Introduction

3.1 Managing privacy in different contexts

3.1.1 Functional needs

• Strategies or ability for the patient to control or maintain privacy and confidentiality even when accompanied by another party or in a shared space.
• Safe and private spaces for virtual healthcare, especially for those that lack adequate housing.
• Access to virtual healthcare that is widely available and meets regulatory (e.g., PHIPA) requirements.
• Flexibility for the practitioner to use alternative software/tools to meet the patient's needs.
• Awareness of privacy rights and concerns.
• Alternative ways to register for virtual healthcare platforms that do not require an email address.

3.1.2 Clarifying questions

• Is the individual in control of their privacy needs, and how do they control their privacy?
• Is the individual aware of privacy limitations in their current location, and are they aware of alternatives that may enhance their privacy?
• Is the individual informed of their privacy rights and preferences?
• Has the patient given consent for any recordings or for anyone else who might be in the room?
• Is privacy changing during a session? Is there a possibility for others to enter the room?

3.1.3 Practices

• Inform individuals of the expectations for privacy in advance so they can make arrangements, if possible.
• If a participant is in a shared space, suggest more private modes of communication such as text, encourage use of headphones, etc.
• Provide guidance, explanation, and support to individuals about understanding privacy and ways to ensure their privacy during appointments.
  • Communicate reasonable expectation of privacy, especially when others are present.
  • Explain privacy risks as necessary and require informed consent to proceed.
• Update expressed consent if privacy context changes.
• For situations where individual lacks privacy (i.e., due to housing instability or other reasons), provide alternative meeting spaces in existing safe venues that have private rooms with internet access. For example, pharmacies, food bank, shelters, libraries, clinics, places of worship, community centres, etc.)
• Make individuals aware of privacy controls and preferences. Inform them about privacy requirements in advance of appointments (other related guideline: 2.4 Enhancing intake process to personalize service delivery above).
• If an ideal privacy situation is not possible, work out a mutually acceptable privacy arrangement if possible and provide a modified informed consent to reflect the new privacy situation.
• If a meeting cannot proceed due to privacy reasons, then the practitioner should explain the reason. This should not be a surprise to the individual as the expectations of privacy should be communicated in advance.
• Explaining in plain language how privacy is ensured in virtual health settings can help improve uptake on virtual services.

3.1.4 Software approaches

• Support multiple communication channels to ensure that the patient can pick the one that best suits their needs and context, while maintaining the required privacy requirements.
• Provide enhanced privacy controls to the patient:
  • Ability to control who can hear or see proceedings as a way to create temporary privacy.
  • Ability for side, private conversations. For example, if an individual wants to consult with a member from their circle of care privately.
  • Stop or prevent recordings.
  • A way to Indicate if privacy has changed. For example, if someone entered the room who may not be expected or visible.
  • Ability to control who can see video streams.
  • Background blurring or replacement.
• Alternative ways to enter the healthcare system that uses anonymized sign-in requirements (e.g., individualized user code and password, verbal sign-in).
• Detect background audio that may indicate if in a shared space and recommend use of headphones.
• Provide different options or modes of communication for privacy reasons. For example, have non-verbal methods of communication, e.g., text based, sign language, etc. if audio is not private.

3.2 Maintaining security

Security is the mechanism(s) by which privacy is maintained. This includes all aspects of the system that data passes through, including applications, devices, networks, storage, etc.

3.2.1 Functional needs

• Secure data transmission, storage, and access to ensure privacy of all personal information.
• Understanding of best practices, policies, and procedures to maintain security.

3.2.2 Clarifying questions

• Are only secure communication protocols used for communication between the practitioner and recipient of care?
• Does the recipient of care have a variety of secure communication options to choose from?
• Are the identities of all participants verified when communication is established?
• Are all records stored securely with appropriate access restrictions?
• Are personal records safeguarded in the event of compromised hardware and software?

