How to do I protect my privacy for telehealth / telemedicine appointments?

TL;DR:

I have upcoming medical appointments, and they will be via telehealth, meaning that they will be remote via video conference.

How do I best protect my privacy?
How do I share my concerns with my doctor?

My Experience with Telehealth: No Privacy-Friendly Tools

I had my first telehealth appointment 6 months ago, and it was over Zoom. There was no alternative available. First, because that’s what my doctor uses, and I am confident that she or her office has a paid Zoom subscription.

I have tried BraveTalk for one-on-one personal meetings with heads of organizations, and most of the time it was a disaster. It’s too buggy. My meetings were scheduled weeks in advance, and multiple times we’ve had to stop using Brave because it just didn’t work.

We couldn’t move to another platform because we had already wasted so much time over technical issues. I felt extremely embarrassed because I was the one who suggested BraveTalk. The people I asked to meet are also very busy people, and I felt like I wasted their time. We didn’t get to fully discuss what our meeting was supposed to be about.

Why Proton Meet won’t cut it

Ideally, I would want to use Proton Meet, which thankfully officially launched for everyone yesterday. However, the free version of Proton Meet is too limited for me, and the paid version is too expensive.

Even if I were able to pay for it, for a medical appointment, the doctor needs to be the one who hosts the meeting, not the patient. And my doctor is not going to sign up for Proton Meet just for me. Our meeting will be over an hour long.

Proton Meet is also untested, and I don’t want to waste my doctor’s time, which is precious. It took me months to schedule an appointment with her. She is extremely busy with tons of patients. She also has a unique field of specialty that would be hard for me to find elsewhere.

Doctor uses AI

Another privacy concern I have is that my doctor uses medical electronic health record (EHR) software that is powered by AI. It takes notes for her when she talks, and it might do the same when I talk. There is a good chance that our meetings will be recorded, which I don’t mind. But what I do mind is having that recording shared with third parties.

Other third parties involved

My doctor, who is highly credentialed sought, also works in academia in a lab, and does work for top universities and big foundations like the Bill & Melinda Gates Foundation. I don’t want my data being shared with the latter. With their consent, my doctor showed me over Zoom the medical records of some of her patients to help me understand the type of work that she does.

I feel like my best option is to use Zoom, but to ask for certain features to be off, if possible
There’s also no way I could ask my doctor to stop using the medical software she uses because that is standard. At best, I could ask her to disable the AI, if it is at all possible.

What would you do in my shoes?

In my view, privacy goes out the window when it comes to medical help. You can’t control how you get help nor can the doctors or the institutions make exceptions for you.

One wants help but also wants to dictate how they get help. Nah. That’s not happening. So you either have to agree to the terms of the medical service provider or not seek the same for yourself.

You have HIPAA protections. That’s all you get in the US.

Nothing. Get the help I want however I can get it and move on. I wish there was a better way.

At most I think you can do is ask your provider if there are things you can opt out from - data sharing and whatnot. That’s the only thing I can think of.

That’s an interesting take. So for you, it’s about prioritizing the care that you need above everything else. I can appreciate that.

Do you really think there is nothing patients can do to get better privacy?
Not even in the long run?

To me that’s too pessimistic, even defeatist.

If your doctor uses Gmail you’re not going to take precautions by sending them an encrypted email or password-protected PDF?

Yes. I will definitely do that.

Have you ever experienced telehealth?

I am not in the US. But like most people, I live in a country where there are data prorection laws, even for medicine. But when you have many doctors using Gmail, what do thoses laws actually mean?

I’m not sure what the concern of using Zoom would be. E2EE is ideal but it’s very unlikely for attackers to record and sift through calls like that. They’d go after the actual medical notes and any other data included on your file such as media. To me, them storing a recorded E2EE call is probably riskier than not recording a non-E2EE call. In any case, you can’t control where/how they store medical notes so you’re at their mercy in that regard.

Where I live, they allow you to opt-out of involving AI in meetings. I’d just ask to opt out of anything related to AI, data collection, and data sharing.

I’m less worried about attackers, and more about my data being shared with third parties I don’t know or trust, including Zoom the company. I don’t want any of my data, including my voice to be shared with Zoom, or any software company that my doctor uses.

I will definitely inquire about that, thank you.

Have you had any experience with telehealth?

Ah that makes more sense. Unfortunately, select instances of Jitsi Meet (such as BraveTalk) are the only practical alternative I’m aware of. I wonder if you ran into issues due to E2EE being enabled as it’s still experimental on Jitsi Meet and only works on specific platforms. Disabling E2EE may resolve the issues you ran into?

When using Zoom, I use it in a dedicated Brave or Chromium + uBOL browser profile while signed out and connected via VPN. I’m not familiar with all the forms of data Zoom collects, you’d have to read their privacy policy to be sure of how bad it is.