Privacy and Confidentiality

A telemedicine consultation involves the transfer of patient information; therefore it needs to be done in such a way as to maintain the privacy and security of that information. Collecting the information privately means conducting the consultation in such a way that no one who isn’t supposed to be involved in the consultation can see or hear the consultation. Sending the information securely means that only those who have a right to access it by being directly involved in the care of the patient are able to.

The privacy aspects are generally managed by controlling the environment in which the consultation takes place. The security aspects are technical, and are generally looked after by vendors. HISO Standard 10029, the Health Information Security Framework describes the issues to consider. The Connected Health Network has been established as an environment for the safe sharing of health. This includes accrediting and certifying vendors.

At present there is no organisation in New Zealand that sanctions particular videoconference services as meeting the requirements of the Health Information Security Framework. The onus is on the clinician and their organisation to do so. Careful consideration should be given to using a network provider that uses the Connected Health network, and if this is not possible you should find out whether the information you transfer during a telemedicine consultation is encrypted (it should be), and whether any of it is stored by the system you are using (it shouldn’t be). See this information sheet on risk management using Skype. The considerations in this could be applied to any other of the similar web based videoconference solutions.