Patient data collected through the Simple app
Only users who have been approved by designated personnel get access to patient data through the app. Designated personnel can also revoke access to prevent the user from gaining access to additional data.
The app requires the user to enter a PIN (set by them) before they gain access to Protected Health Information. There is protection against brute force entry to the app.
Screenshots, automatic backups, and installations of app on SD card are disabled to prevent access to PHI.
Reports on registration of patients and recording of BPs by users (nurses) across facilities is available to approved staff and approved officials on dashboard.simple.org. Reports do not contain any Protected Health Information (PHI).
Data from the app is visualized with the help of third-party software called Metabase (https://www.metabase.com/) that enables decision-making. Metabase is self-hosted on the same infrastructure as Simple.
Whenever a user accesses PHI in the app, this access is logged, and a copy of the log is sent to Mixpanel (https://mixpanel.com/). Approved staff can use this service to figure out which patients’ information was accessed by a particular user (nurse or doctor) and which users (nurses or doctors) had access to information about a particular patient.
Analytics on app usage (such as the number of times a certain button is clicked) is sent to Mixpanel, Firebase (https://firebase.google.com/), and DataDog (https://www.datadoghq.com/) to help us monitor the performance of the app. These analytics do not contain any Protected Health Information.
We use Sentry to monitor crash analytics.
Console access is logged, encrypted, and backed up.
In India, all data is stored on AWS (Amazon Web Services) Mumbai servers, which are approved by the Government of India (ref: http://meity.gov.in/content/gi-cloud-meghraj).
In Bangladesh, all data is stored on AWS (Amazon Web Services) Mumbai servers during the pilot stage of the program.
In Ethiopia, all data is stored locally inside the Ethiopia Federal Ministry of Health.
Only designated personnel have access to the server.
So far, we have been using fake data (created by us) for testing. In the future, we plan to use anonymised data (scrambled patient records) for this purpose. No full record will be recoverable for any patient from these scrambled records. Even so, only designated personnel will have access to the anonymised data.
Access to Protected Health Information (PHI) is granted solely on a need-to-know basis, and limited to technical staff who require access to the records in order to build and maintain the application itself or data entry operators who help digitise patient records from the paper treatment cards that were a precursor to the app.
All designated personnel who are not part of the Resolve to Save Lives organization have signed non-disclosure agreements (either individually or through the organizations they work with).
List of designated personnel with access to PHI: List of personnel
Data is encrypted at rest using the AES-256 algorithm and Amazon RDS handles authentication of access and decryption.
Data is secured in transit, via SSL by enforcing HTTPS on all communications between mobile devices and the backend.
The database and servers are provisioned in different VPCs (Virtual Private Clouds).