They happen on screen.

And here’s the uncomfortable question most organisations aren’t asking:

Is your virtual meeting room as secure as your physical one?

For millions of UK workers, video conferencing isn’t just a tool anymore. It’s the central nervous system of their organisation. Team standups, client pitches, contract negotiations all flow through platforms like Zoom, Teams, and Webex.

But that convenience has come at a cost.

Every call you make is a potential entry point for security threats. A single breach can expose sensitive data, destroy client trust, and land your organisation with a hefty fine from the ICO.

The good news? You can lock things down. And it doesn’t require a PhD in cybersecurity.

As a vendor-agnostic integrator with over 20 years’ experience configuring enterprise video conferencing platforms and accredited partners of Zoom, Microsoft, Cisco, Poly, and more we’ve seen first-hand how these vulnerabilities play out. 

In this guide, we’ll walk you through the real-world threats targeting video calls right now, a practical multi-layered defence covering your platform, your people, and your processes, and how to build a culture of security that actually sticks.

Let’s get into it.

Why Securing Your Video Calls is Non-Negotiable

Here’s a stat that puts things into perspective:

According to the Office for National Statistics, 28% of working adults in Great Britain now follow a hybrid model, working both from home and the office.

That means more sensitive data is being transmitted outside the traditional office network than ever before. And much of it flows through video calls.

Think about what gets discussed on a typical week of calls:

• Financial results and forecasts
• Intellectual property and product roadmaps
• Client-confidential or patient-confidential information
• Legal and HR discussions
• Strategic M&A activity

Now imagine any of that falling into the wrong hands.

What a Breach Actually Looks Like

It’s not just about someone listening in on a call. The knock-on effects are brutal:

• Financial loss: Direct theft, industrial espionage, or competitors gaining an unfair advantage from leaked strategy.
• Reputational damage: Once clients and partners lose trust, winning it back is an uphill battle.
• Regulatory penalties: The Information Commissioner’s Office (ICO) doesn’t mess about. Under UK GDPR, breaches can result in fines of up to £17.5 million or 4% of annual global turnover whichever is greater.
• Operational disruption. The downtime alone can be crippling, never mind the cost of remediation.

The threats have evolved. What started with relatively unsophisticated “Zoombombing” strangers gatecrashing meetings to cause disruption has matured into targeted corporate espionage and deliberate data exfiltration.

This isn’t theoretical. It’s happening right now.

Know Your Enemy: Common Video Conferencing Vulnerabilities

Before you can defend against threats, you need to understand them.

Here are the five most common vulnerabilities we see across client environments:

1. Unauthorised Access

How it happens: Re-using personal meeting IDs, skipping passwords, or sharing meeting links in public forums like Slack channels or social media.

The risk: Uninvited guests can listen in on confidential discussions, disrupt meetings, or share malicious content.

This one’s surprisingly common and surprisingly easy to prevent.

2. Eavesdropping and Man-in-the-Middle Attacks

How it happens: Attackers intercept unencrypted data, often when someone joins from an insecure network like public Wi-Fi.

The risk: Your entire conversation video, audio, and chat can be captured without anyone knowing.

If your data isn’t encrypted in transit, it’s essentially being broadcast.

3. Platform and Software Vulnerabilities

How it happens: Attackers exploit security flaws in the video conferencing application itself, or in the firmware of the hardware you’re running it on.

The risk: This can lead to remote code execution, malware installation, or even full system takeover.

This is why timely updates are critical. Every patch you delay is a window left open.

4. Insider Threats

How it happens: An employee either maliciously or accidentally leaks a meeting link, shares a recording with the wrong person, or forwards sensitive chat logs.

The risk: A significant percentage of data breaches originate from inside the organisation. Not every threat comes from a shadowy hacker.

5. Insecure Data Storage

The question you should be asking: “Where are our call recordings, transcripts, and chat logs stored? Who has access? And for how long?”

