Miiskin Privacy and Security

1. Compliance

1.1 GDPR

GDPR (European Union General Data Protection Regulation) compliance extended to all global users. The seven pillars of GDPR:

1.2 HIPAA

HIPAA (United States Health Insurance Portability and Accountability Act)

We are following the US national standard that protects patients’ sensitive health information from being shared without explicit patient consent. Internal processes ensure secure identity management and authentication, strict access control, audit logs and breach response.

2.1 Data Encryption

iPhone: iOS Level 3 encryption
Android: AES 128-bit image encryption
Data transmission (In-transit): TLS v.1.2 (Transport Layer Security)
Miiskin Backup: IBM HIPAA/GDPR compliant Cloud Storage with server-side encryption

2.2 Service reliability

3.1 User privacy features

Ability to set a 4-digit app passcode to protect photos locally on the phone.
Ability to blur out areas of a photo e.g. in full-body photos
When access the web-based “Web Compare” the user needs access to the Miiskin app for two-factor authentication
Data can be exported from the app by the user (In which case images are unencrypted)
User can request that their data and images are deleted if they for some reason wish to do that
Miiskin’s privacy policy has been created so it’s clear and easy to understand. For more information, our privacy policy can be found here.

As a HIPAA compliant solution Miiskin can be used for TeleHealth in the United States.
Telehealth entails that health information is shared from the Miiskin app to a distant healthcare provider. In this case, explicit patient-user consent is ensured before any data transmission occurs.
Miiskin has ready-made industry-standard APIs for user authentication and integration with leading electronic health record systems

Updated: January 26th 2021.