With rising healthcare costs and an increasing demand for quality care, telemental and e-therapy solutions are becoming increasingly important, especially for those without easy access to medical professionals. The NousTalk platform makes it possible to integrate audio, video and messaging into your practice and workflow, extending mental and behavioral health care accessibility and quality of care.
Our encrypted technology provides you with a convenient, secure, and cost-effective solution. Healthcare professionals can share important medical data or talk to their patients or one another using NousTalk confidently and securely. The NousTalk platform is Safeharbor certified, so you can be sure that important patient data remains secure.
Yes, all media traffic is encrypted no matter the endpoint you use (web or mobile) or the session setup you choose (P2P or multiparty). That means that you are safe when using NousTalk solution even if use is in an open public hotspot.
You need to generate a session ID to initiate a call. The tokens that enable the participants to join are unique to a session ID. The tokens have an expiry but it may be longer than the duration of your call. Therefore, if you have consecutive meetings using the same session ID, earlier users may still be able to connect to the new meeting.
To avoid this:
No, everything happens under the hood without any interaction with the user.
It does, but it is very low. It increases the length of each audio and video packet by 8 bytes, but that is less than 1% of the typical bitrate of a NousTalk session. Regarding the delay, the SRTP encryption framework was designed specifically for real-time applications, and the impact is not noticeable at all.
Yes, but the cost of encoding and decoding audio and video is significantly higher than the cost of encrypting and decrypting.
NousTalk compatible endpoints use the AES cipher with 128-bit keys to encrypt audio and video, and HMAC-SHA1 to verify data integrity.
The endpoints generate random keys at the beginning of the session and in addition they change periodically during the conversation to make it even safer.
Yes, NousTalk is happy to provide expert guidance and white-glove assistance for your practice implementation and integration needs. Our expert technical support staff will assist you before, during and after your NousTalk implementation.
Contact us to schedule a consultation and let us help you assess your needs and recommend the optimal services to suit you.
Yes – NousTalk will assist you with integrating your website with your online scheduling/calendar, add website content and buttons to promote your online practice services.
NousTalk also offers e-mail marketing services to promote and inform your existing clients of your new online services as well as client brochures, flyers, postcards, social media images, call to action buttons and more. Contact us to learn more.
No. NousTalk was designed to make it easy for you and your clients to meet online. No software downloads are required for you or your clients.
Canada’s federal law, the Personal Information Protection and Electronic Documents Act (PIPEDA), is comparable in many ways to the Health Insurance Portability and Accountability Act (HIPAA) in the United States. However, there are several differences to keep in mind.
HIPAA is a US federal law that governs the privacy and security of personal health information (PHI) for only certain entities in the health industry – mainly healthcare providers, health insurers, and health exchange organizations. On top of that, health information is also governed by any additional state laws.
In Canada, PIPEDA applies to all personal data, health or otherwise regardless of the entity. However, it is wise to note that the specifics of PIPEDA may not apply to every province. Each individual province has the right to have its own rules and regulations as long as they are “substantially similar” to PIPEDA. You can check out our list below which provinces choose to use PIPEDA and which have their own governances.
All Canadian provinces, with the exception of British Columbia and Nova Scotia, allow health data to reside in the United States. So providers who don’t practice in either British Columbia or Nova Scotia don’t need to worry about the locations of their servers. British Columbia* and Nova Scotia do not allow their residents’ health data to be stored in the USA, even when the data is encrypted.
In the US, HIPAA applies to only certain “covered entities” that handle PHI, mainly healthcare providers, health insurers, and health exchange organizations. Data uploaded by citizens to private devices for personal use is a grey area. For example, if you use a FitBit and upload that data to the FitBit mobile health app, that data isn’t protected by HIPAA. Data protection in that case is very likely to be governed by the terms of agreement with FitBit.
HIPAA covers any personally identifiable information that is created or received by a “health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse” and relates to past, present, and future health conditions, treatments, or payments. Demographics would be a subset of identifiable health information.
In Canada, any data, including users, statistics, and volume, must be available to the covered entities in Canada. This data is important in accountability procedures in cases of privacy violations. In addition, sensitive or Personally Identifiable Information (PII) such as age, name, ID numbers, income, ethnic origin, or blood type, medical records, opinions, evaluations, comments, social status, payment information, etc.
