PicSafe enables medical professionals to securely capture clinical images of their patients for such purposes as:
Here are a couple of possible uses for PicSafe:
The burns unit of a hospital treats a burns victim with a badly burnt arm. A nurse dresses the wound a 9 am and 4 pm each day. At 10 am the registrar arrives wants to see how the wound is healing. Now the dressing has to be taken off at great discomfort to the patient and at considerable cost to the hospital (in time and materials). If the nurse were to use PicSafe to take a photo of the arm while the dressing was being changed at 9 am, we would avoid the pain and cost.
The Emergency Department calls a registrar at 10 pm about a 6-year-old boy who had fallen over at home and cut his lip. The Emergency Resident was unable to send a photo of the laceration (despite it being requested by the surgical registrar) because hospital policy would not allow it. The registrar lives in the city and would have had to drive one hour each way to see the child. Instead, he decided to put the child on the next morning's operating list without first seeing the laceration. When the registrar examined the child the following day, he saw that no surgery was required. Unfortunately, the parents were agitated after spending the whole night in the emergency department and insisted that the child got sutured under general anaesthetic.Permanent Link
When designing the PicSafe app, patient privacy was at the forefront. Specifically the app:
PicSafe uses the default camera on your device. The image quality will depend on he quality of the camera and the skill of the photographer. As with taking good photos on your device, please use proper lighting and try and keep the camera as steady as you can when taking pictures or recording video.Permanent Link
Security is paramount, and measures are inbuilt throughout the PicSafe system’s structure. All reports are dated and time stamped, geotagged, encrypted and, if uploaded to a third party storage provider, securely transmitted over HTTPS. PicSafe allows transmission and storage media in compliance with appropriate security regulatory guidelines. Manipulation, modifying, or changing PicSafe media within a report in any manner, is not possible.
Some of the security features include:
Individual images don't have the patient's data included in the same file. PicSafe PRO users will have the report ID and media ID included in the bottom right corner. The patient's details accompany the images in a "report". PicSafe automatically tags all reports with the patient’s name and date of birth, along with relevant secondary identifiers such as location, time, and date tags.Permanent Link
PicSafe is optimised to work on both iOS and Android devices, specifically iOS 9+ and Android 4.4+. If you have an earlier operating system, please upgrade your device to the latest operating system.Permanent Link
PicSafe is free to receive reports and free to send reports. There is a "PicSafe PRO" version with some more advanced features however for most users the free version will be all you need.
|Price||Free||$9 per month|
|Photos, videos or audio per report||2||10|
|Photo resolution|| 1 Megapixel |
| 3 Megapixel |
|Video resolution|| Standard Definition |
| High Definition |
|Video length||5 seconds||10 seconds|
|Audio length||20 seconds||120 seconds|
|Watermark||Pink - "Photo taken with the free version (PicSafe Basic)"||Black - Report and Media ID|
Please note: Price may vary depending on what currency you use.Permanent Link
Different hospitals and institutions have different names for some kind of patient identification. Most commonly used is a Unit Record (UR) number. A Medical Record Number (MRN) is also common. In the Patient ID field you can put whatever identifier your institution uses.
In a hospital environment, is is common that wrist or ankle tags contain an identifier. If there is an accompanying barcode, you can use PicSafe to scan the barcode in the Patient ID field.Permanent Link
Audio clips on can be up to 20 seconds long. For PicSafe PRO users they can be up to 120 seconds.
Video clips on can be up to 5 seconds long. For PicSafe PRO users they can be up to 10 seconds. Video clips are limited to reasonably short clips given they need to be compressed and encrypted on the device. When devices become more powerful, we may look to increase the limit. Another factor is the file size. The longer the clips, the bigger the file size. Larger files take longer to send, longer to download and use more of your data.Permanent Link
There is a trade-off between duration and practicality! Ideally PicSafe would provide longer videos; however, many factors necessitate smaller videos.
File size becomes an issue when encrypting and packaging raw files on the device before sending. In future, when devices become more powerful, we may re-evaluate, but for now, devices are usually not powerful enough to send reports promptly. Like most things in life, there is a trade off between quality and speed!
The quality of the video and image files is still very high (particularly for PicSafe PRO users). There are very few circumstances where the quality will not suffice for all manors of medical use. For the situations where higher resolution is required we remind you that PicSafe is not designed to replace traditional clinical photography departments! Its aim is to help doctors deliver better patient care by allowing them to capture, share and store patient photos quickly.Permanent Link
You can attach two photos, videos and audio clips per report. If you want to add more, you can upgrade to PicSafe PRO and attach up to 10 photos, videos and audio clips.
