Speex is open source, optimized for speech and has lower bandwidth requirements.
The sample rates available depend on the selected codec. When you use the Nellymoser codec, you can specify 5, 8, 11, 16, 22 and 44 kHz as the sample rate. When you use Speex codec (available starting in Flash Player 10 and Adobe AIR 1.5), you can only use 16 kHz. (Adobe documentation)
Considering these, for speech based video conferencing Speex is recommended but for other type of audio (ex. music), NellyMoser should be used.
Here are the bandwidth requirements for different quality levels:
|Quality (encodeQuality)||Required bandwidth in kbps|
|Quality (mic rate)||Required bandwidth in kbps|
To obtain transfer in kb/s divide kbps value by 8. Total transfer is added to file size when recording. Ex: Speex 9 generates extra 4275 b/s transfer. NellyMoser 22 generates extra 5512b/s transfer. When broadcasting, total stream size should be less than maximum broadcaster upload speed (multiply by 8 to get bps, ex. 50000b/s requires connection higher than 400kbps). Do a speed test from broadcaster computer to a location near your streaming (rtmp) server using a tool like SpeedTest.net . Drag and zoom to a server in contry/state where you host (Ex: central US if you host with VideoWhisper) and select it. The upload speed is the maximum data you'll be able to broadcast.
Neither Speex or NellyMoser are supported on iOS. Live streams (over HLS) and videos can be distributed to these devices after transcoding/converting sound to AAC. This is possible with VideoWhisper applications and editions (ex. Live Streaming, Video Recorder) that can convert videos and live streams with FFMPEG.
HIPAA is the federal Health Insurance Portability and Accountability Act of 1996. The primary goal of the law is to make it easier for people to keep health insurance, protect the confidentiality and security of healthcare information and help the healthcare industry control administrative costs.
Data sent by clients is communicated with hosting server, not software provider. Security compliance requirements refer to site and hosting setup.
Here are some considerations/ideas for building a HIPAA compliant video streaming / conferencing service:
Secure Streaming Data for Videoconferencing Applications
- Video streaming occurs between client applications and streaming server (host) and access to applications can be restricted based on authentication.
- Additionally, transfers can be protected and data encrypted using RTMPE/RTMPS on a dedicated Wowza server .
- User streaming to server can be archived as video files on RTMP server. Access to video archives and text chat logs needs to be restricted. If folders containing these are publicly accessible, restriction can be applied with a .htaccess file (that can be generated with CPanel folder protect feature).
These mentions also apply to VideoWhisper video streaming and conferencing applications.
- You need to host your WordPress site with a hosting provider that provides HIPAA compliance and who will sign your HIPAA Business Associate Agreement. This means that HIPAA WordPress hosting with regular providers like GoDaddy is not possible right away.
- Using a dedicated server managed by your own administrators or a HIPPA provider is best.
- If server or site software is setup by a 3rd party provider, passwords need to be changed and your own staff needs to review changes before using site for sensitive data.
Secure HTTP (HTTPS)
- Get a SSL certificate and dedicated IP address for your web site so that traffic to/from it can be encrypted in transit.
- Ensure that your WordPress site cannot be accessed without SSL (.htaccess redirect)
Restrict Access to Electronic Protected Health Information (ePHI)
Electronic protected health information (ePHI) refers to any protected health information (PHI) that is covered under Health Insurance Portability and Accountability Act of 1996 (HIPAA) security regulations and is produced, saved, transferred or received in an electronic form.
Protection depends on site setup, staff and operation procedures.
- Ensure that ePHI is never publicly available –users must login to access that content.
- Ensure that users with access to ePHI are properly granted / revoked access by your HIPAA administrators.
Ex: It should not be possible for someone to sign-up and get access without explicit review / approval.
- Ensure that users have access to only the ePHI they need and should have access.
- Ensure that all WordPress logins are monitored and are logged. (ex. User Login Log plugin)
- Ensure that all WordPress logins are monitored and are logged.
- Keeping your WordPress and all plugins up-to-date.
- Use plugins like “Duo Security” to add 2-factor authentication to your site.
- Ensure that user logins to WordPress will automatically log users off due to inactivity.
- Log access to ePHI, if possible. An easy way is to make sure web and rtmp access logs are enabled.
- Review your procedures and users periodically.
- Ensuring that WordPress does not cache copies of ePHI-pages insecurely on disk, especially if you are in a shared environment. Wordpress content is normally stored in a database, but if it is cached insecurely on disk that will weaken security and in a shared environment could provide access to unauthorised persons. That's an extra reason why you should have your own dedicated server.
- Ensure that there are good backups of your site and its content. Most hosting providers offer automated site backups. These should also be downloaded periodically and stored on a different secure machine.
If you are restricting access to a specific set of users, consider locking down access to the site by IP address .