Skype Security & Other VoIP Systems: The Future & How to Protect Yourself
by Marlene M. Maheu, Ph. D. on 29/03/10 at 10:18 am
As we’ve discussed in previews blog posts, Skype runs on a “Voice over Internet Protocol” or “VoIP” which apparently is the common platform for videoconferencing online. the security of VoIP-based platforms, as well as reliability are the two issues I like to explore today.
As I look for potential sources of information about the security and reliability of systems like Skype, I am dismayed to see a lack of information in our mental health literature, despite the fact that a growing number of practitioners have no hesitancy to use these systems was psychotherapy and counseling patients.
Because I’m unaware and unsophisticated about the scientific literature related to technology, my best options are Internet discussion areas and websites related to these topics. Granted, these are secondary sources, but please let me be clear that I have no intent of pursuing academic excellence in technology or engineering, as I have in mental health.
On the other hand, if any of you have more specific information than the topics I’m providing in my blog posts, please cite them below. I have several consulting clients who are asking for this information and I’m doing my best to not only access my informational resources, but also let everyone who might read this blogt know that I’m actively seeking this type of information.
Regarding the security of VoIP-based systems and our future as counselors and psychotherapists online, I’ve been read an author by the name of Herships who quotes Mr. Harry Emerson III, “The Internet has produced something akin to a gold rush experience for those mining its resources and developing its vast potentialities.” But, in the midst of this frenzy, he has observed that “fundamental requirements of privacy, secrecy, and security are seldom openly discussed when it comes to Internet-based phone services known as “Voice over Internet Protocol (VoIP) systems such as SKYPE, which are rapidly being developed” (2008).
The most commonly discussed defense I can find online against a possible attack from intruders is the construction of a firewall at both ends of VoIP systems. Firewall would provide a barrier between your computer or network and security threats such as hackers and viruses. However, as VoIP technology progresses and proliferates, factory standard firewalls are not predicted to be enough.
Fortunately, many different companies are dedicating substantial resources to closing Skype and other VoIP security loopholes to make viable videoconferencing available to large undeserved populations online. My best suggestion until the secure systems are available online would be for practitioners to meet face-to-face with initial clients or patients, then use software developed by companies such as Polycom and Tandberg to deliver their services remotely. If such installations are too expensive right now, pick up the telephone and talk to them over a secure telephone line.
To learn more about the ethical issues related to practitioners can connect online with their patients/clients using videoconferencing systems that are most often used in NIH and NIMH funded research, contact me.
Herships, J. (2008, December 27). No More Hacking. Retrieved March 11, 2010, from http://ezinearticles.com/?No-¬More-¬Hacking&id=1824342
That’s the reference I have for this topic – what’s yours? Can you provide additional information that might change my view? Please comment below.
Marlene M. Maheu, Ph.D. is the Executive Director of the TeleMental Health Institute’s Center for Online Counseling and Psychotherapy, offering CEU programs related to the practice of online counseling, psychotherapy and telepsychology. Academic books authored by Dr. Maheu and colleagues include eHealth, Telehealth and Telemedicine and The Mental Health Professional & the New Technologies.
Edward Dreyfus
May 26th, 2010
I have heard about an ACN video phone that uses ViOP but claims that because theirs is a proprietary phone, when calls are made ACN-to-ACN they are secure. From a practical point of view, and for continuity of treatment, it would be great to have face-to-face video calls with patients who are temporarily out of town. Are such phones HIPAA compliant?
admin
May 27th, 2010
Hello Ed,
Good to hear from you.
Basically, if the company doesn’t say it is HIPAA compliant, it probably isn’t. If they make such a claim, then we are a bit safer because they are on record with the Federal Trade Commission for their claims, but we’re not “home free.”
Now I am not an attorney, nor am I a techie, but from what I understand, it is important to be aware of a company’s products and claims…but those claims alone won’t necessarily protect us in a court of law if we are licensed professionals. As such, we professionals are suppose to be making a determination of the fitness of our capacities (technical as well as clinical) and services for the needs of the specific client.
In other words, a vendor’s technology isn’t likely to only going to be measured in terms of128-bit encryption. Technical issues such as reliability of the connection, who can tap into it from within the network it is using, image resolution, and other issues are also important.
BUT — the clinical issues are even more daunting, and have been resolved to a far less degree than the technical ones. The real problem is that the people we are inviting to join us via technology (whether they find us or we solicit them) or relying on our professionalism to determine the security and confidentiality of the systems we choose. They might be impaired somehow and if we fail to properly assess them, or provide emergency backup, or community support or authenticate them, along with several other key issues, we and they are vulnerable online.
For example, just because someone wants to shout their problems through our living room window doesn’t mean that we as professionals will engage him or her in such a way for treatment. Yes, the window screen probably won’t break, the glass won’t shatter, but what else is wrong with such a scenario?
The consumer public expects us to be professionals, that is, for us to define when and where we treat people, and we are expected by the courts to uphold specific standards of care. Unitl those courts get up to speed with changing the exisitng laws based onr esearch, we are vulnerable when attempoting to treat people. The best way to avoid risk is education – and document that education in your files in case somethign goes wrong and you damage someone.
Ask more questions and I’ll do my best to pop in an answer. I’d also invite other professionals to comment on this thread, and spare me a ton of typing
Kind Regards,
Marlene M. Maheu, Ph.D.
PS You will find much more about these issues in web-based courses offered at the http://CenterforOnlineCounseling.com and in my books:
1. The Mental Health Professional & the New Technologies: http://www.atpdr.com/MentalHealthProfessional
2. eHealth, Telehealth & Telemedicine: http://www.atpdr.com/TelehealthEHealthTelemedicine