Alberta has its Personal Information Protection Act, which is not significantly different than PIPEDA. Alberta is unique in that, instead of individual covered entities, the province’s entire health system is considered the Health Information Custodian.
British Columbia’s provincial law is called the Personal Information Protection Act. BC is one of only two provinces that do not allow PHI to be saved in the USA, even when encrypted.
Manitoba does not have its own provincial law, so only PIPEDA applies here.
New Brunswick’s law is the Personal Health Information Privacy and Access Act.
Newfoundland and Labrador are covered under the Personal Health Information Act.
Nova Scotia’s provincial law is the Personal Information International Disclosure Act . Like British Columbia, Nova Scotia forbids storing patient data in the USA, even if encrypted.
Ontario’s law is called the Personal Health Information Protection Act. It provides for several different classifications of service providers, so it’s important to know into which category a particular vendor might fit.
Prince Edward Island does not have its own provincial law, so only PHIPA applies here.
Quebec has passed An Act Respecting the Protection of Personal Information in the Private Sector, in addition to a couple of other laws that make Quebec unique and significantly different from other provinces.
Saskatchewan does not have its own provincial law, so only PHIPA applies here.
The Northwest Territories, Nunavut, and Yukon are territories, not provinces, so only PHIPA applies in these areas.
* British Columbia has several laws that govern privacy. The one that requires personal data to be stored in Canada is the Freedom of Information and Protection of Privacy Act (which applies to public bodies). Under section 30.1(a) there appears to be allowance for storing personal information outside of Canada as long as the individual has consented.
HIPAA is a federal law that protects the privacy of your personal health information. At the same time it allows health care providers and certain related operations enough access to the information they need to do their jobs effectively. HIPAA includes several rules and provisions that set guidelines and requirements for the administration and enforcement of HIPAA. The relevant ones for the implementation of health information technology and the exchange of protected health information in an electronic environment are the Privacy Rule and the Security Rule , as well as the HITECH Act which further enforced the two in 2009.
*State laws may have more stringent requirements than federal laws, however, in cases of conflict, federal law supersedes state law.
The HITECH Act essentially added teeth to the HIPAA Privacy and Security Rules by specifying levels of violations and penalties for violations. It also requires periodic audits to ensure that covered entities and business associates are complying with the HIPAA Privacy and Security Rules and Breach Notification.
Not all operations that handle health-related information must follow HIPAA law (such as many schools, state agencies, law enforcement agencies, or municipal offices). Under HIPAA the 2 groups that must follow HIPAA rules are
Videoconferencing may involve the electronic exchange of health information which is protected under HIPAA law. Security considerations with videoconferencing may involve making sure unauthorized third parties cannot record or “listen in” on a videoconferencing session, making sure recorded videoconferencing sessions are stored and identified in a secure and proper manner, or having a procedure for initiating and receiving video calls. Other video collaboration features affecting security may include text chat, screen-sharing, and file-transfer.
Videoconferencing would only be one small piece to consider when establishing and maintaining HIPAA-compliant IT security standards as described by the Privacy Rule and the Security Rule.
NousTalk has several characteristics that make it easy to protect the confidentiality of protected health information:
NousTalk uses a managed peer-to-peer architecture, where video (and other media) are streamed directly from endpoint to endpoint. Information is never stored on any NousTalk servers or intercepted by NousTalk in any way. The NousTalk management server is only used for address lookup, connection brokering, and system/user administration. This prevents information leakage between point A and point B.
Encryption adds another layer of security of NousTalk. All NousTalk traffic is encrypted; WebRTC-compatible endpoints use the AES cipher with 128-bit keys to encrypt audio and video, and HMAC-SHA1 to verify data integrity. No servers, including NousTalk’s, have access to the decryption keys. This keeps your videoconference absolutely confidential.
3) Security and Process Management
Information security is the preservation of confidentiality, integrity and availability of information. In the healthcare setting, this security includes ePHI used for clinical decision making or healthcare operations.
The NousTalk platform has been designed to meet HIPAA and PHIPA security requirements by having the following safeguards in place for clinicians and their patients: