Question
Can I have more information about HotDoc Telehealth Video Privacy and Security?
Solution
HotDoc Telehealth Video is a feature of Online Bookings which allows your practitioners to facilitate virtual consultations via a video format. HotDoc Telehealth Video complies with:
- The RACGP Guide to providing telephone and video consultations in general practice
- The MBS Online Privacy Checklist for Telehealth Services
The calls are secure, the call data is fully encrypted and no video or audio data is stored.
Technical Overview
HotDoc Video uses an underlying technology called WebRTC, which is built in to modern web browsers and powers many well-known video call solutions.
Call data is sent directly between devices most of the time, but will be sent via a relay server ('TURN' server) if a direct connection cannot be established.
Calls are automatically routed through the closest server to the participants: this means a server in Australia will be used for calls within Australia. If both parties are in Australia there is no reasonable expectation that any call data will leave Australia.
Call video and audio data is always encrypted end-to-end (DTLS-SRTP) and never stored, including when it passes through a TURN server. All other traffic for coordinating the call is also encrypted (HTTPS using TLS1.2+).
HotDoc may use a third-party infrastructure provider (such as Whereby, Amazon, or Daily.co) in providing the service.
- The third-party infrastructure provider stores metadata about the occurrence of a call such as its time, the IP address of participants, browser type and version, and a room ID.
- The infrastructure provider has no access to data about participants beyond their IP address, and browser type and version. There is no guarantee that this metadata is stored within Australia.
- No call data is stored by any party in any country.