Patient Data Protection in a Free Photo Sharing Network for Healthcare Professionals - The InsightMedi Mobile App Case
|
If you are the presenter of this abstract (or if you cite this abstract in a talk or on a poster), please show the QR code in your slide or poster (QR code contains this URL). |
Abstract
In October 2013 we launched InsightMedi App, a free Photo Sharing Network for Healthcare professionals, in a Beta phase.
The main challenge was to fulfill patient data protection regulations, not only HIPAA but also worldwide regulations, before releasing the open use of the app.
Given the great importance of this aspect we developed a security protocol with 6 levels.
Level 1.- The terms of use of the application report, when the user register for the first time , the requirement that all pictures must be anonymized (no history numbers , names, or any other patient identifying information).
Level 2.- At the beginning photo upload process, a message appears recalling again that obligation for the image to be uploaded.
Level 3.- The application provides an image editor that allows us to cut areas, or delete names, numbers, or any other markings that could identify a patient (incisions, scars, tattoos, ...)
Level 4.- No sensible metadata is uploaded with the image (so any DICOM kind of patient information is detached from the image file).
Level 5.- Once an image is uploaded, the user is informed that the image will be available for the rest of users after a human review process is done (automatically a message is sent to the development team where one person “on call†is responsible for verifying that the image meets the requirements of the app (which is anonymized , about a health issue, not a picture from a book , respectful with the patients, etc ... ).
As soon as the image is approved it is available for all the users. In case the image was rejected, the user that sent the image receives an email with the reason why it has been rejected, along with a push message for a quicker notification.
Besides the above, there is another Level 6 where any user has the right to report an image as inappropriate if they consider that, and this option automatically triggers a new process of review by the development team.
With this security protocol that was launched in January 2014, with the open phase of InsightMedi App, we have been able to guarantee the patient data protection regulations, thus providing the healthcare professionals with a free tool to share anonymized clinical information in a safety environment.
The implementation of this process is detailed in the presentation as well as other as other security strategies that were initially considered in the protocol.
The main challenge was to fulfill patient data protection regulations, not only HIPAA but also worldwide regulations, before releasing the open use of the app.
Given the great importance of this aspect we developed a security protocol with 6 levels.
Level 1.- The terms of use of the application report, when the user register for the first time , the requirement that all pictures must be anonymized (no history numbers , names, or any other patient identifying information).
Level 2.- At the beginning photo upload process, a message appears recalling again that obligation for the image to be uploaded.
Level 3.- The application provides an image editor that allows us to cut areas, or delete names, numbers, or any other markings that could identify a patient (incisions, scars, tattoos, ...)
Level 4.- No sensible metadata is uploaded with the image (so any DICOM kind of patient information is detached from the image file).
Level 5.- Once an image is uploaded, the user is informed that the image will be available for the rest of users after a human review process is done (automatically a message is sent to the development team where one person “on call†is responsible for verifying that the image meets the requirements of the app (which is anonymized , about a health issue, not a picture from a book , respectful with the patients, etc ... ).
As soon as the image is approved it is available for all the users. In case the image was rejected, the user that sent the image receives an email with the reason why it has been rejected, along with a push message for a quicker notification.
Besides the above, there is another Level 6 where any user has the right to report an image as inappropriate if they consider that, and this option automatically triggers a new process of review by the development team.
With this security protocol that was launched in January 2014, with the open phase of InsightMedi App, we have been able to guarantee the patient data protection regulations, thus providing the healthcare professionals with a free tool to share anonymized clinical information in a safety environment.
The implementation of this process is detailed in the presentation as well as other as other security strategies that were initially considered in the protocol.
Medicine 2.0® is happy to support and promote other conferences and workshops in this area. Contact us to produce, disseminate and promote your conference or workshop under this label and in this event series. In addition, we are always looking for hosts of future World Congresses. Medicine 2.0® is a registered trademark of JMIR Publications Inc., the leading academic ehealth publisher.
This work is licensed under a Creative Commons Attribution 3.0 License.