methods, such as we use and encourage…..then there are far greater worries about “data transactions” that occur WITHOUT the people involved seeing, hearing and interacting with other live….such as….putting in a credit card anywhere regardless of the encryption or transmitting records to an EMR etc etc.. or..doing online banking

When one talks on the phone, does one know if anyone else is listening, whether the person on the other end has a speaker phone, and whether anyone or any organization has access to the conversation in real time or later via recording or archive? answer–we have no clue

When one sends a fax that is historically supported by IT because it is a “point to point transmission from one device to another”….does one know whether a digit was entered wrong and it went to a different number? Does one know whether that fax number has been set to auto forward to another fax number on a nother machine or location, etc? NO…and why?

These are traditionally viewed as safe because it is a phone to a phone or a fax to a fax, but in reality, they are not what they need to be for true security/privacy, which is a “identifiable live human being to another identifiable live human being”…. So we substitute for latter with the idea of HIPAA compliant transactions to secured repositories with various access controls, etc

But at the end of the day are you worried about the security of your credit card transaction or are you worried about someone stealing your credit card and then being able to USE it (whether they steal it or not is not the primary issue, it is whether they are able to USE it once it is taken from your person)

What is so interesting about this is that the things we do all day long are touted as “secure” for some rather unsupportable reasons, but “new” methods of communicating seem to be presumed “not secure” even when you look at the basic attributes of those new methods, they are overcoming the fundamental lack of intrinsic personal privacy protection (an attribute the person needs to control anyway)  of the existing means of communication.

A purely web based encrypted (as all these methods (vidyo, citrix, webex, google chat, etc are to varying levels)  that has individual users identifying themselves, seeing themselves, consenting to each other face to face, recognizing who is on, who is not, deciding what to share, etc……is far, far more protective of personal privacy than the non-personal asynchronous methods of fax/store-forward/emr repository or the non-visual methods of phone calls…..

I think there is alot of mythology out there. But the question is a good and legitimate one. It is worth taking the time to discuss because it is in fact a very fundamental issue that is, in my opinion, holding people up from making major advances in collaboration that could save people lives, time, gas money, and other forms of risk based on inefficient communication.


new yorker cartoon

my caption entry march 2011–it did not get selected, but I still think this was a good one!

Poem in honor of Holy Cross Radiology Techs

Radology Techs Graduation June 2008, poem written for their ceremony

Emerging today from the ground level rooms of a hospital micro college

From watch, learn, “I’ll show you”. Less wonderment, more knowledge

Physics, process, communication, documentation, and rules

Patient service, education, mastering digitized tools

They crank up all the GE, Siemens, Phillips and Toshibas

Finding anatomicphysiopath from cartilage to amoebas

The docs in white might sign their names to written diagnoses

But we all know who makes or breaks this magnetic metamorphosis

Meeting demands of specialists, and surgical prima donnas

Data from 2 AM on-site techs to remote radiologists in pajamas

Pixels, voxels, fractionation, decaying isotopes

Avoiding too much radiation, while learning all the ropes

Oh, they also absorb all that billing code stuff, all those work rules and health regulations

Systems for data, results view and orders, time keeping tools for vacations

If our techs have mastered, from device to bedside, all these skills they can take to the bank

Then.. hero or martyr, we will all look much smarter, and we’ll have these new graduates to thank

Andrew Barbash, MD

Neurosciences Program Director

Holy Cross Hospital

Appreciator of the work of the Radiology Techs

June 13, 2008

%d bloggers like this: