To main content

Information security and video appointments

To use video appointments in the healthcare sector, the video-calling software must be secure. Confrere, which is based in Norway, follows all regulations set by the Norwegian healthcare sector’s Information Security Standard - one of the strictest in the world.

...or see pricing

Confrere is one of the few video-calling softwares that is secure enough for the healthcare sector

Most video-calling softwares on the market today do not fulfill the information security regulations required by the healthcare sectors of most countries, including Norway’s Information Security Standard.

Confrere fulfills all regulations so that it may be used by physicians, therapists, and all other healthcare professionals.

Identification security requirements - so that you can be sure of who you’re speaking with

In Norway and Sweden, Confrere identifies your visitors using BankID (which fulfills the identification security regulations), and will soon offer electronic identification in other European countries. With BankID, patients confirm their identity digitally before their appointment begins.

In the event that the healthcare professional knows the patient well, the video image of the patient may also fulfill identification security regulations in countries that support telemedicine.

Encryption requirements - so that no one but you and your patient can access your conversation

The Norwegian healthcare system’s Information Security Standard requires that video calls are end-to-end encrypted. Confrere fulfills this requirement.

That a video call is end-to-end encrypted means that only you and the person you are speaking with can see and hear your conversation - it’s impossible for a third party to have access to it. To put it simply, encryption makes it so that you and your patient can have a private, confidential conversation, without any risk that someone else could decode the video call as it’s being sent through the web.

If a video-calling software isn’t encrypted through the entire connection between the two parties, then it does not fulfill the security regulations of the healthcare sector in most countries, Norway included. This is the case for all software that uses a media server, which is used by most other video-calling software. In such software, the content of a call can be read unencrypted in the media server itself. This is problematic - especially when the media server is located in another country.

Confrere is built with a technology called WebRTC, and we follow the industry standard for strong encryption (DTLS-SRTP).

Data processing requirements - so that security is documented

If a video call involves the processing of personal data, then it is protected by the General Data Protection Regulation (GDPR). This means that your business must enter into a so-called Data Processing Agreement with Confrere.

Confrere offers a Data Processing Agreement based on the standard of the Norwegian Directorate of eHealth, which is intended for the healthcare sector.

Confrere and risk assessment - so that you can ensure the safety of personal data

Norway’s Directorate of E-health has set strict regulations when it comes to information and the protection of personal data. It requires that software must undergo a risk assessment to ensure that it follows these regulations before it can be used in the healthcare sector. Confrere has completed this risk assessment, and can therefore be used safely in Norway. The guidelines and regulations are similar to those of any country that supports telemedicine. We can share our risk assessment upon request.


Get in touch with Svein Willassen. He speaks to new and existing customers every day, and is part of Confrere's founding team.