Origin FH Telehealth Security, Privacy and Compliance
Origin uses Power Diary's Telehealth functionality. Which is designed to provide health practitioners with a safe, secure, compliant and simple way to conduct telehealth sessions with their patients and clients no matter where in the country Origin FH practices.
Here's some specific information about the security features of Telehealth functionality:
How does it work?
Our Telehealth functionality uses WebRTC technology that is built into modern web browsers.
This is a framework that allows browsers to securely send and receive live data to each other. We have designed our Telehealth system so that in nearly all circumstances data does not pass through any third-party servers.
Power Diary creates secure Telehealth 'rooms' for each client, along with a special key to access the room. When Origin FH and the client both enter the room, Power Diary 'introduces' Origin FH browser and patient's [you the client] browser. This introduction enables both browsers to identify and agree on how to best talk to each other. This happens automatically and usually in less than a second. The two browsers then develop a secure, encrypted, and direct connection with each other, which allows for video, audio and other data to be sent back and forth, i.e. your video call begins.
As the call data is being exchanged between Origin FH and your browser, this is not being streamed via our servers, nor any other media streaming services that could decrypt the data. This not only helps ensure optimal call quality but ensures that the content of your video call remains between Origin FH and the client.
Importantly, to further enhance security and privacy we do not use any white-labelled third-party video conferencing systems for our Telehealth service. None of your client information, nor the secret key to access the room is shared with other parties.
Are Telehealth Calls Encrypted?
Power Diary's Telehealth functionality is a peer-to-peer connection and is encrypted end-to-end.
Both during the 'introduction' phase and during video calls all data exchanged is encrypted. During the call all video, audio and other related data exchanged between the call participants are encrypted using DTLS-SRTP. This provides key security benefits including;
Integrity (preventing interference in data during transmission)
Authentication (enabling all parties to authenticate the identity of the other)
Privacy (ensuring that all call data exchanged between browsers is encrypted end-to-end and therefore can not be intercepted and interpreted by others.)
In rare circumstances, if either end has a corporate firewall in place, the networking configuration can cause problems with setting up the peer-to-peer connection. This is a very small proportion of users. In that case only, the system will use a relay server which will take the encrypted video and audio and route it via something called a TURN server. Importantly a TURN server doesn't understand or have the ability to 'peek' into what it's actually routing.
The encryption remains end-to-end, having being set up directly between your Origin FH computer and client's computer.
Can Telehealth calls be monitored by any third party, including Power Diary?
Our Telehealth solution complies with ' No vendor access' privacy requirements.
Because the call data is being encrypted and exchanged directly between the browsers of the call participants, no one, including us can access the call data. Once the call has been established, the call data never passes through our servers or infrastructure.
Does Power Diary store Telehealth call data?
Absolutely no audio, visual or other content exchanged during your Telehealth call is stored by Power Diary. We do not ever have access to this content.
Is Power Diary's Telehealth functionality HIPAA Compliant?
Yes, the security features of our Telehealth functionality comply with all relevant HIPAA requirements.
Is Power Diary's Telehealth functionality GDPR Compliant?
Yes, our Telehealth functionality complies with all GDPR requirements.
Is Power Diary's Telehealth functionality compliant with the Privacy and Security principles of my country?
Yes, Power Diary's Telehealth functionality has been designed and built to comply with the privacy and security requirements of the primary jurisdictions that we operate including:
Australia
The United Kingdom and countries within the European Union (and European Economic Area).
United States of America
Canada
South Africa
New Zealand
Origin uses Power Diary's Telehealth functionality. Which is designed to provide health practitioners with a safe, secure, compliant and simple way to conduct telehealth sessions with their patients and clients no matter where in the country Origin FH practices.
Here's some specific information about the security features of Telehealth functionality:
How does it work?
Our Telehealth functionality uses WebRTC technology that is built into modern web browsers.
This is a framework that allows browsers to securely send and receive live data to each other. We have designed our Telehealth system so that in nearly all circumstances data does not pass through any third-party servers.
Power Diary creates secure Telehealth 'rooms' for each client, along with a special key to access the room. When Origin FH and the client both enter the room, Power Diary 'introduces' Origin FH browser and patient's [you the client] browser. This introduction enables both browsers to identify and agree on how to best talk to each other. This happens automatically and usually in less than a second. The two browsers then develop a secure, encrypted, and direct connection with each other, which allows for video, audio and other data to be sent back and forth, i.e. your video call begins.
As the call data is being exchanged between Origin FH and your browser, this is not being streamed via our servers, nor any other media streaming services that could decrypt the data. This not only helps ensure optimal call quality but ensures that the content of your video call remains between Origin FH and the client.
Importantly, to further enhance security and privacy we do not use any white-labelled third-party video conferencing systems for our Telehealth service. None of your client information, nor the secret key to access the room is shared with other parties.
Are Telehealth Calls Encrypted?
Power Diary's Telehealth functionality is a peer-to-peer connection and is encrypted end-to-end.
Both during the 'introduction' phase and during video calls all data exchanged is encrypted. During the call all video, audio and other related data exchanged between the call participants are encrypted using DTLS-SRTP. This provides key security benefits including;
Integrity (preventing interference in data during transmission)
Authentication (enabling all parties to authenticate the identity of the other)
Privacy (ensuring that all call data exchanged between browsers is encrypted end-to-end and therefore can not be intercepted and interpreted by others.)
In rare circumstances, if either end has a corporate firewall in place, the networking configuration can cause problems with setting up the peer-to-peer connection. This is a very small proportion of users. In that case only, the system will use a relay server which will take the encrypted video and audio and route it via something called a TURN server. Importantly a TURN server doesn't understand or have the ability to 'peek' into what it's actually routing.
The encryption remains end-to-end, having being set up directly between your Origin FH computer and client's computer.
Can Telehealth calls be monitored by any third party, including Power Diary?
Our Telehealth solution complies with ' No vendor access' privacy requirements.
Because the call data is being encrypted and exchanged directly between the browsers of the call participants, no one, including us can access the call data. Once the call has been established, the call data never passes through our servers or infrastructure.
Does Power Diary store Telehealth call data?
Absolutely no audio, visual or other content exchanged during your Telehealth call is stored by Power Diary. We do not ever have access to this content.
Is Power Diary's Telehealth functionality HIPAA Compliant?
Yes, the security features of our Telehealth functionality comply with all relevant HIPAA requirements.
Is Power Diary's Telehealth functionality GDPR Compliant?
Yes, our Telehealth functionality complies with all GDPR requirements.
Is Power Diary's Telehealth functionality compliant with the Privacy and Security principles of my country?
Yes, Power Diary's Telehealth functionality has been designed and built to comply with the privacy and security requirements of the primary jurisdictions that we operate including:
Australia
The United Kingdom and countries within the European Union (and European Economic Area).
United States of America
Canada
South Africa
New Zealand