The risk: Data stored in non-compliant locations or without proper access controls is a sitting duck. If you can’t answer those questions confidently, you’ve got a problem.

What We’re Actually Seeing in Client Audits

Before we get into the practical checklist, it’s worth sharing what our consultants are finding when they assess organisations’ video conferencing setups.

When we audited a 200-person professional services firm last year, we found that over 60% of their scheduled meetings were using a default Personal Meeting ID with no passcode set. Their E2EE wasn’t enabled despite being available on their platform and call recordings were being saved to individual laptops rather than a centralised, access-controlled location. Within three weeks of implementing our recommendations, they had eliminated unauthorised access incidents entirely and brought their recording storage into compliance.

It’s a pattern we see repeatedly: the platform itself has the security features built in, but nobody has configured them properly. That gap between what’s available and what’s switched on is where most of the risk sits.

Your Multi-Layered Defence: A Practical Security Checklist

Right, here’s where we get practical.

Securing your video conferencing isn’t about doing one big thing. It’s about layering multiple defences so that if one fails, the next one catches it.

Think of it like a castle you don’t just have the outer wall. You’ve got the moat, the drawbridge, the inner keep, and the guards.

Layer 1: Choose the Right Platform and Configure It Properly

This one’s for the IT decision-makers.

Go enterprise-grade: 

There’s a world of difference between consumer and business-focused platforms. Enterprise solutions give you the admin controls you need to enforce security across the board.

Enable End-to-End Encryption (E2EE): 

In plain English, E2EE means only the participants in the meeting can decrypt and access the conversation. Not even the service provider can listen in. Major platforms like Zoom, Microsoft Teams, and Cisco Webex all offer E2EE but here’s the catch: it often needs to be explicitly enabled by an administrator. It’s not always on by default.

Set up robust access controls:

• Waiting rooms enabled by default to vet every attendee before they join.
• Mandatory passcodes are complex and unique for each meeting.
• Domain-based joining only allows users from your company’s domain to join automatically.

Use a centralised admin console. You need the ability to set and enforce security policies across the entire organisation. This includes disabling high-risk features like local recording or third-party file sharing if they conflict with your security policy.

Check compliance certifications. Look for platforms certified against standards like ISO/IEC 27001 and SOC 2. These aren’t just badges, they’re evidence of rigorous security practices.

Layer 2: Implement Secure Meeting Protocols

This is where office managers, facilities managers, and team leads come in.

Before the call:

• Never use a Personal Meeting ID for scheduled meetings. Always generate a unique meeting ID.
• Distribute links securely via calendar invites, not on public channels.

During the call:

• Assign a host or co-host who’s responsible for security during the meeting.
• Lock the meeting once all expected attendees have joined. This stops anyone else from getting in, even with the link.
• Manage participants mute on entry and control who can share their screen.

After the call:

• Store recordings securely. Use an access-controlled location like Microsoft SharePoint or a secure company server. Not on someone’s laptop.
• Implement a retention policy. Automatically delete recordings after a set period. The less data you hold, the less there is to steal.

Layer 3: Secure the Environment (Hardware, Network, and Device)

The platform can be bulletproof, but if the environment around it is weak, you’re still exposed.

• Network security: Advise staff to avoid using public Wi-Fi for sensitive calls. When it’s unavoidable, a corporate VPN is essential.
• Keep firmware updated: Certified hardware from vendors like HP/Poly, Yealink, Logitech, and Cisco receives regular security patches. These must be applied promptly. Delaying updates is one of the most common and most avoidable mistakes we see.
• Secure the end-point device: The laptop or mobile phone joining the call is a critical vulnerability. Ensure all devices have up-to-date operating systems, active anti-malware software, and a firewall enabled. Encourage physical security, like not leaving a laptop unattended in a public place.
• Consider dedicated meeting room hardware: There’s a strong case for professionally installed, dedicated appliances over a patchwork of personal laptops. They’re more secure, easier to manage centrally, and far more reliable. BYOD setups introduce variables you simply can’t control.

