Frequently Asked Questions

Frequently Asked Questions

Tips To Have a Better Audio/Video Session

  1. Use an updated Chrome, Mozilla Foxfire or Safari 11 browser
  2. Make sure your camera, microphone, and speakers are on and adjusted appropriately. First time users will be prompted to “Allow” their camera and microphone on their device to connect with NousTalk. If you do not “Allow” your camera and microphone to connect with NousTalk your audio video session will not work. (If you inadvertently “Block” the connection with NousTalk. You will have to go into your browser preferences or extensions and re-enable your camera and microphone settings.
  3. As a patient, be sure to sign in using your first and last name
  4. Limit internet usage during a call. For example, do not stream movies or download music at the same time, even on a different computer on the same network
  5. Use an HD webcam camera to achieve an HD video feed
  6. Face a light source and limit background noise
  7. Sit between 2 ft to 4 ft from the webcam
  8. Use an ethernet cable to connect to the internet (sometimes a poor Wifi connection can impact call quality)
  9. Make sure that you are in a private environment or wear earphones to avoid unintended individuals from overhearing your session.

Eliminate Patient/Professional Barriers

Overview

With rising healthcare costs and an increasing demand for quality care, telemental and e-therapy solutions are becoming increasingly important, especially for those without easy access to medical professionals. The NousTalk platform makes it possible to integrate audio, video and messaging into your practice and workflow, extending mental and behavioral health care accessibility and quality of care.

Our encrypted technology provides you with a convenient, secure, and cost-effective solution. Healthcare professionals can share important medical data or talk to their patients or one another using NousTalk confidently and securely. The NousTalk platform is Safeharbor certified, so you can be sure that important patient data remains secure.

Is voice and video traffic encrypted in a NousTalk session?

Yes, all media traffic is encrypted no matter the endpoint you use (web or mobile) or the session setup you choose (P2P or multiparty). That means that you are safe when using NousTalk solution even if use is in an open public hotspot.

Why generate a unique session ID per call and token per participant?

You need to generate a session ID to initiate a call. The tokens that enable the participants to join are unique to a session ID. The tokens have an expiry but it may be longer than the duration of your call. Therefore, if you have consecutive meetings using the same session ID, earlier users may still be able to connect to the new meeting.

To avoid this:

  • Generate a unique session ID for each new meeting
  • Generate a unique token for each participant of that meeting.
  • Use the Calendar function to book a unique session ID with each participant
Does it require any interaction with the user?

No, everything happens under the hood without any interaction with the user.

Does encryption have an impact on bandwidth and quality of the videoconference?

It does, but it is very low. It increases the length of each audio and video packet by 8 bytes, but that is less than 1% of the typical bitrate of a NousTalk session. Regarding the delay, the SRTP encryption framework was designed specifically for real-time applications, and the impact is not noticeable at all.

Does encryption have an impact on CPU or battery consumption?

Yes, but the cost of encoding and decoding audio and video is significantly higher than the cost of encrypting and decrypting.

What are the encryption algorithms and strength of the keys being used?

NousTalk compatible endpoints use the AES cipher with 128-bit keys to encrypt audio and video, and HMAC-SHA1 to verify data integrity.

What keys are being used for the encryption?

The endpoints generate random keys at the beginning of the session and in addition they change periodically during the conversation to make it even safer.

Does NousTalk Offer Consulting Services?

Yes, NousTalk  is happy to provide expert guidance and white-glove assistance for your practice implementation and integration needs.  Our expert technical support staff will assist you before, during and after your NousTalk implementation.

Contact us to schedule a consultation and let us help you assess your needs and recommend the optimal services to suit you.

Does NousTalk Offer Marketing Services to Assist with Launching My Online Counseling Services?

Yes – NousTalk will assist you with integrating your website with your online scheduling/calendar, add website content and buttons to promote your online practice services.

NousTalk also offers e-mail marketing services to promote and inform your existing clients of your new online services as well as client brochures, flyers, postcards, social media images, call to action buttons and more. Contact us to learn more.

Do my clients have to download any software?

No. NousTalk was designed to make it easy for you and your clients to meet online. No software downloads are required for you or your clients.

What are the rules in Canada when it comes to patient privacy?

