This document discusses how telehealth and WebRTC can expand access to healthcare. It notes that aging populations will increase healthcare needs, and preventative care through remote options can reduce costs. WebRTC allows real-time video communication directly in browsers without plugins. Examples discussed include Walgreens offering virtual doctor consultations, and remote prenatal group sessions in Georgia lowering preterm birth rates. WebRTC provides encrypted audio/video and data transmission required for telehealth privacy compliance. Overall WebRTC enables new telehealth applications like remote monitoring using sensors to transmit health data in real-time.
2. The case for Telehealth
• Aging Populations means more care
necessary
• Preventative care can reduce long
term medical system costs
• Remote or underserved populations
don’t have equal access to quality or
specialized care
• Increased patient access to mobile
devices and internet makes it viable
to serve wide populations
3. WebRTC is an HTML5 “standard” for
video communications in the browser
Look Mom!
No plugins!
I know honey,
it’s like Skype
for your
browser!
4. Walgreens adds virtual consultations
“The platform enables users
to consult virtually with
MDLIVE board-certified
physicians … these physicians
can
e-prescribe medications ....
Visits are only $49.”
Currently available in Colorado,
Washington, Illinois – 25 more
states by end of the year
Source: Walgreens Press Release
5. Improved pregnancy care in Georgia
• Underserved populations have
higher rates of pre-term babies,
and associated health problems
• 18.2% had pre-term births in
Atlanta area of case study
• Remote group consultations were
held with mothers who had due
dates in the same month
• Mothers did not need to get child
care or buy transportation to get
to the appointments
• Rate of pre-term births dropped
to 8.1%
Source: American Telemedicine Organization
7. Applications of WebRTC
• Video conferencing
• Contact Centers
• Telemedicine
• Insurance claims
• In-context
communications
• Dating/Social Media
• Gaming
• P2P Data Transfer
8. Wellbeing Consult
• Search for
therapist
• Schedule
consultation
• 1-1 Video Chat
• Invoice
patients
Developed by WebRTC.ventures using TokBox’s WebRTC platform
9. Maven App
• A network of medical
care for women
• Specialization is a solid
strategy to consider
• Add value beyond just
video chat
11. WebRTC and Telehealth
• All Traffic is encrypted –
required for HIPAA
compliance
• Peer to Peer means there is
no intermediary server to
hack
• No plugins required* -
allows for quick, in-context
communications
* Chrome, Firefox, Opera, and soon Microsoft Edge do not require plugins
for video. Plugins always required for screen sharing in WebRTC apps.
12. Security in WebRTC
• Video/Audio/Data encrypted
in-transit
• Permissions required for
Video/Audio
• Under SSL, those permissions
are only required once
• The DataChannel alone does
not require permissions
(currently)
• Screen sharing requires a
browser plugin
13. Other technical HIPAA considerations
• Data Encryption at rest
• Encryption of data in
transit (WebRTC + SSL)
• Access controls
• Automatic log-offs
• Auditing measures
• PHI protected
14. Negatives of WebRTC
• IE/Safari Not supported
• Mobile browser support
is poor, need native
apps
• Doesn’t scale to large
conversations
15. • TokBox provides:
– Mobile API’s
– Global infrastructure
– Automatic quality controls
– Encrypted media &
signaling
– Firewall Traversal
– Video archiving
• HIPAA compliance is
possible on top of TokBox,
but requires good
practices
• TokBox has released best
practices for compliance
17. Data Channel Use Cases
• Text Chat
• File Transfer
• Real-time data
communications for
Sensors, Data
Dashboards, etc
• Gaming
• Content Delivery
Networks
18. Sensors in Telehealth
• Telehealth is about more
than video consultations
• Remote sensors can add
data to a consultation, or
provide remote
monitoring
• WebRTC’s Data Channel
one option to transport
this data securely
19. Heart Rate Monitoring/Notification
• App we built at
TADHack
• If heart attack is
detected, sends SMS
and calls your loved
ones automatically
• Could be used to trigger
video or send data as
well
The encryption used is an AES cipher with 128-bit keys to encrypt audio and video, plus HMAC-SHA1 to verify data integrity.
For real-time digital communication of patient information, HIPAA requires that the communication channel be properly secured to protect patient confidentiality. TokBox ensures secure transmission by using:
Secure Connection: The sessions established are secure (with secured tokens that are regenerated). Random AES keys are generated by clients at the beginning of the media connection and, to increase security, additional keys are generated periodically throughout the session.
Data Transmission and Encryption: OpenTok employs Transport Layer Security (TLS) to encrypt both voice and video data. The core protocols used are SRTP for media traffic encryption and DTLS-SRTP for key negotiation, both of which are defined by the IETF. The endpoints use AES cipher with 128-bit keys to encrypt audio and video, and HMAC-SHA1 to verify data integrity.
https://tokbox.com/industry/healthcare
https://support.tokbox.com/hc/en-us/articles/204951444-What-other-security-features-does-TokBox-offer-to-a-developer-to-assist-in-building-a-HIPAA-compliant-application-
http://www.tokbox.com/blog/wp-content/uploads/2015/06/Best-Practices-Securing-your-OpenTok-Application-June2315.pdf