Moving to Virtual Care: Pros & Cons of Different Platforms
In order to continue to meet the needs of children, youth and families during COVID-19 many service-providing agencies are quickly moving to virtual care. Some platforms that service providers are using include: ThinkResearch , oncallhealth.ca and Zoom for Healthcare. It looks like all of these platforms are HIPPA and PIPEDA/PHIPA compliant. However, only the first two are Canadian/have servers in Canada which is important. I'm wondering if anyone would be willing to share which platform they are using and/or the pros and cons of these and other platforms. I did notice that the Center of Excellence for Child & Youth Mental Health recently posted a rapid, non-systematic scan of practice guidelines to support the sector as we explore alternatives to face-to-face mental health care. Scroll down to e-mental health services HERE to view this info.
Looking forward to thoughts/suggestions. Feel free to DM, if preferred. TIA
Our IT department has recommended PexIP. I work for the Saskatchewan Health Authority. Zoom has been expressly not authorized for us.
Thanks for sharing, Brad.
We are paying for the higher grade Zoom (Centre for Innovation in Peer Support @Support & Housing-Halton because they have updated many privacy protocols and adding in features such as password and "lock the room" features. Our privacy consultant expressed that with Zoom updates and other considerations that we are "good to stay with it".
We also researched this extra info from an Ontario Health update.
Zoom and Zoom Telehealth
There isn't a separate "Zoom for Telehealth" product. The recipe for Zoom Telehealth is Zoom Business Meeting licenses + Zoom BAA (and the HIPAA/PIPEDA controls implemented by it)
So the meeting controls, etc., are exactly the same as the Business Licenses, with one notable exception; the compliance laws don't like potential PHI in the cloud, so cloud recording gets turned off. You can still record meetings locally, if you wish.
More info.............
Below is a summary from zoom’s blog, their website and their data sheets.
Zoom Healthcare summary-Launched as early as fall 2018
Sources:
https://blog.zoom.us/wordpress...da-phipa-compliance/
https://zoom.us/healthcare
https://zoom.us/docs/doc/PIPED...mpliance%20Guide.pdf
HIPAA/PIPEDA plans start at $200 per month per account, which comes with 10 hosts.
Please contact sales for signed BAA for HIPAA compliance and to learn about 1, 2 and 3 year pre-paid packages. This is likely 200 USD, I will find out.
How does Zoom protect its customers data? Zoom’s commitment to protecting the security and privacy of our customers’ data includes:
Are there any PIPEDA or PHIPA certification programs? No. Currently there are no PIPEDA or PHIPA certification programs to assess third-party compliance.
How does Zoom help with PIPEDA and PHIPA compliance? Zoom uses privacy practices and technical security measures to ensure that customer data is protected. Our security and privacy measures include:
……………………………………..
Security and Privacy Certifications
SOC2: The SOC 2 report provides third-party assurance that the design of Zoom, and our internal processes and controls, meet the strict audit requirements set forth by the American Institute of Certified Public Accountants (AICPA) standards for security, availability, confidentiality, and privacy. The SOC 2 report is the de facto assurance standard for cloud service providers.
TRUSTe: TRUSTe has certified the privacy practices and statements for Zoom and also will act as dispute resolution provider for privacy complaints. Zoom is committed to respecting your privacy. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
EU-US Privacy Shield: Zoom participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. Zoom has committed to subjecting all personal data received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List https://www.privacyshield.gov/list.
TrustArc: TrustArc has certified the privacy practices and statements for Zoom and also will act as dispute resolution provider for privacy complaints. Zoom is committed to respecting your privacy. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedbackform.truste.com/watchdog/request
Excerpt from Zoom blog article fall 2018: “Zoom is a popular choice among Canadian healthcare organizations for two reasons. First, Zoom has data centers in Toronto and Vancouver, so all live meeting data and traffic can be kept in Canada. Moreover, Amazon Web Services (AWS) will be available in early 2019 in Montreal, which means that 100% of data (live, recorded, and post-meeting metadata) will reside in Canada. Second, it’s critical for doctors to prove video session attendance and the timestamp of the start and finish to bill back to the province for payment. Zoom makes it easy to access each session’s timestamp and participant list.”
--talk about doing your homework Betty Lou!! I appreciate your transparency - what we know, what we don't know -can offer. A model of practice for any organization.
Thank you for sharing your detailed info/research, Betty Lou! Greatly appreciated!
No problem!