PRINCIPLE 3: Providers take reasonable steps to ensure the videoconferencing technology and security

Providers are responsible for selecting videoconferencing technologies that can support the privacy and security of the client’s personal information. Providers are required to take reasonable and active steps to ensure that their clients’ personal information is collected, stored, used and disposed of in a manner that upholds the protection of information provided by Australia’s Privacy and Health laws (see www.legislation.gov.au). This includes selecting technology where:

• Technical protocols provide interoperability between platforms and devices (for example, this might include video and audio codecs, advanced encryption standard (AES), or secure real time transport protocols (SRTP) for SIP (session initiation protocols) encryption)
• Strong passwords, two-factor (step) authentication and an audit trail of user’s access to client/patient information can be implemented
• The transfer of data is secure from end-to-end using appropriate security protocols that comply with Australian Privacy Principle 11 of the Privacy Act 1998(Commonwealth) (see www.legislation.gov.au)(i.e., transport layer security (TLS), end-to-end encryption or VPN technology)
• The provider can regularly update security measures to protect against malware, viruses, intrusions and email threats on computers used for videoconferencing services and to store personal client information.