How to Trial

Cloud Storage Trial

Use cloud storage providers Box and Dropbox as a "Data Warehouse" for medical photos.

Goal

Provide a means for doctors to store medical photos securely. Any integration that does this will also get all the benefits listed in the "Sharing Trial" - it provides a means for doctors to share medical photos without violating privacy regulations.

How It Works

PicSafe has been built to enable easy integration with various third-party storage services, including both Box and Dropbox.

To set up, Doctors merely have to go to the settings screen and log in to the Box or Dropbox account to "link" it. Once linked, when a doctor goes to submit a medical photo, there will be an option to send it to either Box or Dropbox. Once a report is submitted, it the app removes metadata from the photo, generates both a PDF and XML file with the relevant details, and sends/uploads the "report" to a Box/Dropbox via HTTPS (secure). Within the Box or Dropbox account, one can use the search to find any of the information included in the "report" (e.g. patients name).

Please see a discussion on the use of Box and Dropbox and security and data sovereignty issues discussed in the "How do we securely store medical photos?" FAQ. Both Box and Dropbox offer HIPAA-compliant secure storage options.

Requirements

• IT department: Usually none. They may need to help Admin setup Box and Dropbox accounts (discussed below).
• Legal: While we believe PicSafe provides a system to allow doctors and hospitals comply with various privacy and medical record requirements, you should consult your legal department. Please note, too often we have seen excessive demands placed on processes to the point that they become impractical. Should impractical requirements be set on doctors, we have seen them revert to insecure practices using the default camera app (or the camera within consumer-grade messaging apps). We need to avoid this!
• Admin: Set up either a Box or Dropbox account. If you are doing a trial without using real patient data you can use any Box or Dropbox plan (including free). If you are using real patient data, you will need to set up either:
  • A Box Enterprise or Elite account (required for Box's HIPAA-compliant secure storage). The Box website asks that you contact them to get a quote. Expect to pay around US$35 per month for this service, but prices vary depending on how much storage you need. As a rule of thumb, allow 5MB per photo you want to store. You should be able to start off with the smallest plan.
  • An "Advanced" Dropbox Business account (required for Dropbox's HIPAA-compliant secure storage). An "Advanced" account costs $20 per month per user (with a minimum of 3 users). Depending on how you want to structure it, you can use one account per PicSafe user, or share the one Dropbox account with numerous users. A "Standard" account would work, but it only gives you 2GB of storage. As a rule of thumb, allow 5MB per photo you want to store so on a "Standard" plan that is only 400 photos. An "Advanced" account gives you "as much space as needed".
• Staff: Any phone or tablet running iOS 10+ or Android 4.4+ (most will have this already).

Cost

PicSafe. No setup fee. To submit reports to Box or Dropbox users will then need to purchase access to PicSafe PRO or to be part of a PicSafe Enterprise account. Please contact us for more information.

Box. Free if you are testing without using real patient data. If using real patient data, you will need a Box Enterprise or Elite account. The Box website asks that you contact them to get a quote. Expect to pay around $35 per month. around US$35 per month. Prices vary depending on how much storage you need.

Dropbox. Free if you are testing without using real patient data. If using real patient data, you will need an "Advanced" Dropbox Business account ($20 per month per user - with a minimum of 3 users). (Around US$20 per month per user - with a minimum of 3 users).

What You Get

• Peace-of-mind. You are putting a system in place that encourages doctors to deliver to the standard of care, thereby mitigating the risk of legal action in a situation where a photo might have changed an adverse outcome.
• Privacy Regulation Compliance. You're providing a way for staff to securely capture and transmit medical photos while complying with privacy regulations and thereby mitigating your risk of massive fines.
• Medical Record Regulation Compliance. By providing the ability to store medical photos taken on your smartphone, you can comply with medical record regulations. Without this, many images are taken, but they don't make their way into the medical record.
• Accelerated access to specialist care. Without the worry of breaching privacy regulations, doctors will be more inclined to take medical photos.
• Enhanced education for trainees. As above, doctors will be more inclined to take medical photos and share them with those training.
• More efficient triaging of patients. Here massive savings can be achieved. Please see the use case for just some examples.