3.2.3 Practices

• Procedures in place to ensure that the correct recipient of care is contacted.
  • Pre-arrange an approved method of communication.
  • Remote conferences (web or phone) should have unique URLs and/or passwords
  • Upon connecting with the recipient of care, their identity should be verified
• Procedures in place to appropriately identify the practitioner with the recipient of care. The recipient of care should be confident that the practitioner is the one they are expecting.
  • e.g., arrange a specific video conference link and time for the call.
• Only communicate with recipients of care over secure communication channels.
• Limit access to patient records, with policies to ensure that authorization is not compromised.
• Procedures and policies for revoking access to patient records as needed.
• Routinely conduct security audits; including verification that all applications and tools used are following the required security guidelines.
• Provide information to the recipient of care about maintaining security if required, and explain the clinics security practices and policies.
• If insecure methods of communication are used, ensure that sensitive information is not shared. Sensitive information that is to be shared should be appropriately secured using identity and password verification.
• Balance security with usability – some security procedures may create additional barriers making accessing virtual healthcare more difficult.

3.2.4 Software approaches

• Use appropriate levels of encryption on all electronic communication systems to ensure data/communication (e.g., files, video calls, voice calls, etc.) is secure across transmissions.
  • Sensitive information should not be communicated across most e-mail and text applications (like SMS texts), which often lack the required encryption and access restrictions.
• Electronically sign (e.g., PGP) electronic messages and files, to confirm their origin and authenticity.
• Provide unique URLs for all virtual meetings to prevent accidental entry.
• Virtual appointments require a password, or other form of login, to limit entry.
• Unique meeting URLs should have an expiry after a single use or expire after the meeting time.
• Bookings and other access to the virtual healthcare platform should require authentication to access.
  • Provide multiple means for authenticating to address accessibility concerns. Notably captchas may not be accessible for someone with low / no vision.
• Records and other information stored on devices and servers should be encrypted on the device to prevent access if the physical device is compromised.
• 3^rd party tools and software components should be scrutinized for any possible security and privacy concerns.
• All devices used by practitioners should be encrypted with access restrictions (e.g., passwords, authorization levels, etc.) in place.
• Allow the patient to send resources (images, notes, reports, etc.) directly to the practitioner to be added to their health record, without intermediate access by others at the clinic.
• These files must be verified to be safe, no virus, malware, etc., before executing. Have a plan for data redundancy and routine backups of critical systems. Also consider a contingency plan for service continuity if software systems are offline.

3.3 Interoperability with assistive technology

Individuals may require assistive technologies to operate their digital devices and software. Care should be taken to ensure that any virtual healthcare platforms work with them. There may be additional physical and digital limitations that require alternative solutions or assistance provided to the patient (other related guideline: 1.2 Supports for using technology above).

3.3.1 Functional needs

• Individual requires assistive technology to control their computer or mobile device in order to engage in virtual health.

3.3.2 Clarifying questions

• Is the individual able to access the virtual healthcare platform? Is there a more accessible alternative that can be used instead?
• Does the individual require assistance during the virtual visit?
• Are there changes to the way services are provided to remove barriers or improve access?

3.3.3 Practices

• Applications should be interoperable with assistive technology.
• Applications and services should comply with relevant policies and regulations such as accessibility legislation (i.e., Accessible British Columbia Act, Accessible Canada Act, etc.).
• Applications and services should follow practices defined by existing accessibility guidelines and best practices such as W3C's Web Content Accessibility Guidelines (WCAG), and others that may be applicable (e.g., federal and provincial regulations for accessibility).
• The individual should be able to choose method of communication to meet their own needs and preferences, which includes different accessibility options.
• If additional support is required, for example moving a camera or a piece of equipment, this requirement should be arranged in advance if possible so the needed assistance is available (other related guideline: 2.4 Enhancing intake process to personalize service delivery above and 1.2 Supports for using technology above).
• Provide an opportunity for an individual to test the virtual healthcare platform, ahead of time, should be provided.

3.3.4 Software approaches

• All virtual healthcare applications should be implemented with assistive technologies in mind.
• Web applications should follow WCAG standards. For standalone applications, the same principles from WCAG are useful guidance. Keep in mind that WCAG compliance does not mean that the software is usable or a pleasant experience especially by people with varied needs and preferences.
• The platform should allow users to test/demo the virtual healthcare platform ahead of time.

3.3.5 Other related guidelines

• 1.2 Supports for using technology
• 2.4 Enhancing intake process to personalize service delivery