Creating a Culture of Security

Here’s the thing: you can have the best technology and the tightest protocols in the world. But if your people aren’t on board, none of it matters.

Your people are your strongest defence or your biggest vulnerability.

Here’s how to get the culture right:

• Write a clear Acceptable Use Policy: Your organisation needs a formal, easy-to-understand policy for video conferencing. If it’s buried in a 60-page IT handbook, nobody will read it. Keep it concise and accessible.
• Invest in continuous training: Security isn’t a one-time memo. Run regular, brief training sessions to keep best practices fresh and flag new threats. Little and often beats a yearly lecture.
• Lead by example: If senior leadership ignores security protocols, everyone else will too. It starts at the top.
• Have an incident response plan: If a meeting is compromised, what happens next? Who gets notified? How do you end the session securely? Having a clear plan means you respond quickly rather than scrambling.

From Vulnerable to Secure

Let’s recap.

Securing your video conferencing comes down to a multi-layered defence:

1. The right platform, properly configured with E2EE, access controls, and centralised management.
2. Secure protocols before, during, and after every call.
3. A secure environment, covering your network, hardware, and end-user devices.
4. Educated, security-aware people backed by clear policies and regular training.

Get all of these right, and you’ve built a defence that’s genuinely robust.

But we’ll be honest navigating the options, configuring platforms correctly, and integrating hardware securely across your organisation can be complex and time-consuming. It’s a lot to get right on your own.

That’s where we come in.

At VideoCentric, we take a vendor-agnostic approach. We’re not here to push a particular product. We’re here to find the solution that’s right for your organisation—not ours. Our consultants can assess your current setup, identify vulnerabilities, and design a security strategy tailored to your needs.

Book your free, no-obligation consultation today and get proper confidence in your communications.

Recently, Techzine published an article titled Yealink delivers secure collaboration with Microsoft’s MDEP (July 3, 2025), highlighting how this partnership is setting new standards in video conferencing security and device management. Here, we’ll expand on those insights and explain why it matters for organisations investing in Microsoft Teams Rooms and Yealink solutions.

What is Microsoft’s Device Ecosystem Platform (MDEP)?

MDEP is Microsoft’s next-generation device management and security platform designed specifically for Android-based collaboration devices, such as Microsoft Teams Room panels, video bars, and desk phones.

Unlike standard Android deployments, MDEP provides:

• Enterprise-grade security with hardware-backed attestation and Microsoft PKI.

• Seamless integration with Microsoft Intune and Azure AD (Entra ID) for identity, policy enforcement, and compliance management.

• Single Sign-On (SSO) and multifactor authentication (MFA) for enhanced access control.

• Zero-touch provisioning and Autopilot integration to simplify large-scale deployments.

In short, MDEP delivers the Zero Trust security model enterprises need for hybrid work—ensuring every device is verified, compliant, and centrally managed.

Why Yealink is Leading the Way with MDEP

As one of the first device manufacturers to fully embrace MDEP, Yealink’s Microsoft Teams-certified devices—including the MeetingBar A30/A40, Teams Panels, and desk phones—are now among the most secure and manageable on the market.

Key benefits include:

• End-to-End Encryption with Remote Key Provisioning (RKP)
  Ensures device keys are securely generated and distributed, protecting against tampering and man-in-the-middle attacks.

• Zero Trust Authentication & Compliance
  Only trusted, Microsoft-certified apps can run on Yealink MDEP devices, while IT teams can enforce policies through Microsoft Intune.

• Centralised Device Management
  From one dashboard, IT administrators can monitor firmware versions, enforce encryption standards, and block non-compliant devices.

• Lifecycle Security
  Yealink supports zero-touch deployment, automatic OS updates, isolation via containerisation, and secure retirement—covering every stage of a device’s lifecycle.

For enterprises rolling out Microsoft Teams Rooms or standardising on Teams-certified video devices, Yealink plus MDEP offers both peace of mind and operational efficiency.