Canada’s federal law, the Personal Information Protection and Electronic Documents Act (PIPEDA), is comparable in many ways to the Health Insurance Portability and Accountability Act (HIPAA) in the United States. However, there are several differences to keep in mind.

How is PIPEDA different from HIPAA?

HIPAA is a US federal law that governs the privacy and security of personal health information (PHI) for only certain entities in the health industry – mainly healthcare providers, health insurers, and health exchange organizations. On top of that, health information is also governed by any additional state laws.

In Canada, PIPEDA applies to all personal data, health or otherwise regardless of the entity. However, it is wise to note that the specifics of PIPEDA may not apply to every province. Each individual province has the right to have its own rules and regulations as long as they are “substantially similar” to PIPEDA. You can check out our list below which provinces choose to use PIPEDA and which have their own governances.

Does Canadian PHI Really Need to Stay in Canada?

All Canadian provinces, with the exception of British Columbia and Nova Scotia, allow health data to reside in the United States. So providers who don’t practice in either British Columbia or Nova Scotia don’t need to worry about the locations of their servers. British Columbia* and Nova Scotia do not allow their residents’ health data to be stored in the USA, even when the data is encrypted.

What about health data on mobile apps?

In the US, HIPAA applies to only certain “covered entities” that handle PHI, mainly healthcare providers, health insurers, and health exchange organizations. Data uploaded by citizens to private devices for personal use is a grey area. For example, if you use a FitBit and upload that data to the FitBit mobile health app, that data isn’t protected by HIPAA. Data protection in that case is very likely to be governed by the terms of agreement with FitBit.

What type of health data is protected?

HIPAA covers any personally identifiable information that is created or received by a “health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse” and relates to past, present, and future health conditions, treatments, or payments. Demographics would be a subset of identifiable health information.

In Canada, any data, including users, statistics, and volume, must be available to the covered entities in Canada. This data is important in accountability procedures in cases of privacy violations. In addition, sensitive or Personally Identifiable Information (PII) such as age, name, ID numbers, income, ethnic origin, or blood type, medical records, opinions, evaluations, comments, social status, payment information, etc.

Province-by-province highlights

Alberta has its Personal Information Protection Act, which is not significantly different than PIPEDA. Alberta is unique in that, instead of individual covered entities, the province’s entire health system is considered the Health Information Custodian.

British Columbia’s provincial law is called the Personal Information Protection Act. BC is one of only two provinces that do not allow PHI to be saved in the USA, even when encrypted.

Manitoba does not have its own provincial law, so only PIPEDA applies here.

New Brunswick’s law is the Personal Health Information Privacy and Access Act.

Newfoundland and Labrador are covered under the Personal Health Information Act.

Nova Scotia’s provincial law is the Personal Information International Disclosure Act . Like British Columbia, Nova Scotia forbids storing patient data in the USA, even if encrypted.

Ontario’s law is called the Personal Health Information Protection Act. It provides for several different classifications of service providers, so it’s important to know into which category a particular vendor might fit.

Prince Edward Island does not have its own provincial law, so only PHIPA applies here.

Quebec has passed An Act Respecting the Protection of Personal Information in the Private Sector, in addition to a couple of other laws that make Quebec unique and significantly different from other provinces.

Saskatchewan does not have its own provincial law, so only PHIPA applies here.

The Northwest Territories, Nunavut, and Yukon are territories, not provinces, so only PHIPA applies in these areas.

* British Columbia has several laws that govern privacy. The one that requires personal data to be stored in Canada is the Freedom of Information and Protection of Privacy Act (which applies to public bodies). Under section 30.1(a) there appears to be allowance for storing personal information outside of Canada as long as the individual has consented.

What You Need To Know About HIPAA

HIPAA is a federal law that protects the privacy of your personal health information. At the same time it allows health care providers and certain related operations enough access to the information they need to do their jobs effectively. HIPAA includes several rules and provisions that set guidelines and requirements for the administration and enforcement of HIPAA. The relevant ones for the implementation of health information technology and the exchange of protected health information in an electronic environment are the Privacy Rule and the Security Rule , as well as the HITECH Act which further enforced the two in 2009.

*State laws may have more stringent requirements than federal laws, however, in cases of conflict, federal law supersedes state law.

