Recent articles in the media
AccelerateAB 2018: Sold Out Success (May 2018)
Alberta’s flagship tech conference showcased the active sector that has been thriving in the province
EDMONTON, Alberta–(BUSINESS WIRE)–Over 450 Alberta technologists and innovators learned about the leading edge of Artificial Intelligence (A.I.) at the sold out AccelerateAB 2018. AccelerateAB is Alberta’s flagship technology conference, which took place in Edmonton April 23-24, 2018.
Kicking off the day was Scott Penberthy, Director, Applied A.I. at Google. Dr. Richard Sutton, a global pioneer in the field of A.I., provided the closing keynote. As well, industry expert from Borealis AI, Yevgeniy Vahlis, gave an overview of where the sector is heading.
The Startup Advising Sessions were a success with nine companies – CMO4Hire, Fitset, IronSight, MicroMech, Mikata Health, PayTickr.com, ShareSmart, Skillpics, and Symend – participating in a full day of mentorship with The A100 on April 23. It included a talk from RBC Olympian Brianne Jenner who spoke about the similarities of building a strong sporting team and a strong startup team.
The annual Startup Advising Sessions Pitch Competition once again gave the Startup Advising Sessions delegates a chance to tell the Alberta tech sector about their company. The winner of the Pitch Competition was CEO and Co-Founder Rena Tabata from ShareSmart, who was awarded the inaugural ‘Alex Raczenko Pitch Award’. Alex was a passionate advocate and mentor who was always helping to grow the Alberta tech community. As such, the entrepreneurial community wanted to honour his memory with the ‘Alex Raczenko Pitch Award’. This award will be given to the AccelerateAB Pitch Competition winner annually.
As the winner of AccelerateAB’s Pitch Competition, ShareSmart received:
The conference would not have been possible without the help of sponsors Alberta Enterprise Corporation, Alberta Innovates, Edmonton Economic Development, BDC, PwC, TECTERRA, Advanced Technology Centre, AltaML, Aspen Properties, Fasken, Calgary Technologies Inc., Osler, RBC, Startup Edmonton, TEC Edmonton, BLG, Accelerate Fund, Rainforest Alberta, and partners Business Wire, Pinstripe Productions, and The Agency – Strategic PR & Marketing.
For more information about The A100 please visit www.thea100.org and for AccelerateAB visit www.AccelerateAB.com.
Calgary app aims to solve widespread health-care issue (Apr. 2018)
A Calgary-based tech company has received praise from Silicon Valley for its solution to a widespread problem found in hospitals around the world.
With the omnipresence of smartphones and the fast-paced, high-pressure environment found in hospitals, doctors and nurses routinely use apps like Whatsapp and iMessage to communicate and share pictures of patients in order to treat them.
ShareSmart was developed as a way to tackle that issue. The program encrypts all text and photos within the app and stores them on a Canadian server with a number of safeguards in place.
The ShareSmart team app worked with privacy lawyers to make sure it complied with Canadian privacy legislation.
According to co-founder and CEO Rena Tabata, the problem is widespread.
“What the public doesn’t know is it happens all the time, every day,” she said.
“In medicine, the use of unsecured apps is actually a named problem. It’s called the ‘Whatsapp problem.’ There’s stats and figures on how many health-care professionals have been reprimanded for using these technologies simply because they’re not fit for medicine.”
A 2016 survey of Canadian general surgery residents found 100 per cent of respondents used their phone for patient-related communication. Eighty-nine per cent did not have encrypted phones.
Another survey from 2014 revealed 89 per cent of Canadian plastic surgeons used their smartphones to take clinical pictures of patients.
ShareSmart co-founder and physician Justin Yeung saw the importance of health-care workers being able to communicate quickly and effectively, but also recognized the risk of having unsecured patient information – especially pictures – stored on people’s smartphones.
“It’s a very universal problem. [We are] more and more looking to protect the information of our patients and to protect ourselves from legal ramifications,” Yeung said.