Expanding the Ecosystem

Yealink is not alone in this movement. Other leading providers—such as Jabra, MAXHUB, and Barco—are also developing MDEP-enabled devices, expanding the choice of secure video conferencing solutions available to IT leaders.

This rapid adoption highlights MDEP’s role as the foundation for future collaboration devices, ensuring long-term security, compliance, and performance across distributed workplaces.

Why It Matters for Your Organisation

• IT Leader: MDEP reduces risk by giving you complete control over your device ecosystem with real-time compliance monitoring via Intune.

• Security Teams: MDEP enforces Zero Trust architecture, protecting against firmware tampering, malware, and unauthorised access.

• End Users: Seamless Microsoft Teams experiences—secure, reliable, and consistent across every meeting space.

Conclusion

As hybrid work continues to reshape the workplace, businesses need secure collaboration platforms that combine ease of management with enterprise-grade protection.

By leveraging Microsoft’s Device Ecosystem Platform (MDEP) with Yealink Teams-certified devices, organisations can unlock:

• Simplified deployment and management

• Stronger security and compliance

• Scalable, future-proof collaboration

To learn more, see the original Techzine article: Yealink delivers secure collaboration with Microsoft’s MDEP

or Chat with our Technical Team Today!

This blog will explore key security concerns in video conferencing and delve into essential measures that businesses should prioritise to protect sensitive information and foster a secure virtual collaboration environment.

Encryption

Encryption serves as the cornerstone of video conferencing security. It involves the conversion of data into a secure code to prevent unauthorised access. Two main types of encryptions are crucial in video conferencing:

• End-to-End Encryption (E2EE): This type of encryption ensures that only the participants involved in a meeting can access the transmitted data. Even the service provider cannot decrypt the information. Implementing E2EE enhances confidentiality and protects against eavesdropping.
• Transport Layer Security (TLS): TLS encrypts data during transit, safeguarding it from interception. Video conferencing platforms should use strong TLS protocols to protect against man-in-the-middle attacks and unauthorised access during transmission.

Authentication

Authentication mechanisms are vital for verifying the identity of participants and preventing unauthorised access to virtual meetings. Businesses should prioritise the following authentication measures:

• Multi-Factor Authentication (MFA): MFA adds an extra layer of security by requiring participants to provide multiple forms of identification, such as a password and a unique verification code sent to their mobile device. This significantly reduces the risk of unauthorized access.
• Meeting Passwords: Enforcing unique and strong passwords for each meeting adds an additional layer of security. Participants must enter the correct password to join the session, reducing the likelihood of unauthorized individuals gaining access.

Secure Configuration and Access Controls

Configuring video conferencing tools securely and implementing access controls are essential to mitigate potential vulnerabilities. Businesses should:

• Regularly Update Software: Keep video conferencing software up to date to patch vulnerabilities and ensure the latest security features are in place.
• Role-Based Access Control (RBAC): Assign specific roles and permissions to participants based on their responsibilities. Limit access to sensitive features and data, reducing the risk of unauthorised actions.
• Waiting Room Feature: Utilise a waiting room where participants must be approved before joining a meeting. This prevents unauthorized individuals from entering without the host’s consent.

Data Privacy and Compliance

Addressing data privacy concerns is critical, especially with the increasing regulatory landscape. Businesses should consider:

• Data Encryption at Rest: Encrypt stored meeting data to protect it from unauthorised access even when not actively in use.
• Compliance with Regulations: Ensure that the chosen video conferencing platform complies with data protection regulations such as GDPR, HIPAA, or other industry-specific requirements.

As businesses continue to embrace virtual collaboration through video conferencing, prioritising security measures is imperative. Implementing robust encryption, authentication mechanisms, secure configurations, and adherence to data privacy regulations are key steps in mitigating security risks. By adopting a comprehensive approach to video conferencing security, organisations can foster a safe and confidential virtual meeting environment for their teams, clients, and partners.

To discuss your specific security needs or concerns contact our Sales Team Today! 

