The Clarity video conferencing system is built specifically for medical video consultations and with a corresponding level of security.
The platform is hosted on UK-based servers and served across a secure SSL/TLS encrypted link. This is browser to browser Web RTC technology although the video consultation is mediated by way of a US-based media communications server which is in itself built for HIPAA compliance (the US legal standard for Health Data Security). The Clarity system’s architecture also follows the recommended standards for achieving HIPAA compliance.
The website is subject to malware scanning at the server level and our servers are PCI compliant and the sites are hosted in UK data centres with 24-7 security on-site, Photo ID and swipe card entry, CCTV inside and out, gated access and secure perimeter, redundant and uninterruptible power supplies. The hosting has ISO/IEC 27001:2013 Certification.
All voice and video traffic on the Clarity system is encrypted no matter whether using web or mobile or whether on a public or private wifi connection.
In terms of the encryption algorithms and strength of the keys, these use AES cipher with 128-bit keys to encrypt audio and video and HMAC-SHA1 to verify data integrity. The endpoints generate random keys at the beginning of the session and in addition they change periodically during the conversation to make it even safer.
We only store what information is absolutely essential, namely the patient name, email address and record of an appointment date and the identity of the Consultant with whom the appointment was made. No recording is made of the video conferences and no medical notes are recorded on our system.