At coreplus, we take the security of your data seriously. We understand that as a health practitioner, there are compliance and regulation guidelines that you must adhere to, which is why we make every effort to ensure that Telehealth by coreplus is reliable and secure.
In summary:
All our API endpoints are fully protected by end-to-end encryption (SSL)
We don’t record/save any audio/video data
Telehealth by coreplus is based on the open standard WebRTC protocol and is encrypted at the sender
Information security is managed based on the ISO 27001 framework
Data is encrypted both in transit and at rest
Media Encryption
Telehealth by coreplus is based on the open standard WebRTC protocol. The security architecture is described here, and the protocols used include TLS, DTLS and SRTP. All communication between a Programmable Video client and coreplus is encrypted.
Each Participant in a Telehealth by coreplus session negotiates its own DTLS/SRTP connection to the media servers. All media published to or subscribed from the session is transported through this secure connection.
Media is encrypted at the sender. Once arriving at the media server, each Participant's media is briefly decrypted to perform essential WebRTC functions before being re-encrypted and sent out to other Participants. WebRTC requires this, as it does not allow the negotiation of a single set of DTLS keys between more than two peers. Decrypted media is not written to any persistent storage or sent across the network.
All decryption and re-encryption happen in a single media server process in the cloud. A separate process is created for each session.
Media recording is disabled, meaning unencrypted media is never written to disk or any other kind of persistent storage and is never sent across the network. Unencrypted media only stays in memory for short periods of time and is only accessible to the specific media process performing the decryption.
Measures Taken to Safeguard the Privacy of Customer Personal Data
The platform we use for Telehealth takes its responsibility to safeguard personal data seriously and has adopted organisational, technical, and contractual safeguards.
Information security is managed based on the ISO 27001 framework. Amongst other certifications, the platform has received an ISO 27018 certification and SOC II Type II certifications for SendGrid, Authy, and Programmable Voice products. Data is encrypted both in transit and at rest — the platform supports TLS 1.2 to encrypt network traffic between customer applications and the platform. Customer Data is encrypted at rest utilising industry-standard encryption algorithms.
Please let us know if you have any questions and don't forget to rate this help article below so that we can continue to improve our support to you!