Please be mindful, the more you add, the bigger the file size. Larger files take longer to send, longer to download, use more of your data.Permanent Link
Compressing and encrypting large files needs to be done on the device before sending a report. The time it takes to perform the compression is, in large part, a factor of how powerful the device is. As such, only newer iOS and Android devices can do this. In general, the older the device, the slower it is to compress.
Below is a list of iOS devices that support capture of video.
|iPhone 6S||September 2015|
|iPhone 6S Plus||September 2015|
|iPhone SE||March 2016|
|iPhone 7||September 2016|
|iPhone 7 Plus||September 2016|
|iPad Pro 9.7-Inch||November 2015|
|iPad Pro 12.9-Inch||March 2016|
As for Android, we base device capability on the version of Android on your device. Note, because it's possible to upgrade some old Android devices, there may be some situations where an Android device is not suitable for video capture. The compression will take a long time to perform.
|Android 6||Marshmallow||October 2015|
|Android 7.0||Nougat||August 2016|
|Android 7.1||Nougat||August 2016|
Compressing and encrypting large files needs to be done on the device before sending a report. The time it takes to perform the compression is, in large part, a factor of how powerful the device is. In general, the older the device, the slower it is to compress. If you are finding it is taking too long, it might be time to upgrade your device!
The best iOS device will always be the newest! At this time the iPhone 7 Plus is the top of the line. The Google Pixel is the best Android device we have come across for use with PicSafe.Permanent Link
You can subscribe to PicSafe PRO through our subscription system (we use Stripe for secure payments), or through iTunes.
To unsubscribe using our subscription system:
To unsubscribe on iTunes on an iPad or iPhone:
One of the biggest security threats is not someone nefarious hacking into a system; rather it is people using passwords that are easy to guess! People always seem to forget their passwords too! Hence, PicSafe uses a "passwordless" login system.
When you open the app, you will be asked to create an account or sign in to an existing account. When you either create an account or sign in, we don't ask for a password. Instead, we send you an email with a "magic link" that when opened on a device that has PicSafe installed will automatically log you in. It's pretty much the same process you go through when you hit the "forgot password" or "reset password" link on many other websites. We rely on your access to email being secure.
If you don't have email access on the device you have installed PicSafe on, we also provide a five digit "Sign in Code" in the email. In the app, there is a prompt to enter a "Sign in Code" so you can log in.
For security purposes, the "magic link" and the "sign in code" are only valid for 20 minutes and can only be used once. They become invalid after use, and you will have to initiate the sign in process again.
If you requested the email and did not receive it within a few minutes, please check your spam folder.Permanent Link
In order to open a .picsafe file, you must have the PicSafe app (available on iOS and Android devices), and you must have signed in to PicSafe. If you haven't already done so, download the free PicSafe app from the App Store or Google Play, and create an account.
On Android devices, just tap on the attached file.
On iPhones and iPads, tap on the attached file and select "Copy to PicSafe".Permanent Link
If you receive a report, you can only view photos, videos and audio files through the PicSafe app (by design, for security purposes). To open a .picsafe file, you must use the PicSafe app (available on iOS and Android devices), and you must have signed in to PicSafe.
If you are the one sending the report, it is possible to send the files to a Box or Dropbox account (if you have the PicSafe PRO). When sending reports to Box or Dropbox, the raw files will be transmitted and (presumably) stored securely.
If you set up an institution, you will be able to integrate with your medical record system to input the raw files. Please see the Integrations Section.Permanent Link
PicSafe PRO has Box integration inbuilt. You can use Box to keep an archive of patient media which is particularly useful for areas of medicine where it is appropriate to document visual changes over time. Box, in conjunction with PicSafe, can be used to help you comply with HIPAA and HITECH regulations.
To setup sending to Box, tap on the "Settings" button (on the primary form), then tap the "Box" row under the "Integrations" heading. Then tap on the "Log in to Box" button. You will be guided through the process to login to Box.
To send to Box, on the primary form just above the "Submit" button is a "send to" field. Tap on that and select "Box". Upon submitting, the app will upload the report to your Box account.
Note, "reports" you upload to Box can be found in an automatically generated "PicSafe" directory. The app uploads all reports over HTTPS. We do not encrypt reports using the key server when submitting to Box as we assume that Box stores all reports securely. Please see the Box HIPAA And HITECH Overview And FAQs for more information.Permanent Link
PicSafe PRO has Dropbox integration inbuilt. You can use Dropbox to keep an archive of patient media which is particularly useful for areas of medicine where it is appropriate to document visual changes over time. Dropbox, in conjunction with, PicSafe can use used to help you comply with HIPAA and HITECH.
To setup sending to Dropbox, tap on the "Settings" button (on the primary form), then tap the "Dropbox" row under the "Integrations" heading. Then tap on the "Log in to Dropbox" button. You will be guided through the process to login to Dropbox.