Suggested Steps to Conduct a Trial

1. Email all staff informing them the risk of violating privacy regulations and suggest they download PicSafe from the App Store or Google Play.
2. Implement a policy on use of smartphones for medical photography within the hospital.
3. Post notices around the hospital (notice boards, back of bathroom doors, etc.)
4. Follow up emails after two weeks and two months.

Steps to Implement

Same as a trial. If you have completed a trial where real patient data was not used, and you used a standard Box or Dropbox plan, please see the notes above about setting up either a Box Enterprise or Elite account or an "Advanced" Dropbox Business account.

Please contact us for details.

Medical Record Integration

Get Photos into the Medical Record and store securely.

Goal

Provide a means for doctors to store medical photos securely. Any integration that does this will also get all the benefits listed in the "Sharing Trial" - it provides a means for doctors to share medical photos without violating privacy regulations.

How It Works

PicSafe has been built to enable easy integration with various third-party storage services and medical record systems. PicSafe provides many methods for integrating into medical record systems.

Once implemented, doctors take medical photos with PicSafe, they enter the patient's details, and get consent. The app removes metadata from the photo, generates both a PDF and XML file with the relevant details, and encrypts the data before sending/uploading the "report" to an "endpoint". The endpoint will depend on the integration.

Requirements

• IT department: Level of involvement will depend on the integration type. In general, it takes two to tango. PicSafe can send "reports" to medical record systems, but medical record systems need to let in the reports! IT departments are, understandably, often reluctant open their firewall. One technique that we have found surprisingly useful is to create a catch-all email address, have reports sent to it, and then create a simple little program that opens the emails, extracts the attached report, decrypts it, and slots it into the medical record.
• Legal: While we believe PicSafe provides a system to allow doctors and hospitals comply with various privacy and medical record requirements, you should consult your legal department. Please note, too often we have seen excessive demands placed on processes to the point that they become impractical. Should impractical requirements be set on doctors, we have seen them revert to insecure practices using the default camera app (or the camera within consumer-grade messaging apps). We need to avoid this!
• Staff: A phone or tablet running iOS 10+ or Android 4.4+ (most will have this already).

Cost

Varies depending on the type of integration and number of users. Depending on the kind of integration, there is commonly a setup fee. All users that use the integration will then need to purchase access to PicSafe PRO or to be part of a PicSafe Enterprise account. Please contact us for more information.

What You Get

• Peace-of-mind. You are putting a system in place that encourages doctors to deliver to the standard of care, thereby mitigating the risk of legal action in a situation where a photo might have changed an adverse outcome.
• Privacy Regulation Compliance. You're providing a way for staff to securely capture and transmit medical photos while complying with privacy regulations and thereby mitigating your risk of massive fines.
• Medical Record Regulation Compliance. By providing the ability to store medical photos taken on your smartphone, you can comply with medical record regulations. Without this, many images are taken, but they don't make their way into the medical record.
• Accelerated access to specialist care. Without the worry of breaching privacy regulations, doctors will be more inclined to take medical photos.
• Enhanced education for trainees. As above, doctors will be more inclined to take medical photos and share them with those training.
• More efficient triaging of patients. Here massive savings can be achieved. Please see the use case for just some examples.
• Better medical history. This can help in the treatment of patients in many situations.

Suggested Steps to Conduct a Trial

1. Email all staff informing them the risk of violating privacy regulations and suggest they download PicSafe from the App Store or Google Play.
2. Implement a policy on use of smartphones for medical photography within the hospital.
3. Post notices around the hospital (notice boards, back of bathroom doors, etc.)
4. Follow up emails after two weeks and two months.

Steps to Implement

Same as steps to trial.

Please contact us for details.