Help & Support
Is Tele Rehab Safe and Secure to Use?
Published in: Privacy & security , Tele Rehab
Yes, it is. We recognise that trust is of the utmost importance in the practitioner-patient relationship, and ensuring data and communications are secure is integral to Rehab My Patient. That’s why we have invested in technology that is safe and encrypted.
The Tele Rehab functionality built into Rehab My Patient uses WebRTC. WebRTC uses MESH networking and direct peer-to-peer (P2P) communication inside a web browser or mobile app. This means there’s no need to download other software or apps, and it’s the driving force behind many popular online communication tools created by big corporations and used by millions of people everyday. WebRTC can only be implemented with robust mandatory security protocols in place.
What are these security protocols?
Tele Rehab is protected by a firewall and has TSL encryption enabled. Telerehab will only work in up-to-date, secure browsers - users with older versions of the browsers will be required to upgrade. This ensures that the browser is not vulnerable due to security flaws. In addition, the APIs are accessed using a security key, keeping the communications secure.
As it uses peer-to-peer communication, the audio and video is never stored on an external server, it is encrypted and transmitted directly between the two users’ computers using Secure Real-time Transport Protocol (SRTP). The RTCPeerConnection API securely handles Session Description Protocol (SDP) negotiation, codec implementations, Network Address Translation Traversal, packet loss, bandwidth management, and transfer of audiovisual media. In certain situations where a user has a strict firewall which prevents a direct peer-to-peer connection, for example on a corporate network, it may be necessary for video and audio to be relayed via a TURN server, but end-to-end encryption is still maintained.
What about the sensitive patient data held in Rehab My Patient?
Although it runs from within Rehab My Patient, Tele Rehab actually runs on an independent ‘droplet’, (this is like a separate server), which keeps it totally separate from practitioner and patient data stored securely within Rehab My Patient. This ensures all data is kept private and protected from unauthorised access.
The practitioner has the option to share their screen with the patient, but the software makes it easy to select the exact window or browser tab you want to share.
How will the patients’ privacy be maintained?
The client is emailed a link specific to their appointment. This link is for one-time use, so other patients can’t accidentally join another patient’s appointment. It is based on a token system, so a new token is generated for each new meeting for added security. The link contains a long string of randomised letters and numbers, so is not vulnerable to guesswork or “brute force” attacks.
The browser will always ask for permission for the website to access the microphone and camera, which must be manually approved. There will then be an indication within the browser window showing when the camera and/or microphone are active.
Thank you for being part of the RMP Community!