To send to Dropbox, on the primary form just above the "Submit" button is a "send to" field. Tap on that and select "Dropbox". Upon submitting the app will upload the report to your Dropbox account.
NNote, "reports" you upload to Dropbox can be found in an automatically generated "PicSafe" directory. The app uploads all reports over HTTPS. We do not encrypt reports using a key server when submitting to Dropbox as we assume that Dropbox stores all reports securely. Please see Dropbox's Help Center article for more information.Permanent Link
HIPAA stands for the "Health Insurance Portability and Accountability Act of 1996", and HITECH stands for the "Health Information Technology for Economic and Clinical Health Act (2009)". These two US laws aim to encourage the use of technology in the health care industry while building security and privacy protections for Protected Health Information (PHI).
There is no official HIPAA or HITECH certification, and therefore no one tool can say they are "compliant". What we can say is that you can use PicSafe in a way that is compliant with HIPAA/HITECH regulations.
Box in conjunction with PicSafe can use used to help you comply with HIPAA and HITECH. Please see the Box HIPAA And HITECH Overview And FAQs for more information.
Dropbox in conjunction with PicSafe can use used to help you comply with HIPAA and HITECH. Please see the HIPAA/HITECH section of the Standards and regulations page on their site. See their "Getting Started with HIPAA" guide and Help Center article for more detailed information.Permanent Link
Integration with a medical record system is obviously more relevant for those that operate the IT department of an institution (hospital, clinic, etc.). If you want to integrate PicSafe reports into a patients medical record, PicSafe provides a simple API to allow you to do so.
Ultimately, you will need to set up a private "Endpoint", and we also recommend you set up a private "Key Server". PicSafe provides a turnkey Docker image for hosting a private Key Server. PicSafe also provides a sample Endpoint application. You will need to write middleware to take reports uploaded to the endpoint and move them into your medical record system (PicSafe does not perform this integration).
For more details, please see How do I set up a private Endpoint?. For even more detail on how endpoints work and how to integrate PicSafe into medical record systems, please see the Integrations Section of this website.Permanent Link
We recognise that many institutions have this as a restriction imposed on them. We would argue that if the report is encrypted, it does not matter where the data travels but that is a side issue here!
You have a few options.
PicSafe allows "Reports" to be sent via email directly from the device. Regular email routing will apply. It depends on your ISP and the location of the email server of both sender and recipient as to whether it will "travel" through another country.
When sending via an endpoint that you have set up, it will again depend on your ISP. Unless using a VPN, it is improbable that your ISP would route traffic through another country if both the sender and the endpoint are in the same country.
It is possible to set an "Endpoint" within a network and thereby to make the Endpoint an internal IP address. That would mean that only users that are also on the internal network can submit reports and would, therefore, guarantee that not only would data not leave the country, but it also would not leave the institutions network.Permanent Link
Short answer: No.
Long answer: Still no. Sorry. The consent questions provided are the result of the thorough and careful legal research and consultation. It was important to us to ensure that patients can quickly and easily understand the implications of providing consent. We also wanted to ensure that the process of obtaining approval is simple and straightforward. We are confident that the consent questions are concise, easy to understand and provide appropriate legal protection. To protect ourselves and our users, we are not able to change the questions for different users of the app.Permanent Link
Short answer: No.
Most electronic medical record systems use an "episode number" for each patient interaction. Most of the time, the episode number needs to be generated by the medical record system. Research and testing have shown that to integrate PicSafe into such systems slows the process of capturing the "report" much slower, thereby severely reducing the effectiveness of PicSafe as a tool. We want to avoid that! It should be possible to use the time stamp of the report and the patient's details to generate or look up, an episode number when adding a report to the medical record.Permanent Link
Short answer: Yes.
Before you go to the trouble of doing this, you may want to consider whether it is necessary. There is already, of course, an implicit understanding and ethical obligation that doctors act appropriately. Adding additional technology measures to limit where a user can send a report adds undue complexity to the app. We feel it is far easier for a doctor to use the existing built-in address book (on the phone) to email reports to people they know and trust.
However, we understand that, in certain situations, it may be appropriate to limit where a user can send a PicSafe report.
If you manage the IT department of an institution and it is vital to limit sharing of "reports" outside of your organisation, you will need to set up a private "Key Server".
When a user composes a "report" in the app and presses the "Submit" button, the following happens.
If you decide to run a private Key Server, it is possible to put a rule in there that means the key server will only give the key to decrypt reports to PicSafe users who have an email address that ends in "@myhospital.com" (for example).
