Skip to content

App and System Permissions, Privacy, and Security

TriagePic edited this page Aug 5, 2016 · 14 revisions

The following discusses features as of the WinStore release.

Summary of Standard WinStore App Permissions

  • Cost: free
  • Category: Health & Fitness (no given category is ideal)
  • In-app paid services: none
  • Uses Azure cloud: no
  • Markets: worldwide, except countries under US sanctions
  • Age rating (through Release 8): 12+ (the recommended choice when age is not important, and the app needs webcam access.)
  • Age rating, Release 9 - discussed below
  • Cryptography: Yes, with ECCN number EAR99 (discussed below)
  • Release date: once passed certification
  • Declared as Accessible: no, not first release.

Age Ratings

These are generated (on Store submission) from answers to an International Age Rating Coalition (IARC) questionnaire. The questions are shown here in much-shortened form; the rationale for certain answers is also given in square brackets.

IARC App Category: "Utility, Productivity, Communications, and Other"

IARC Questions

  • Violence**: No
  • Sexuality**: No
  • Illegal Drug**: No
  • Bad Language**: No
  • Exchange content among users: Yes [where "users" is hospital staff]
  • Share user content with 3rd parties: No [i.e., reports only to hosting TriageTrak]
  • Share users location with other users: No [shares only hospital facility location, doesn't use GPS]
  • Nazi References: No
  • Is Browser: No

**Other than user-generated content

Age Category: 15+ [for hospital staff including student interns. Other choices are 12+, 18+, All Ages]

Privacy and Security

The following information is provided, in shortened form, in the in-app Settings/Privacy page:

The TriagePic/TriageTrak system collects and displays data about disaster event patients/victims arriving at a triage station. This comprises personally identifiable information (name, photo, gender, age group, notes) and general medical status (triage zone). Ingest of these are minimal compared to many other medical systems.

This version of TriagePic exchanges patient data only with a designated instance of TriageTrak, via secure https web services. It will largely be the policies surrounding the particular TriageTrak instance that determines its degree of data privacy.

TriagePic caches data locally. This cache is cleared if the app is uninstalled. The cached TriageTrak username and password are encrypted.

When Reporting to NLM's Demo TriageTrak

The instance at http://triagetrak/nlm.nih.gov is intended for testing and evaluation. Generally, you should not report actual patient data there. Routinely, you will be reporting data to a disaster event that requires "hospital staff" privilege. However, you will be sharing access to that data with other evaluators given that privilege. So consider the data effectively public. Only post data about actual people there if circumstances warrant it.

Information in your "hospital staff" login profile, such as email address, will be treated confidentially by NLM and be used only to assist in your evaluation of the system. It is NLM policy not to release such information to third parties.

When Reporting to a Private Instance of TriageTrak

The hosting organization should establish infrastructure, practices, and policies to provide appropriate data privacy, consistent with HIPAA or other jurisdictionally-appropriate regulatory regimes.

Cryptography and ECCN

The first release uses encryption for local caching of TriageTrak user name, password, and internal token for web services. It is anticipated that further versions may offer additional levels of encryption, depending on hospital feedback. For that reason, a US Export Commodity Control Number (ECCN) is specified. The Microsoft Store requires that applications that use encryption beyond password and DRM protection have an ECCN; see

http://msdn.microsoft.com/en-us/library/windows/apps/hh694069.aspx

(This might also be the case with other app stores or on-line distribution methods.)

The ECCN number can be self-assigned. See the brochure available from:

http://www.bis.doc.gov/index.php/licensing/commerce-control-list-classification/export-control-classification-number-eccn

Of particular note is this guidance from http://www.bis.doc.gov/index.php/policy-guidance/encryption/identifying-encryption-items:

"Is this hardware or software specially designed for medical end use?

The Nota Bene to Note 1 of Category 5, Part 2 provides:

N.B. to Note 1: Commodities and software specially designed for medical end-use that incorporate an item in Category 5, part 2 are not classified in any ECCN in Category 5, part 2.

Items that are specially designed for medical end use are not controlled under Category 5, Part 2 of the CCL. Items specially designed for medical end use are EAR99. There is a Statement of Understanding for medical equipment in Supplement No. 3 to Part 774 of the EAR."

More recent changes discussed in Note 4 regarding use of encryption for medical record confidentiality reinforce that this is not controlled under Category 5, Part 2. See also:

http://beta-www.bis.doc.gov/index.php/policy-guidance/encryption/encryption-faqs

In plain English, this doesn't say that no ECCN is needed. Instead, the appropriate ECCN is the "basket" category EAR99, for which no export license is required (abbreviated NLR) for most destinations or recipients.

Countries with US sanctions (currently Cuba, Iran, Syria, North Korea, North Sudan) can often receive medical technology if licensed on a case-by-case basis, under sanction-waiver provisions. But these countries aren't enumerated as market options in the Microsoft Store, but presumably covered as "Rest of World"; this is left unchecked for TriagePic. Note that since TriagePic source code is without-charge and open-source, this limitation chiefly affects its distribution through the Windows Store mechanism, and distribution of TriageTrak.

Clone this wiki locally