In the past few months, the Lifesize Collaboration Service has been transported across to a brand new global cloud service architecture. Named the Galaxy platform, ensuring the future of growth and reliability of the service for customers around the globe.

This new 4K global cloud service architecture has been built from the ground up to provide:

• Greatly improved reliability and fault tolerance
• 4K dual stream conferencing
• The ability for future features to be delivered rapidly and effectively
• Media flowing of 4K at full frame rate
• High resolution broadcasting and higher quality recording
• Hugely enhanced current features including VMR sizes
• Larger directories, groups and permissions
• Near real-time reporting and alerts

Whilst it’s important to provide the newest, latest and greatest features and the flexibility required in today’s SaaS (Software as a Service) world. What is most important is that it meets and exceeds the essential security and robustness requirements of the modern business. Here’s a summary of Lifesize security and privacy features. For more information on security and privacy of various SaaS collaboration platforms, Contact Us!

Secure Foundation

All of the Lifesize calling capacity is hosted within the Amazon Web Services (AWS) data centres. This provides a highly secure foundation based upon the most mature public cloud offering in the world. The elastic capabilities of AWS enables Lifesize to adjust to customer needs and provide new and improved services extremely quickly, and with the Amazon Web Services data centres leveraging independent third-party certifications for privacy and security, including ISO 27001, Cyber Essentials Plus and SOC, customers can be comfortable that the Cloud platform is running upon the most resilient and secure base available in the marketplace today.

The Lifesize cloud-based service is operated in secure AWS data centers in North America, South America, Europe, Oceania and two locations in Asia. Lifesize calling capacity is hosted exclusively in AWS. Lifesize room systems and client software will automatically create conferences in the optimal AWS data center based on the location of the initial members of the conference. Recordings of conferences are stored in the AWS data center where the conference was hosted. They are not replicated outside of that AWS data center.

Secure Operation

The Lifesize Service runs entirely independently from the Lifesize corporate environment, and the processes and controls include:

• Source code scans for common vulnerabilities
• A build and CI process that only accesses the external source code repository and never engineers computers
• CI environment promotes container images to staging QA environment, completely isolated from the production environment
• Very constrained access controls to all systems in the code development pipeline
• Regular penetration testing by industry recognised and independent third party on the production environment

Secure Room Systems

The Lifesize Icon room conferencing systems are built upon decades of Video Codec and meeting room security knowledge, built from the ground up with security as one of the main architectural requirements.

Systems are engineered exclusively for Video Communications, as pooposed to component-based kits on general purpose operating systems. The closed-box design does not allow others to use and/or add their own applications.

The softwarre is encrypted as it is downloaded onto the system, and releases include third-party intrusion testing to ensure search out any possible vulnerabilities.

Video Calling

The Lifesize Cloud service, Icon room systems and Cloud client software provide secure and encrypted video, audio, presentation and call setup (signaling) in every call, from end-to-end.

Admins and users have no ability to disable encryption, and all calls are encrypted with no compromise in quality. By employing WebRTC, encryption is mandatory and applies to both signaling via DTLS and media via AES-128/SRTP. Plus third-party systems will join video calls in a secure fashion when configured for either H.235 or SIP TLS encryption.

Meeting Security & Access Control

Lifesize offers several features to keep meetings secure:

• Passcodes can be used to secure meetings.
• One-time meetings allow for a single-use meeting that is deleted following the event and cannot be reused. One-time meetings are always hidden from the directory.
• Permanent meetings can be hidden from the directory.
• Call escalation allows users to actively accept or reject new participants into a meeting.
• During a meeting, a moderator can remove or mute individual participants from a call.
• During a meeting, a moderator can remove or mute all participants from a call.
• During a meeting, a user may mute their own audio and/ or video.

Licenced users can be assigned one of three roles within the Lifesize app – A User, A Superuser or an Administrator. Each role has particular permissions including placing calls, controlling in call features, creating and owning meeting, customising layouts, enabling and making recordings, configuring single sign on, managing the directory and managing room systems.