To set up a private Key Server, PicSafe provides a turnkey Docker image. It allows you to set up and host a private Key Server quickly and can be easily configured to whitelist or blacklist individual email addresses or domains. For example, you could add a rule that says only PicSafe users that have an email address that ends in "@myhospital.com" can access the key to unlock reports.
TThe final step is to tell your users to use the Key Server you have set up. To do this, they have to do the following:
Now you can send reports, and it will be encrypted using the Key Server you set up.
For more details on how to setup a private Key Server, please see the Integrations Section of this website.Permanent Link
PicSafe uses RNCryptor for all encryption. RNCryptor is a cross-language AES Encrypter/Decrypter data format.
The data format includes all the metadata required to securely implement AES encryption, as described in "Properly encrypting with AES with CommonCrypto," and iOS 6 Programming Pushing the Limits, Chapter 15. Specifically, it includes:
A Key Server is used to dish out keys which are used to encrypt reports in the PicSafe app before sending. See the Methods of Sending/Submitting Reports section above for details on which methods use the Key Server.
For instructions on how to set up a private Key Server, please refer to the Running a private Key Server section on the Integrations page.Permanent Link
Before explaining how to do this, a brief description of how the PicSafe process works in necessary.
Sending reports to an endpoint via HTTP or HTTPS is possible. It is also possible to specify if you want to encrypt reports in the app before being sent. Obviously, it is possible to encrypt reports as well as sending via HTTPS also. If using HTTP, you should make sure that you always encrypt reports in the app before sending. If you don't, this is a big security vulnerability!
Whether the app sends a report via HTTP or HTTPS is merely a matter of which protocol is specified when adding the institution. "http://endpoint.picsafe.com" would send it via HTTP and "https://endpoint.picsafe.com" would send it via HTTPS.
Below we will discuss the different processes relating to whether to encrypt the report in the app before sending or not.
In the diagram above see the pink lines. When a user composes a "report" in the app and presses the "Submit" button, the following occurs.
In the diagram above see the green lines. When a user composes a "report" in the app and presses the "Submit" button, the following occurs.
An Endpoint is a server that hosts middleware that your IT department will need to create. It simply takes reports uploaded to the endpoint and moves them into your medical record system. PicSafe does not perform this integration. PicSafe provides a sample Ruby on Rails application that does this. It is an easy task to write something similar in another language.
To trial this system, you do not need to set up a private endpoint yet - we have a test endpoint. But please note, all reports are visible to the public. DO NOT USE IT FOR LIVE PATIENT DATA.
To test it out do the following:
Now you can send reports to the email you set up. When you "Submit" the report it will be uploaded to the demo endpoint. Once finished uploading, if you go to http://endpoint.picsafe.com/, you will see the report you uploaded. Obviously, under normal circumstances, a page like this would not be visible to the public.
There is, of course, one more step. We have to tell users to use the Endpoint you have set up. To do this, they have to do the following:
Now you can send reports, and it will be encrypted using the Key Server you set up.
For more details on how to setup a private Key and Endpoint Server, please see the Integrations Section of this website.Permanent Link
Absolutely. There are different types of trials you may want to try.
PicSafe is free to use so simply download and give it a go.
If you want to send reports to Box or Dropbox, you will need PicSafe PRO. You can purchase access for one month to trial the feature within the app.
One way of storing reports might be to setting up an email address for your institution (e.g. [email protected]) and getting users to send all reports there. y sending reports there, this then becomes a repository of all reports. To open reports you will need to send the report back to a mobile device that has PicSafe installed. We recognise that this may not be practical in some situations and therefore we have created Endpoint Integrations (see below).
Once you have set up the email address (e.g. [email protected]), instruct users to do the following:
Now you can send reports to the email you set up. When you "Submit" a report the email dialogue will open, and the email address will be pre-populated.
Endpoint integration will be more relevant for those that operate the IT department of an institution (hospital, clinic, etc.). If you want to integrate PicSafe reports into a patients medical record, PicSafe provides a simple API to allow you to do so.
PicSafe provides a sample Endpoint application. You will need to write middleware to take reports uploaded to the endpoint an move them into your medical record system (PicSafe does not perform this integration). To trial this system, however, you do not need to set this up yet - we have a test endpoint setup, but please note, all reports are visible to the public. DO NOT USE IT FOR LIVE PATIENT DATA.
To test it out do the following:
Now you can send reports to the email you set up. The report will upload to the demo endpoint when you "Submit" the report. Once finished uploading, if you go to http://endpoint.picsafe.com/, you will see the report you uploaded. Obviously, under normal circumstances, a page like this would not be visible to the public.
For more details on how endpoints work and how to integrate PicSafe into medical record systems, please see the Integrations Section of this website.Permanent Link