Skype hype and FUD

I recently started a job where I encourage doctors, aged care facilities and Aboriginal Medical Services to take up telehealth. For the purposes of the job, telehealth is simply a video conference between a patient and a specialist. This saves them having to travel long distances to get treatment and is very handy in rural and remote areas.

But I found that  there is an IT battle raging more fiercely than the long-running Windoze vs Crapple> It is the fight about Skype.

This highly successful, functional and near ubiquitous program is the devil incarnate for some IT/telehealth workers and I wonder why.

Far from being a Skype evangelist, I am technologically agnostic. I like the advice given by the Rural Doctors Network which basically advises people to use something they are familiar with, whether it is Skype, Google video, Facetime or Facebook’s video client.

The Royal Australian College of General Practitioners  (RACGP) who were originally a bit cold on Skype have now warmed a little saying that it is suitable for telehealth if you take reasonable precautions. The precautions they suggest are a little strange and demand a level of security that is not expected or enforced in alternate methods of communication.

For example, the RACGP says “Skype has an open access address book (directory), which means that anyone, anywhere with an internet connection can search for anyone published in the Skype directory. The RACGP advises that if Skype is used for video consultations, you consider creating a slightly encrypted user name (ie pseudonym) and avoid a username like Dr John Smith, Townville.“ (Their emphasis)

There exists a resource called the white pages. This is a telephone directory that anyone can pick up and read and dial anyone listed in that telephone directory. I wonder if the advice of the RACGP in the 1880s was for GPs to get telephones registered under a pseudonym? I think not.

But of course the RACGP seems to ignore the fact that, unlike the telephone, just because people can see your listing in Skype, doesn’t mean they can call you. You can set the privacy settings in Skype so only people in your contact list can call you. Something I wish could be done with a telephone.

The RACGP also advice “Medical content, such as still images or desktop screen shots are not exchanged during a video consultation using Skype.” There is no real satisfactory explanation for this advice. Skype is a point to point communication system that uses 256 bit encryption for all its communication including video, IM and file transfers. As well as being encrypted, such information can also be easily de-identified. If you are talking to the specialist and about to transfer a file, you can say “I am just sending you an image of Mrs Smith’s colon” without that image needing to be labelled as such. The alternative is to send the message using Argus-encrypted email which offers the same level of security (although you will probably need to have some identifying data in the email). If both options are just as secure, why is one of them not recommended?

But of course, while many medical images and reports are delivered electronically, so many of them are still delivered either through the mail or sent with the patient. Both methods use plain text with identifying data and in the case of the mail, the message is handled by many people, anyone of whom could read the message. It the security standards expected for telehealth were applied to the old world method of delivery, the medical images would be written in invisible ink in a locked briefcase hand-cuffed to the patient who would be accompanied by an armed guard.

Other criticism of Skype is that anyone can create an account and could set up on account pretending to be a doctor. The telephone comparison comes to the fore again here. Anyone can set up a telephone account in any name. Some years ago, the Sydney white pages had a listing for a Z Beeblebrox and I am certain it was not the two headed, three armed inventor of the Pan Galactic Gargle Blaster. Talking to him on the phone it was hard to tell, but with a video link, the deception would have been obvious

The ‘impersonation furphy’ completely ignores the fact that you would have prior phone or email communication with the other party and clearly establish the correct Skype account to link to.

Finally we come to the dreaded supernode. Skype is a peer to peer system that routes traffic via what are known as supernodes. The Skype opponents say that any Skype client can become a supernode, routing the traffic of thousands of Skype users and leaving you with a huge data bill. Although this can happen, it is very rare and completely avoided with a few precautions.

Firstly. a Skype client can only become a supernode if it is directly connected to the internet. If sits behind a router and has a private IP address (eg, the 192.168, 172.16, and 10.0. addresses), it cannot become a supernode. This would be the case for any practice with more than one computer.

Secondly, a client only becomes a supernode after being connect continuously for several days. Switching your computer off at the end of the day will prevent this.

Thirdly, there is a registry setting in the Windows to prevent a client becoming a supernode even if the other two conditions are met.

So having seen how most of the anti-Skype security arguments are either myths or easily mitigated, I am yet to be convinced of a valid reason not to use it. While many people say it is ‘not secure’ I have not been shown a single documented case of someone successfully eavesdropping on a Skype video conference. Unless of course you include the easy method suggested by the Rural Doctors Network, which is to listen at the doorway of a surgery.

Having sat in the waiting room and heard the loud conversations of a patient on several occasions, I know this risk is not limited to telehealth.

One Comment

  1. Excellent job of cutting the crap

Comments are closed