Published
November 14, 2022

Compliant Video Conferencing: What You Should Know

Video conferencing software is becoming the go-to solution for personal, business, and governmental communication. As with any communication medium, there’s the potential to share lots of sensitive information.

Video conferencing software is becoming the go-to solution for personal, business, and governmental communication. As with any communication medium, there’s the potential to share lots of sensitive information.

Some of that data can be covered by various legislation and regulation. Telehealth services, for example, have to be HIPAA (Health Insurance Portability and Accountability Act) compliant. Most personal information is covered by a whole host of data protection laws such as GDPR, CCPA, etc. Finally, another slew of laws will cover financial information.

Compliant video conferencing features

Compliant video conferencing is a set of features ensured by the dedicated software that allow the sharing of protected information without breaking existing regulation. A video conferencing solution, however, has to ensure that the features are in place, but staying compliant is also, at least in part, on the shoulders of the participants.

While each piece of legislation might have slightly different requirements, there are general trends in all of them that make it easier to find compliant software. 

End-to-end encryption

Data safety is one of the key requirements in all the aforementioned pieces of regulation. No third party should be able to get access to things such as patient data without expressed consent of the owner..

As such, end-to-end encryption is an absolute necessity. In simple terms, that means that if something is being shared over a video conferencing solution, no one should be able to intercept and decrypt the traffic.

Luckily, end-to-end encryption is no longer something that’s hard to come by. Most video conferencing software will have it included by default as using end-to-end encryption protocols has long become the norm.

Data storage and documentation

An offshoot of end-to-end encryption is proper storage and protection. Any data leak is potentially a mismanagement of sensitive information such as patient data, which could break compliance.

Unfortunately, not storing any data to avoid such leaks is not an option. Not only due to such features being incredibly important for user experience, but for compliance as well. Some of the aforementioned laws require the documentation of customer conversations and other data.

For example, MiFD II states that all electronic communication (which includes video conferencing software) discussing financial transactions must be documented. For compliant video conferencing that usually means audio or video logs.

As such, a compliant video conferencing solution must be able to protect all ongoing conversations and provide secure storage that minimizes risks of leaks further down the road.

Identity verification

All compliant video conferencing must include ways to verify the identity of all participants, agents included. File sharing features are a common option for verification as they allow the transmission of photos and other important documents.

File sharing, however, isn’t strictly necessary. It’s one of the quality-of-life features that’s usually included in a video conferencing tool, but the role can be filled by various other software. Some compliant video conferencing software have integrations with government-based digital-ID systems that can verify identities easily.

It’s important to note that compliant video conferencing necessitates the verification of identities before any important information is exchanged. That may exclude certain data that may be transferred over file sharing in order to verify identities.

Finally, it should be noted that your agents should have some process of verifying themselves for the client. Remember that hackers and other malicious actors can pretend to be your agents in order to get protected health information, patient data, financial information, or anything else they deem valuable.

Traceability

All compliant video conferencing software should include some form of event tracing. Everything should be logged, starting from the people involved and ending with anything sent over a file sharing system.

These are generally called event logs (sometimes also known as audit logs). In the event of some leak or failure to adhere to the laws, event logs must include everything that happened over the video conferencing tool.

Even the most basic compliant video conferencing tool must include data points such as call participants, duration, time of communication, etc. Contact information may also be included in these cases.

6 key compliant video conferencing tenets

While the laws and regulations for different use cases of a video conferencing tool may differ, all of them need to comply with at least 6 basic tenets. These features must be included in all such software:

  1. Data security and risk minimization. Usually, data encryption during calls and the ability to anonymize personal data after export or if sharing is needed. Medical video conferencing may also require anonymization of diagnoses. 
  2. Permission gating. Only specific agents and customers must be able to participate and schedule video calls. Additionally, software should not run on third-party websites or apps.
  3. Communication methods. In some cases (such as when GDPR is applicable or when medical professionals are involved), customers may need to express consent and sign paperwork. All compliant video conferencing tools must have ways to communicate with customers before a call is initiated. HIPAA compliant video conferencing also has to encrypt all of the messages that are sent outside of the call.
  4. Documentation. All calls should be recorded (and the customer informed about it) due to numerous legislation necessitating logging for later review. 
  5. Long-term storage options. Logs and recording may need to be stored for several years at the time. They must also be protected from unauthorized access. Anonymization of such records may also be required.
  6. Event logging. A compliant video calling tool must also record metadata of all calls for tracing purposes in case of a dispute or other issues.

Availability

About SnapCall

SnapCall is revolutionizing the way businesses interact with their customers. Our suite of products offer a seamless and personalized customer experience. With SnapCall Assist, customers and support teams can easily share photo and videos to explain problems and provide solutions. SnapCall Booking allows for scheduling calls with clients and experts without the need for external conference services. And SnapCall Instant offers audio and video calls with integrated CRM platforms for easy access to customer information.

About

Press Contacts

Lily Berlioz

SnapCall

SnapCall Media

SnapCall

Latest News