Privacy Policy

1. The definition of PID &NPID

there are two types of data: Personally Identifiable Data (PID) and Non- Personally Identifiable Data (NPID).

Personally Identifiable Data

PID is defined as information that can be used to directly identify an individual. According to the UK Data Protection Act 1998, “Personal Data” is defined as any data that can be used to identify a living individual. The EU’s recently adopted General Data Protection Regulation agrees with this definition, and adds that if anyone could see the data and identify the person with it, it is considered Personally Identifiable information. Examples of this type of data includes name, address, fingerprints, email address, ip address, birthday, posts on social networking websites and telephone numbers.

Woundpro stores following data in cloud server:

– Patient name
– Patient Age
– Cellphone number
– Past medical history – Wound information – Drug use information -…

Non-Personally Identifiable Data

NPID is defined as information that is “anonymous”, meaning that it cannot be used to identify someone. According to the UK Data Protection Act 1998, anonymized or aggregated data is not regulated by the Act, as long as the anonymisation or aggregation is not done in a reversible way. The EU General Data Protection Regulation agrees with this in Article 17.

WoundDoc Internal Use Only

Woundpro stores following NPID data in local storage:

– Wound photo
– Created time
– Last modified time – …

2. Data Collection & Storage

Data Collection

Some data is collected by direct input from users when creating patients or cases.

Other data is collected during the process of creating or editing includes wound size, created time, last modified time, and other NPID as outlined above.

Data storage

Data is securely stored in several locations within the woundpro data system.

1. Local storage (iPhone device) 2. Amazon cloud database
3. Amazon cloud file system

How is the Data Stored?

We are building the app in an elastic way. We will consistently ensure the user experiences and prevent data loss from the huge increase of users.

Figure #1 is our current architecture.
Figure #2 is our further architecture with a big number of users.

WoundDoc Internal Use Only

Physically Location of our Virtual Servers

Amazon cloud server, file system and database is physically located in the USA west coast.

In future, cloud server will be located in various physical locations depend on computing and local law requirements.

How data is backed up?

All the online data is stored at Amazon EBS (Elastic Block Store) and EFS (Elastic file system). All data has been encrypted. We are protecting your data by creating point-in-time snapshots of EBS and EFS volumes, which are backed up to Amazon S3 for long term durability.

WoundDoc Internal Use Only

3. Data Security

Regulation Compliance

Data security has always been our primary goal. WoundDoc has signed a Business Associate Addendum with Amazon. Amazon will provide 100% HIPAA Eligible services for every application under our account.

For EU Data Protection(GDPR), AWS clouds computing confirms that all AWS services will comply with the GDPR when it becomes enforceable on May 25, 2018.

Encryption

Our encryption provides seamless support for data-at-rest and data-in- transit between server and data storage.

Data Transmission

All data transfers from cellphone to cloud server is secured via SSL (Secure Socket Layer) Technology.

4. Data Possession

Patients own their PID.

If a patient decides to erase their PID, it can be permanently and irrevocably removed from possession by any party.

The following people will have access to the data:

– WoundDoc administrators, customer support. – Account owner