Privacy, security and scalability is fundamental to Video Call. This document explains how Video Call consultations are made secure and private at scale.
Video Call is based on 4 important concepts:
These four concepts are fundamental to the design of Video Call. Its network architecture is covered by design assurance processes which ensure new features and capabilities continue to meet the required standards.
Video Call is built on Web Real-Time Communications (WebRTC) technology. WebRTC’s built-in security uses fully-encrypted connections.
Video Call has been designed as a holistic telehealth ecosystem, made up of servers and applications, running through WebRTC technology.
Additional security measures have been applied to make the WebRTC-based system truly secure and private:
On this page we explain what steps are undertaken to ensure video consultations are safe, secure, private and scalable.
Health-grade privacy, security, and data protection are fundamental to Video Call design
WebRTC video call media traffic is protected with AES 128-bit or AES 256-bit encryption between web browsers. This is the standard for WebRTC based services such as Video Call. However, this security applies only to peer-to-peer calls and not to the system infrastructure. Several infrastructure elements in any WebRTC video call can be attacked and Video Call has been developed to inhibit these attack vectors.
For example, standard WebRTC call encryption cannot stop an attacker impersonating a user at either end of the call. Neither can encryption prevent a signalling, application, or relay (TURN) server from being hijacked.
Key privacy and security measures have been applied to Video Call to protect against:
Video Call’s privacy and security model ensures that:
All data - not just the live video call - is encrypted.
Video Call stores service provider information and passwords securely on Amazon RDS (Relational Database Service). Passwords are transmitted using TLS (Transport Layer Security) and are never stored in plain text. Video Call only stores hashed and salted password hashes in RDS, meeting current industry standards in user authentication and authorisation.
No personally identifiable or protected health information is stored by Video Call.
All audio and video data, and all other data exchanged during a live video call is encrypted.
Video Call uses state-of-the-art security mechanisms for all connections as well as for its WebRTC implementation. Connections between browser and application server, signalling server, or STUN/TURN are all TLS-encrypted and authenticated, with strong cryptography and proper certificate checks. The TLS protection for STUN/TURN negotiation ensures that no re-routing of video call communication can take place.
Security for WebRTC communication is enhanced by having the signalling server facilitate the cryptographic setup for browser-to-browser communication: browsers securely establish a shared key for every data channel.
As a distributed system, all components of the Video Call ecosystem are hardened against attacks.
Video Call complies with Australian government privacy policies.
Video Call infrastructure and service conform with the guidelines of the Commonwealth Privacy Act 1988, the Australian Privacy Principles (section 8) relating to data sovereignty and, wherever practicable, the Australian Government Information Security Manual (ISM).
Video Call connections are made peer-to-peer (browser-to-browser without traversing central video infrastructure). Data shared in actual calls between participants is only ever available in decrypted form to the participating endpoints of the call. All other intermediaries that forward the call can only see encrypted data. This applies to audio and video data, as well as all information exchanged in the session such as chat messages and documents. Video calls do not, by default store any of the shared data from calls.
Patients enter waiting areas via a trusted service provider website and wait in their own private video room. For example, if a service provider runs late because a consultation with another patient is running over time, patients will not run into each other. The room created by Video Call is deleted after the consultation.
Patients can be seen by any service provider or clinic administrator who is authorised to access the clinic. Authorisation is defined by a unique login and assigned roles in the platform. Clinic administrators are responsible for assigning such access to their staff.
By default, the Video Call does not retain identifiable patient information. Patients do not leave a digital footprint on the platform.
If Australian data or data management moves offshore, it is no longer controlled within Australia and becomes subject to the laws of a foreign country or the practices of a foreign corporation. Access and control of Australian’s data by foreign companies does not recognise the existing rights of Australians to have their privacy and data adequately protected.
Sensitive data about Australian citizens must therefore be stored on an ASD (Australian Signals Directorate) certified cloud that can guarantee information is not accessible by foreign entities.
Video Call takes a strict approach to hosting only within the AWS (Amazon Web Services) cloud, which has been certified by the ASD’s IRAP (Information Security Registered Assessors Program) which provides assurance that AWS has in place the applicable controls required by the ISM (Australian Government Information Security Manual).
Video Call can confirm that for Australian users:
Video Call has been designed to scale. All database and server infrastructure has been designed using a stateless microservices architecture, allowing each component to be fault tolerant and capable of individually horizontally scaling to match the load on each service at any given point in time.