Frequently Asked Question: FAQ:

How does the Cloud Act effect PicSafe for those outside the US?

Other FAQs

It does not.

The Cloud Act was snuck through into US legislation on March 22, 2108. It gives US authorities the power to require US companies to divulge data stored on servers housed outside of the US without disclosure.

If sending PicSafe reports via email, no patient data ever travels through PicSafe's servers. A report is encrypted and attached to an email on the phone. The email is sent to the recipient and PicSafe does not ever see the data.

If sending via Text message or WhatsApp, PicSafe does have patient data travel through its servers (located in Sydney for Australian users). PicSafe uses Amazon Web Services for hosting. However, the Cloud Act should not have a bearing on you. See the explanation below.

Just about anything online can be compromised given the motivation and skill. Data security is largely influenced by:

  1. Motivation. Is the data valuable enough to warrant the effort required to access it? The risk of being caught and the cost of being caught is factored into the value.
  2. Effort. Is the hacker capable and have the time and resources?

Security efforts focus on increasing the risk a perpetrator gets caught and increasing the required resources, time and skill. This is the same as the security of physical items. A bank vault can be compromised by a motivated perpetrator with the appropriate time, resources and skill. One wants to add security measures to make the cost/benefit tradeoff of a "hack" seem very much unattractive.

The Cloud Act certainly makes it uncomfortable to think that the US government can access personal data not even stored in the US, regardless of its justification being it is it to prevent criminal activity. That sounds scary until you look at it in context.

  • Most medical record software is owned by US vendors.
  • The dominant mobile phone and desktop operating systems are all owned by US companies.
  • Most of the top mobile phone and PC manufacturers are owned by US (and Chinese) companies.

Regulators in Australia already trust US companies with patient data. Regarding being able to satisfy privacy regulations, the Cloud Act should not change anything.

PicSafe provides a level of security that far exceeds that using the default camera app and sending via SMS. PicSafe also provides a level of security that, we feel, far exceeds what is reasonably expected by regulations. Anyone claiming more than that is either lying or naive.