Frequently Asked Question: FAQ:

How do I securely store medical photos in Dropbox?

Other FAQs

Dropbox

Use Dropbox as a "Data Warehouse". You can use Dropbox to keep an archive of medical photos without violating privacy regulations. This is particularly useful for areas of medicine where it is appropriate to document visual changes over time. Dropbox, in conjunction with PicSafe, can be used to help you comply with HIPAA and HITECH regulations. See Dropbox's Help Center article for more information. While HIPAA is a US-based standard for protecting patient privacy, it is viewed by many around the world as the gold standard in patient privacy regulation.

Setup

  1. Tap on the Settings button (on the primary form).
  2. Tap the Dropbox row under the Storage Integrations heading.
  3. Tap on the Link Dropbox Account button, and you'll be guided through the process to login to Dropbox.

Instructions

  1. Take a photo in PicSafe.
  2. (Optional) Enter or scan the Patient ID.
  3. Select Dropbox in the send screen.

Requirements

  • A Dropbox account. If you are doing a trial without using real patient data you can use any Dropbox plan (including free). If you are using real patient data, you will need to set up an Advanced Dropbox Business account" (required for Dropbox's HIPAA-compliant secure storage). An Advanced account costs US$20 per month per user (with a minimum of 3 users). Depending on how you want to structure it, you can use one account per PicSafe user, or share the one Dropbox account among numerous users. A "Standard" account would work, but it only gives you 2GB of storage. As a rule of thumb, allow 5MB per photo you want to store so on a "Standard" plan that is only 400 photos. An Advanced account gives you "as much space as needed".
  • PicSafe PRO (or be part of a PicSafe Enterprise account).

Notes

  • "Reports" you upload to Dropbox can be found in an automatically generated "PicSafe" directory.
  • A report contains photos (with metadata removed), and a PDF and XML file with the relevant details.
  • Within the Dropbox account, one can use the search to find any of the information included in the "report" (e.g. patients name).
  • The app uploads all reports over HTTPS.
  • We do not encrypt reports using the key server when submitting to Dropbox as we assume that Dropbox stores all reports securely.
  • See the "How do we securely store medical photos?" FAQ for a discussion on security and data sovereignty issues related to Dropbox.
  • While we believe PicSafe provides a system to allow doctors and comply with various privacy and medical record requirements, you should consult your lawyer or legal department. Note, too often we have seen excessive demands placed on processes to the point that they become impractical. Impractical requirements tend to get ignored, and doctors revert to more comfortable but insecure practices (using the default camera app or the camera within consumer-grade messaging apps). For everyone's sake, we need to avoid this!

What You Get

  • Peace-of-mind. You are putting a system in place that encourages doctors to deliver to the standard of care, thereby mitigating the risk of legal action in a situation where a photo might have changed an adverse outcome.
  • Privacy Regulation Compliance. You're providing a way for staff to securely capture and transmit medical photos while complying with privacy regulations and thereby mitigating your risk of massive fines.
  • Medical Record Regulation Compliance. By providing the ability to store medical photos taken on your smartphone, you can comply with medical record regulations. Without this, many images are taken, but they don't make their way into the medical record.
  • Accelerated access to specialist care. Without the worry of breaching privacy regulations, doctors will be more inclined to take medical photos.
  • Enhanced education for trainees. As above, doctors will be more inclined to take medical photos and share them with those training.
  • More efficient triaging of patients. Here massive savings can be achieved. Please see the use case for just some examples.