Firewall/NAT Traversal

The Lifesize architecture allows you to keep your Lifesize room systems and client software safely behind your firewall and manages firewall traversal through our global service.

Lifesize room systems and client software do not require any firewall ports to be opened inbound from the internet. There is also no longer a need for static public IP addressing or complicated static NAT and port-forwarding firewall configurations. This allows you to maintain your existing perimeter posture and protects your users and devices from SIP and H.323 nuisance calls that are common on the open internet.

Lifesize only makes use of outbound TCP/UDP connections for call signaling and media. These TCP/UDP connections are always initiated by the Lifesize room system or client software in order to establish pinholes and dynamic port address translations. These connections are directed only to our global service resources on a specific list of published FQDNs, allowing for tightly crafted firewall rules. Lifesize manages these FQDNs and controls their Time to Live (TTL) so they are always current.

User Information

Lifesize stores only basic information for each of our customers’ user accounts. Should you choose to leave the service, this information will be deleted 180 days following the end of your contract.

Recording, Streaming and Sharing

The Lifesize Stream, Record and Share features are an additional option for organisations, with recordings also stored within the AWS data centres.

• Lifesize Record and Share is available to subscribers of the Lifesize cloud-based service. Record and Share is disabled by default and must be purposefully enabled by an administrator before users are able to record any calls.
• Content distribution may be restricted to only your own organisation.
• Lifesize Live Stream and Record and Share are encrypted using AES-128 for data in-flight (streaming, recording, or playback) and AES-256 for data at rest (storage).
• Lifesize Record and Share is hosted on AWS, which is designed for security across all geographies and verticals.
• Initiation of recordings requires manual intervention whereby a user of the Lifesize cloud-based service must activate the feature to record the conference session.
• An on-screen notification will be displayed to all video participants taking part in the conference to notify users that the call is being recorded and by whom.

For more information about the Lifesize Service, it’s security features, or to arrange a specific discussion with Lifesize and VideoCentric Technical Engineers to discuss particular security concerns or challenges for your business, get in touch with us today.

However many have questioned whether Skype can be used, securely and confidentially, in the world of healthcare, and whether it meets the strict requirements for data storage and sharing in the NHS and UK Healthcare sector, alongside whether the quality of service required for effective remote consultations can be met.

By simply viewing the easily accessible terms, conditions & policies of Skype, there are quite a number of points that should raise some red flags regarding security & usage in healthcare:

• Skype has the rights to data that is transmitted, & can review the data at it’s own discretion
• Data can be monitored via digital wiretapping, if required, by government organisations
• Skype does not provide audit trails or notifications in case of a breach, which can therefore go completely undetected
• There is no specific Service Level Avalability for Skype, so quality cannot be guaranteed

In the world of healthcare, it is well known that controls such as auditing, backups and breach reporting are extremely important, and that organisations should always make the best efforts to ensure privacy through applying measures in both administration and technology that prevents unauthorised or inappropriate access or use. So are these controls in place, and best efforts being made at Skype? Unfortunately, it doesn’t seem so.

“Skype is not looking after the privacy of your client data, therefore it shouldn’t be used to communicate about mental health issues.”

Dr. Kate Anthony, Fellow of the British Association for Counselling and Psychotherapy

HIPAA Compliance?

In the United States, the Health Insurance Portability and Accountability Act 1996 (HIPAA) is a legislation that provides data security and privacy provisions to ensure the safeguarding of medical and patient information. HIPAA compliant platforms ensure that conversations are kept confidential, and all healthcare providers now legally have to comply to this gold standard of security and privacy for health data. Skype representative, Harvey Grasty, openly stated that:

“Skype is not a business associate subject to HIPAA nor have we entered into any contractual arrangements with covered entities to create HIPAA compliant privacy and security obligations.”

