Protecting Patient Privacy

It's easy to use your phone to capture clinical photos, video or audio but if you're not using PicSafe^®...

There's patient data stored on your phone. What if you lose it?

Photos are often auto-uploaded to cloud accounts (with past breaches).

Patient data often isn't transmitted safely and can be intercepted.

When shared, patient data often isn't stored securely by recipients.

Consent is often not recorded. If there's a dispute later, this can mean trouble!

There's no record of who has accessed the data.

Have questions? Call: +61 3 9005 6334

Designed to be secure from the beginning

Once the PicSafe^® app captures a patient's data, the user has three main ways of sending the data.

Encrypted Email

The app fetches a key from a "Key Server" (operated by PicSafe^® or your organisation) and secures all data using AES-256 bit encryption. The encrypted report is attached to an email which the user then sends - the same as a "standard" email. The recipient is instructed to open the email on their phone and tap on the attached encrypted report. If the recipient is signed in to PicSafe^®, the app will fetch a key to decrypt the report (thereby leaving an audit trail) and display the report. See Email to Recipient integration docs.

Uploaded to Dropbox or Box

The app transmits the report (PDF, JSON meta data and photo, video and audio files) to Dropbox or Box's servers via HTTPS. PicSafe^® does not encrypt reports using the Key Server when submitting to Dropbox or Box as we assume that Dropbox and Box will store all reports securely. Both Dropbox and Box have HIPAA allow you to remain HIPAA compliant. See Upload to Box documentation and Upload to Dropbox documentation.

Uploaded to Medical Record

The app transmits the report to an endpoint setup by an organisation (to put it in the patient's medical record). Depending on the endpoint, the report can be transmitted via HTTPS (using the same method as when sent to Box or Dropbox) or via HTTP if the report is encrypted on the device first. The report can be encrypted using a static or dynamic key (using a Key Server). For more information, please see here, here, and here.

We use Advanced Encryption Standard 256-bit keys

Most people will not need to know this but, we also use CBC mode, password stretching with PBKDF2, password salting, random IV, and encrypt-then-hash HMAC. What you do need to know is that there are no known cases of this encryption having ever been "cracked".

Security Tested

PicSafe^® has undertaken independent Vulnerability Assessment and Penetration Testing (VAPT). The tester is qualified as a "Certified Ethical Hacker"; is a “Certified Information Systems Security Professional"; and is certified by the "Council of Registered Ethical Security Testers".

Trust

When a doctor sends a confidential "paper" report through the post to another physician, there's an implicit understanding and ethical obligation that the recipient will not in turn act inappropriately with that data (e.g. share it on Facebook). The same applies when using PicSafe^®. By combining this trust with smart design and the latest technology, we've been able to create a super-easy-to-use app for securely capturing and transmitting clinical photos, videos and audio. Ease-of-use is the most important security feature. If it's not easy-to-use, it won't get used. If it's not getting used then either the patient isn't getting the best treatment, or the patient data isn't secure.

Comply With HIPAA

Despite HIPAA not applying in New Zealand, many still view it as the standard in legislation protecting patient privacy. HIPAA stands for the "Health Insurance Portability and Accountability Act of 1996". It's a US federal mandate that requires the protection and confidential handling of "protected health information" (PHI). PicSafe^® can help your organisation comply with its HIPAA obligations. Please review HIPAA to ensure your practices comply.

There are no official certifications for HIPAA compliance. Nonetheless, PicSafe^® has been built using technology, structures and processes that will make it easier for organisations to comply. PicSafe^® never has access to patient data given it never passes through PicSafe's servers. Combining this with the technical safeguards (listed in the section below) means you and your organisation can assure the confidentiality, integrity, and availability of PHI.

For more on HIPAA, please see the Is PicSafe HIPAA/HITECH compliant? FAQ.

Security Features

Easy-to-use

If it's not easy-to-use, it won't get used. If it's not getting used, then patient data isn't protected.
It takes 30 seconds to sign up for the first time.
It's as easy to use as the camera app on your phone.

Secure Authentication

PicSafe^® uses a "password-less" authentication system. A "key" is emailed to the user to sign in (prevents the issue of easy-to-guess passwords).
Authentication keys expire if not used in 20 minutes and can only be used once.
PicSafe^® transmits user authentication over HTTPS.
PicSafe^® hosts its user authentication server on Digital Ocean.

No Data Stored on Device

No photos, video or audio is stored in the gallery on a device after being captured.
Upon sending a report, the app completely removes all patient data.
Accidental upload of data to cloud accounts can't occur (both iOS and Android have this turned on by default now).

Informed Consent

All reports require signed or recorded verbal consent before they can be submitted.
The patient can sign on screen - same legal standing as a paper signature in most countries (see here).
The doctor can record patient giving verbal consent. We provide a script.

Transmitted Securely

If being emailed, the app strongly encrypts reports before being sent. See the security section here for more.
If being sent to a third party storage service (Dropbox or Box), reports upload over HTTPS.
If being sent to an endpoint (hospital/institution medical record), reports upload over HTTPS and can be "double encrypted".

Direct Transmission

Patient data goes directly from app to email/endpoint. It's not stored by, and never passes through, PicSafe^® servers meaning:
- Even if someone were to compromise PicSafe's authentication system, patient data would remain safe.
- PicSafe^® employees don't have access to patient data.
- Governments or regulatory authorities, whether inside or outside of the jurisdiction in which you operate, can't request access to patient data through PicSafe^®.

Restrict/Block Access

A user can choose to block access to a report they have created by selecting a "Block Access" button in the report log.
If your organisation wishes to restrict who can open sent reports you can run a private key server.

Alerts

Users get an email every time they sign in on a new device. This email contains a "global sign out" link. In case the user loses their phone, they can trigger this, and if anyone tries to access a report from their account, they will be automatically signed out.
Users will get a warning if a report is opened more than five times in a 24 hour period. The email contains a link that will allow the user to block access for everyone but themselves.
Users will receive an email when a report is first opened (if sent via email). It contains the details of the first person to view the report, and a link takes you to the report log.

Audit Trail

When opening an emailed report, the app fetches "key" from a "Key Server" (operated by PicSafe^® or your organisations). The Key Server logs each open and thereby generates an audit trail.
The existence of an audit trail alone is a significant deterrent for inappropriate sharing.
If privacy breach occurs, you will be able to look back and when, where and who accessed the report, and track down the culprit.
The PicSafe^® Key Server is routinely backed up.

PicSafe^® was built from the ground up with the security of patient data being of paramount importance.

For more detail on how PicSafe^® works, please read the Integrations documentation, or...
Call us: +61 3 9005 6334