Coviu – a technical deep dive for our security conscious clients
In April 2020, in light of the Covid-19 driven increase in telehealth services being offered, the Australian Psychological Society conducted a review of the main video teleconferencing platforms available to practitioners. The full report can be found here.
The Coviu relevant results can be found below. Note, those coloured blue are deemed the most secure.
What video technology is Coviu based upon?
Where are the Coviu application servers located?
The signalling and TURN servers are in several data centres around the world. As you are setting up a video call, your browser will know to use the signalling and TURN servers that are most closest located to you.ees (including our Administration team), and when other health practitioners provide personal information to Karepsych via referrals, correspondence and medical reports.
What data security does Coviu provide?
All communication between Coviu servers and Coviu users are encrypted and authenticated using a strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with P-256), and a strong cipher 128-bit encryption (AES_128_GCM). This includes any signalling data.
Within a Coviu call, all data, video and audio that is exchanged is encrypted using DTLS-SRTP between the participants.
What user data is stored and where?
Coviu only stores user signup information – none of the data that is exchanged in a video call is saved. User signup data is stored in AWS in Sydney.
Coviu does not store the identities of a guest user – the snapshot and name is only taken to identify a clilent to the Karepsych psychologist so they can more easily decide to allow a client into the call.
Is data exchanged in a call stored?
None of the audio, video or data exchanged in a Coviu call is stored by Coviu. Specifically, Coviu does not store any clinical information that is exchanged in a call. All of the video, audio or shared documents in a call are transmitted peer-to-peer only, are fully encrypted and cannot be listened into by anyone except for the call participants. That data does not even reach Coviu storage servers.
Does data in calls between my pschologist and I ever leave the country?
Coviu calls are peer-to-peer calls and fully encrypted. The endpoints of a Coviu call find the shortest connection to each other that works when setting up a call. Peer-to-peer calls of participants that are within a country will not be routed via a different country.