Harvey Grasty, Skype

One of the leading concerns for healthcare professionals using Skype is both the lack of compliance with HIPAA, and the fact that Skype has previously publicly stated that is does not wish to become HIPAA compliant. Skype is regularly found to be used by therapists and councillors around the world, generally due to it’s free Skype-to-Skype ability, however the lack of obligation to HIPAA compliance leaves possible vulnerabilities where data and information could be viewed or misused, or distributed in ways unacceptable to healthcare professionals and patients.

Now no-one believes Skype wants to put patient data at risk or do anything malicious to undermine security within healthcare. But is everything being done that could be done to protect this data? Not one bit. And they aren’t meant to – personal and private information sharing is not what the service has ever been designed to transmit, and therefore HIPAA compliance isn’t of importance.

If you opt to use Skype to communicate with patients, be aware of the risk that HIPAA rules may be violated

American Psychological Association Practice Central

Although HIPAA compliance is not required in the UK, the fact that a solution is not compliant means that it does not meet the standards set out within the legislation, designed to protect patient data and confidentiality, and to ensure access is monitored, data breaches are prevented, and risks are regularly reviewed and amended to safeguard individuals and clinicians.

The NHS & Skype

Skype is used in a number of trusts around the UK to enable simple consultations for many patients who require remote access. Skype can be used to facilitate remote consultation at no cost to the patient using an interface the patient is already familiar with. The NHS have published many guides to using Skype for these consultations, and shows that clinicians should:

A) Not use where quality must be guaranteed

As there is no specific Service Level Availability or guarantee of service for Skype, it should never be used for emergency responder type calls, where it is important that the call connects and lasts every time, as a replacement for other communication tools, or where quality (and regularity of quality) is important, such as board meetings, MDT meetings,training & sessions with patients where visuals are important. Video Conferencing tools can be highly beneficial for diagnosis of disease, direct sharing of imaging (such as Cardiovascular & radiology imaging), teaching speech & for those hard of hearing, and it is extremely important that professional technology is used to ensure consistently high quality video, audio and data.

B) Not use where security is important

Skype users peer to peer protocols, making centrally controlling or recording conversations very difficult, and consultants are recommended not to record the meeting via Skype due to this issue. If the video stream should be recorded, which can be very important for revisiting during more indepth diagnosis, secure recording servers should be implemented on the network, designed for this purpose.

Some aspects of Skype design also uses proprietary protocols – ones that are not Internationally recognised and designed/used by that specific manufacturer rather than through consortiums & the International community. The NHS and others generally believe this to be considered a security risk as proprietary protocols are often not secure by design. Proprietary protocols also cause other difficulties such as not being able to communicate with standards-based systems. If security is important, standards-based, professional technology designed with security in mind and integrated properly into your secure network should be considered instead.

C) Use Pseudonym Usernames

As Skype has an open address book, anyone can find any other Skype user, whenever they like. Therefore, it is recommended that doctors and clinicians use pseudonyms for usernames, rather than their surgery or real name, as they may find themselves overrun with video calls of which they have no control. Through scheduling systems, tailored professional solutions with SDKs and special network implementations, this can be prevented, or “meet in the middle” style meeting spaces may be more beneficial, so that the doctor can call into the Virtual Meeting Room , such as ProHealth VMRS, only when they are ready.

Overall, it seems that Skype can be used in some consultations, where quality of service and security is not paramount, and free, quick access for patient to GP is a leading factor in the reason for remote communication. If they are carried out, the clinicians should be highly aware of the risks associated with free VoIP calls and make best efforts to minimise these risks, along with ensuring that the far end patient also understands the risks of sharing data online in this way, before the Skype meeting takes place. However if quality, security and data confidentiality is important, organisations should be looking to utilise technology designed for purpose – standards-based, HIPAA compliant, professional and supported with teams knowledgeable in communications and your network.

More information?

• Is Skype HIPAA Compliant? If not, what is?
• HSCIC NHS & QIPP: A brief Guide to Skype Remote Consultations
• Authority Figures Oppose the use of Skype for Online Therapy

Back to Blog >>