GDPR (European Union General Data Protection Regulation) compliance extended to all global users. The seven pillars of GDPR:
- Lawfulness, fairness, and transparency
- Purpose limitation
- Data minimization
- Storage limitation
- Integrity and confidentiality (security)
HIPAA (United States Health Insurance Portability and Accountability Act)
- We are following the US national standard that protects patients’ sensitive health information from being shared without explicit patient consent. Internal processes ensure secure identity management and authentication, strict access control, audit logs and breach response.
2. Technical security setup
2.1 Data Encryption
- iPhone: iOS Level 3 encryption
- Android: AES 128-bit image encryption
- Data transmission (In-transit): TLS v.1.2 (Transport Layer Security)
- Miiskin Backup: IBM HIPAA/GDPR compliant Cloud Storage with server-side encryption
2.2 Service reliability
- Asynchronous transfer to cloud storage
- 99.99% up-time
3. End-User Privacy Features
3.1 User privacy features
- Ability to set a 4-digit app passcode to protect photos locally on the phone.
- Ability to blur out areas of a photo e.g. in full-body photos
- When access the web-based “Web Compare” the user needs access to the Miiskin app for two-factor authentication
- Data can be exported from the app by the user (In which case images are unencrypted)
- User can request that their data and images are deleted if they for some reason wish to do that
- As a HIPAA compliant solution Miiskin can be used for TeleHealth in the United States.
- Telehealth entails that health information is shared from the Miiskin app to a distant healthcare provider. In this case, explicit patient-user consent is ensured before any data transmission occurs.
- Miiskin has ready-made industry-standard APIs for user authentication and integration with leading electronic health record systems
Updated: January 26th 2021.