Highlights Of The Privacy Rule, The Security Rule, and the HITECH Act
  1. The Privacy Rule, applies to protected health information (PHI) in any form whether paper, oral, electronic, etc. While it requires covered entities to put in place “administrative, physical, and technical safeguards” for protecting PHI, it differs from the Security Rule in that it discusses the cases in which PHI can be used, when authorization is required and what are patients’ rights with respect to their health information. (Page 8335 of the final Security Rule)Summary of Privacy Rule
  2. The Security Rule applies only to protected health information in electronic form (E-PHI) and builds on the Privacy Rule requirements of “administrative, physical, and technical safeguards.” Unlike the Privacy Rule which is more concerned about patients’ rights and how health information is used and released, the Security Rule sets standards on the processes and technical security measures that should be taken to keep PHI private. It discusses acceptable ways to “implement basic safeguards to protect E-PHI from unauthorized access, alteration, deletion, and transmission.” (Page 8335 of the final Security Rule)* Under the Security Rule, paper to-paper faxes, person-to-person telephone calls, video teleconferencing, or messages left on voice-mail do not count as E-PHI because they did not exist in electronic form before the transmission. Thus those activities are not covered by [the Security Rule]” (Page 8342 of the final Security Rule). In contrast, the Privacy Rule applies to all forms of PHI.In particular, it calls for attention to
    • risk analysis and management
    • administrative, technical, and physical safeguards
    • organizational requirements
    • policies, procedures, and documentation requirements

    The Security Rule 101 Overview

    Security Rule Guidance Material

    The HITECH Act essentially added teeth to the HIPAA Privacy and Security Rules by specifying levels of violations and penalties for violations. It also requires periodic audits to ensure that covered entities and business associates are complying with the HIPAA Privacy and Security Rules and Breach Notification.

    HITECH modifications to privacy and security

Who Is Required To Comply With HIPAA?

Not all operations that handle health-related information must follow HIPAA law (such as many schools, state agencies, law enforcement agencies, or municipal offices). Under HIPAA the 2 groups that must follow HIPAA rules are

  • covered entities – health care providers, health plans, and health clearinghouses
  • business associates – a person or group providing certain functions or services for a covered entity which require access to identifiable health information, such as a CPA firm, an attorney, or an independent medical transcriptionist; More business associate FAQs here
How is HIPAA involved in your use of videoconferencing?

Videoconferencing may involve the electronic exchange of health information which is protected under HIPAA law. Security considerations with videoconferencing may involve making sure unauthorized third parties cannot record or “listen in” on a videoconferencing session, making sure recorded videoconferencing sessions are stored and identified in a secure and proper manner, or having a procedure for initiating and receiving video calls. Other video collaboration features affecting security may include text chat, screen-sharing, and file-transfer.

Videoconferencing would only be one small piece to consider when establishing and maintaining HIPAA-compliant IT security standards as described by the Privacy Rule and the Security Rule.

How does NousTalk allow you to comply with the HIPAA and PHIPA Privacy and Security Rules?

NousTalk has several characteristics that make it easy to protect the confidentiality of protected health information:

1)Peer-to-Peer sessions

NousTalk uses a managed peer-to-peer architecture, where video (and other media) are streamed directly from endpoint to endpoint. Information is never stored on any NousTalk servers or intercepted by NousTalk in any way. The NousTalk management server is only used for address lookup, connection brokering, and system/user administration. This prevents information leakage between point A and point B.

2)Encryption

Encryption adds another layer of security of NousTalk. All NousTalk traffic is encrypted; WebRTC-compatible endpoints use the AES cipher with 128-bit keys to encrypt audio and video, and HMAC-SHA1 to verify data integrity. No servers, including NousTalk’s, have access to the decryption keys. This keeps your videoconference absolutely confidential.

3) Security and Process Management

Information security is the preservation of confidentiality, integrity and availability of information. In the healthcare setting, this security includes ePHI used for clinical decision making or healthcare operations.

 

The NousTalk platform has been designed to meet HIPAA and PHIPA security requirements by having the following safeguards in place for clinicians and their patients:

  • Access Control
  • Audit Management Control
  • Administrator Control and Dashboard
  • Security Management Controls
  • Person or Entity Authentication
  • Breach Notification Protocols
  • Transmission Security (Audio, Video/Chat Encryption)
  • Encrypted Archiving
Easily Integrate Online Therapy Software Into Your Practice Workflow