What is data sovereignty and what does it have to do with clinical photos?

Data Sovereignty is the idea that data are subject to the laws and governance structures within the nation it is collected. Where data are deemed to be collected can become a little murky when you factor in the location of servers that store data. Here we will try and clear this all up concerning sending and storing clinical photos using PicSafe.

There are many ways in which patient data can, inadvertently, end up travelling internationally. The most common of which are:

1. Photos in your phone gallery. You take a photo on an iPhone, the photo is stored in the gallery, and the gallery is backed up to Apple's servers. Or, you take a photo on an Android phone, the photo is stored in the gallery, and the gallery is backed up to Google's servers.
2. Photos in an email. You send an email with a photo in it to someone using a mail provider based in another country (Gmail, Yahoo, Microsoft, etc.).
3. Photos in messaging apps. You send an SMS or WhatsApp message with a photo in it to someone. It is not sitting on their phone. This phone may be taken internationally.
4. Photos in third-party storage services. You use a file storage service such as Box, Dropbox, Google Drive or OneDrive.

None of these things needs to be avoided, and indeed they provide valuable services. Depending on how you use then you can, however, fall foul to privacy laws when using them with patient data.

There are over 100 national data privacy laws in effect with a dizzying array of requirements under specific circumstances. As a general rule, we have found that all patient data should not be accessible to those outside of their home legal jurisdiction except where explicit consent is given on a per usage basis. See National Comprehensive Data Protection/Privacy Laws and Bills 2018.

Specifically, in Australia, the Privacy Act has this to say:

"Before [a doctor] discloses personal information about an individual to a person" … "who is not in Australia" … "[you] must take such steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach the Australian Privacy Principles."

"In certain circumstances, an act done, or a practice engaged in, by the overseas recipient is taken," … "to have been done, or engaged in, by the APP entity."

Let us go over how you can protect yourself and your patients' data under each scenario.

1. Photos in your phone gallery.

Don't use the default camera app on your phone for taking patient photos. Further, when you take a photo from within many messaging apps (WhatsApp included), the photo appears in the phone's gallery. To avoid photos from getting uploaded to Google/Apple's servers, you can turn off auto upload, but that is difficult and inconvenient.

PicSafe has been designed in such a way that as soon as you send/store photos, they are removed from your phone. They never appear in your gallery.

2. Photos in an email.

There are special encrypted email services, however they often expensive and rely on both parties using the service. There is also the issue of who has access to the keys used to decrypt the email.

PicSafe allows you to attach an encrypted file to an email meaning that no patient data is visible to prying eyes and the email is sent over the Internet. The keys used to encrypt the files are distributed through a "Key Server". PicSafe hosts a "Key Server" that any PicSafe user can use, or an institution can choose to run their own. Either way, the key to decrypt a file is not stored on the same server that stores the email and the data, and then the key to decrypt can't be accessed without permission being granted and access being logged.

3. Photos in messaging apps.

Much the same as with photos stored in email, photos stored in messaging apps can be accessed in transit or when being stored. Many services encrypt messages but still about end-to-end encryption is not safe. Further, once photos are viewed on a recipients phone, they are stored on the phone. You have no control over where that phone goes or who has access to it.

PicSafe's solution here is not to embed the photo in a message, instead, have a link to the photo in the message. The link points to a file hosted on My PicSafe. My PicSafe has servers in Australia, Canada, Ireland, the UK, and the USA. This means that for users in these countries, patient data will not leave the country. PicSafe users, therefore, send photos securely.

1. Take a photo.
2. The app fetches a key and encrypts the data into a file.
3. The app uploads the file to "My PicSafe" and generates a link.
4. You can send the link via a messaging app.
5. The recipient opens the link (either on their phone on their computer).
6. The recipient is prompted to either create a PicSafe account or sign in (thereby verifying who they are).
7. The app or browser fetches a key to decrypt the file. Every time a key is fetched it is logged.
8. The app or browser decrypts the file and displays the contents.

4. Photos in third-party storage services.

Each of the four primary third-party storage services is owned by a US company. The issue over who has access to what data is murky. PicSafe supports all four as we feel that each can be used securely. See the relevant FAQs for how to set up each of Box, Dropbox, Google Drive, and OneDrive. Specific discussion around the data sovereignty for each follows.

---

---

---

---