Most video-calling softwares on the market today do not fulfill the information security regulations required by the healthcare sectors of most countries, including HIPAA and GDPR.
Confrere is HIPAA-compliant and GDPR-compliant so that it may be used by physicians, therapists, and all other healthcare professionals.
In Norway and Sweden, Confrere identifies your visitors using BankID (which fulfills the identification security regulations), in Denmark with NemID, and will soon offer electronic identification in other European countries. With BankID and NemID, patients confirm their identity digitally before their appointment begins.
In the event that the healthcare professional knows the patient well, the video image of the patient may also fulfill identification security regulations in countries that support telemedicine.
Most telemedicine security regulations require that video calls are end-to-end encrypted. Confrere fulfills this requirement.
That a video call is end-to-end encrypted means that only you and the person you are speaking with can see and hear your conversation - it’s impossible for a third party to have access to it. To put it simply, encryption makes it so that you and your patient can have a private, confidential conversation, without any risk that someone else could decode the video call as it’s being sent through the web.
If a video-calling software isn’t encrypted through the entire connection between the two parties, then it does not fulfill the security regulations of the healthcare sector in most countries. This is the case for all software that uses a media server, which is used by most other video-calling software. In such software, the content of a call can be read unencrypted in the media server itself. This is problematic - especially when the media server is located in another country.
Confrere is built with a technology called WebRTC, and we follow the industry standard for strong encryption (DTLS-SRTP).
In the US, if a video call involves the exchange or processing of Protected Health Information (PHI), then it is protected by HIPAA. This means that your business must enter into a Business Associate Agreement (BAA) with Confrere.
In the EU, if a video call involves the processing of personal data, then it is protected by the General Data Protection Regulation (GDPR). This means that your business must enter into a Data Processing Agreement (DPA) with Confrere.
Confrere, which is based in Norway offers a Data Processing Agreement based on the standard of the Norwegian Directorate of eHealth, which is intended for the healthcare sector.
Norway’s Directorate of E-health has set strict regulations when it comes to information and the protection of personal data. It requires that software must undergo a risk assessment to ensure that it follows these regulations before it can be used in the healthcare sector. Confrere has completed this risk assessment, and can therefore be used safely in Norway. The guidelines and regulations are similar to those of any country that supports telemedicine, including the US and EU countries. We can share our risk assessment upon request.