Keeping your video conferences secure may seem like an obvious thing to do. The last thing you want is for strangers to be hacking into your online web conferences accessing information you’re not prepared to be sharing.
As a business, it is sensible to keep your information secure when in a web conference. After all, you want to keep your industry secrets. However, in some cases, confidential information is protected by the law meaning that video security is an absolute must in order to prevent professionals from breaching legislation.
In the cases that law protects confidentiality, it is often required to have web conferencing tools which are registered as ‘compliant’ with some of those pieces of legislation. What are they? Which should you be following?
Health Insurance Portability and Accountability Act
Who Does It Affect?
It affects anyone involved with healthcare. Doctors, surgeons, therapists, nurses, insurers etc. Basically, the act applies to anyone who has Protected Health Information or PHI. This is any confidential information referring to a patient.
What Does The Act Stipulate?
- Only the minimum amount of information should be shared
- PHI should be released to the patient within 30 days of request
- PHI should be released if required by law to the correct bodies
- PHI should be disclosed if required to proceed with treatment, payment or healthcare operations
- All PHI should be correct and up to date
- PHI should not released to anyone without permission or lawful reason
- Any time PHI is released, this should be tracked and recorded
What Does This Mean For the Use of Web Video Conferencing Services?
What this means in terms of web conferencing is that if a healthcare professional would like to use video conferencing and online conference document sharing, they must first ensure that it is HIPAA compliant. This means that it is certified to meet all stipulations laid out by HIPAA so that it is protected against hackers attempting to access confidential information by secretly illegitimately logging into your video stream.
Personal Information Protection and Electronic Documents Act (PIPEDA)
Who Does It Affect?
PIPEDA governs the use of personal data of individuals, not including name, title, business address or telephone number of an employee of an organization. It works on two levels, by firstly regulating and stipulating how private sector organizations can use this information. It also provides for individuals regarding organizations using their personal data.
What Does the Act Stipulate? An individual has the right to:
- Understand why an organization is collecting their personal data
- Expect an organization to only use this data for which consent has been given
- Expect appropriate security measures to be taken by the organization to protect their data, and know that this responsibility lies with the organization
- Obtain access to own data
- Ask for corrections to data
- Complain about the organizations handling and use of data
- Organizations are required by law to:
- Gain consent for collecting and using personal data
Still provide service to a customer even if they refuse to give consent, unless its use is essential to the transaction (e.g. they can’t ask for delivery then refuse to give you an address
Write and follow personal information policies that are unmistakably clear and easily accessible, and follow these rules to gain information only by fair and lawful means
What Does This Mean For the Use of Web Video Conferencing Services?
Video conferencing may include a rundown of personal information or the sharing of confidential documents including personal information within them. Ensuring that this data remains confidential is of utmost priority and therefore businesses should be using a secure video conferencing tool. Under the PIPEDA, it is required to take correct security measure to fulfil all criteria of protection which has led to tools becoming PIPEDA compliant. PIPEDA compliance is crucial to ensuring that a business is following the law and working correctly with information.
The Safe Harbour Principles Who Does it Affect?
The Safe Harbour Principles is a process of having US companies sign up to become certified that they follow the same regulations as the EU Data Protection Directive, 1995. This means it affects financial corporations, political entities, and basically companies in every industry.
What Does it Stipulate?
Similarly to HIPAA, the principles are based upon the sharing, transfer and access to personal information of individuals, whether it be financial data, personal details etc.
It says that:
- Individual need to be informed of access to their data by a third party
- Individuals have the choice whether not to hand over their data and have it transferred to others
- Transfer of data should only be allowed if the receiving party follows the same stipulations
- Data should be up to date and correct
- Reasonable effort should be made to protect data securely
- Individuals can access their own data
What Does This Mean For the Use of Web Video Conferencing Services?
Any entity that is certified to these principles needs to understand the importance of security and make sure they find a tool that complies to all principles laid out. Web video conferencing services need to be secure enough to prevent hackers as well as certified in one way or another to be able to prove to assessing bodies that security measures to protect data are being implemented.
Author Bio:
Freelance writer Benjamin Baker is a research hound. Constantly scouring the internet for new information he came across some great sites in relation to using secure video conferencing. http://securevideoconference.com/, is one of the many sites that he found extremely helpful in crafting this article. A user of video conferencing himself, Benjamin now finds more time to spend with his family instead of constantly stepping out to meet clients.
About Cathy B
