Frequently Asked Question: FAQ:

How do I set up a private Endpoint?

Other FAQs

Before explaining how to do this, a brief description of how the PicSafe process works in necessary.

Sending reports to an endpoint via HTTP or HTTPS is possible. It is also possible to specify if you want to encrypt reports in the app before being sent. Obviously, it is possible to encrypt reports as well as sending via HTTPS also. If using HTTP, you should make sure that you always encrypt reports in the app before sending. If you don't, this is a big security vulnerability!

Whether the app sends a report via HTTP or HTTPS is merely a matter of which protocol is specified when adding the institution. "http://endpoint.picsafe.com" would send it via HTTP and "https://endpoint.picsafe.com" would send it via HTTPS.

Encryption options

Below we will discuss the different processes relating to whether to encrypt the report in the app before sending or not.

Process when sending to an endpoint

Encrypt the report in the app before sending

In the diagram above see the pink lines. When a user composes a "report" in the app and presses the "Submit" button, the following occurs.

  1. The app fetches a "key" from a "Key Server". All the Key Server does is dishes out keys and logs who access those keys (when a user requests one to open a report). When running a private endpoint and encrypting reports, before being sent you must setup a private Key Server.
  2. The app packages up the media, the data, as well as a generated PDF into a "Report". This Report is then encrypted using the "key". The app then packages the encrypted report, along with the location of the key server, into ".picsafe" file. The app then sends the report to endpoint (URL).
  3. The endpoint receives the .picsafe file and sends a request to the Key Server to get the key to decrypt the report. It then decrypts the report and in turn sends it on.
  4. The endpoint can then be configured to send to report another location (e.g. a patients medical record).
Don't encrypt the report in the app before sending.

In the diagram above see the green lines. When a user composes a "report" in the app and presses the "Submit" button, the following occurs.

  1. The app packages up the media, the data, as well as a generated PDF into a "Report".
  2. The app sends the report to endpoint (URL).
  3. The endpoint receives the Report (zipped file that contains the media, data and PDF).
  4. The endpoint can then be configured to send to report another location (e.g. a patients medical record).
Run a private Endpoint Server

An Endpoint is a server that hosts middleware that your IT department will need to create. It simply takes reports uploaded to the endpoint and moves them into your medical record system. PicSafe does not perform this integration. PicSafe provides a sample Ruby on Rails application that does this. It is an easy task to write something similar in another language.

To trial this system, you do not need to set up a private endpoint yet - we have a test endpoint. But please note, all reports are visible to the public. DO NOT USE IT FOR LIVE PATIENT DATA.

To test it out do the following:

  1. Open the PicSafe app and tap on "Settings".
  2. Tap on "Institutions Medical Record" and then the "Add" button in the top right.
  3. In "Send type" select "Post (Dynamic Key)", enter the name of your institution (e.g. "My Hospital"), in the "Endpoint" field enter "http://endpoint.picsafe.com", and leave the "Key Server" field blank.
  4. Tap the "Save" button in the top right and go back to the primary form.
  5. Now in the primary form, in the "Send to" options there will be a "My Hospital" listing under "Institutions". Tap on that.

Now you can send reports to the email you set up. When you "Submit" the report it will be uploaded to the demo endpoint. Once finished uploading, if you go to http://endpoint.picsafe.com/, you will see the report you uploaded. Obviously, under normal circumstances, a page like this would not be visible to the public.

Instruct users to use your Endpoint Server (and Key Server if using it)

There is, of course, one more step. We have to tell users to use the Endpoint you have set up. To do this, they have to do the following:

  1. Open the PicSafe app and tap on "Settings".
  2. Tap on "Institutions Medical Record" and then the "Add" button in the top right.
  3. In "Send type" select "Post (Dynamic Key)".
  4. Enter the name of your institution (e.g. "My Hospital").
  5. Enter the "Endpoint" URL (e.g. http://endpoint.picsafe.com).
  6. In the "Key Server" field, if you have set up a Key Server, enter the URL (e.g. https://key.picsafe.com). Otherwise, leave it blank.
  7. Tap the "Save" button in the top right and go back to the primary form.
  8. Now in the primary form, in the "Send to" options there will be a "My Hospital" listing under "Institutions". Tap on that.

Now you can send reports, and it will be encrypted using the Key Server you set up.


For more details on how to setup a private Key and Endpoint Server, please see the Integrations Section of this website.