“Frankly, when I started this I was looking for a solution. I couldn’t find one and we decided to come together and make it.”
The app hit the market in mid-2016 and is already used by 20,000 people in more than 70 countries.
The app was endorsed by the Cumming School of Medicine at the University of Calgary and Tabata has noted “a strong, grassroots” uptake by doctors in Alberta hospitals.
In February, ShareSmart was recognized by Startup Grind – a “global tech community” based in California. The app competed against 6,000 tech companies from around the world and was named a Top 50 Startup of 2018.
“[It’s] very exciting to know we’re competitive at a global scale,” Tabata said.
“We had a lot of interest from potential investors and institutions looking to pilot our application. So, lots of followup has been done.”
|ShareSmart’s Commitment to Global Data Protection
An analysis on the GDPR (Apr. 2018)
On May 25, 2018, the European Union General Data Protection Regulation (“GDPR”) will be effective upon all member states of the European Union and it will replace the current legislation, Directive 95/46/EC. GDPR is a comprehensive data protection law that governs the collection, use and dissemination of personal information in the public and private sectors. Unlike its predecessor, GDPR has much wider territorial scope, stricter requirements for consent, greater rights for data subjects, greater obligations upon controllers and processors, and tougher governance.
Personal information is defined as any information that can indirectly or directly identify a person. Usually, data protection law of a country does not have jurisdiction over the processing of personal information of entities in other countries. GDPR, however, is applicable to the processing of personal information extraterritorially if the entity intends to offer goods or services to data subjects in EU or monitors the behavior of data subjects in EU.
GDPR mandates affirmative consent. It expressly requires the consent to be freely given specific, informed, and unambiguous by a clear affirmative action. The existing practice of “opt-out” consent where the burden is on the data subject to opt-out is eliminated. In other words, the request for consent must be intelligible and in easily accessible form, the purpose of the collection and use of the data collected must be clear and specific, and the withdrawal process must not be difficult and should be as easy to do so as it is to give consent. GDPR also requires a higher standard of consent for sensitive information such as health information, whereas explicit consent with signature is required.
Rights of Data Subjects
GDPR expands the rights of data subjects to be swiftly notified of data breach to the collected information, to have access to free electronic copies of the collected information, to demand their collected information to be deleted under certain circumstances, and to transfer the collected information to other controllers.
Obligations of Controllers and Processors
GDPR has jurisdiction over both controllers and processors. In particular, controller is required to use only processors providing sufficient guarantees to implement the required technical and organizational measures of the GDPR which include maintenance of record of data, appointment of data privacy officer and representative to report to the GDPR’s authorities, and data minimization.
GDPR requires participating EU States to have a supervisory authority which the controllers and processors will report to. These supervisory authorities will have wide investigative and enforcement powers to receive and investigate complaints and issue public warnings and orders. GDPR also provides greater sanctions to entities that have committed breaches to GDPR, including high revenue-based fines and remedies for private claims.
Impact on Healthcare Technology
Technology improves efficiency and reduces cost for many industries. Healthcare in particular can benefit immensely from technology not just in treatments but in operation and management. Secured, accurate, and fast electronic transfer and collection of health information such as clinical photography is essential to improve healthcare delivery. Health information, however, are sensitive and private information which data protection laws across the world such as GDPR have recognized and have established or will establish high standards for controllers and processors of such data to comply with. Therefore, it is important for healthcare controllers such as hospitals and clinics that fall under the territorial scope of GDPR to choose processors that are fully compliant with the GDPR. ShareSmart and GDPR
ShareSmart is a cloud-based clinical messenger that enables healthcare professionals to collect, transfer, and use clinical images and information in a secured manner with auditing, archiving, and consent management functions. Along with the above requirements, ShareSmart is already compliant with health data privacy and protection laws in certain countries and has considered application in various other jurisdictions including the United Kingdom. We are confident that ShareSmart will be officially certified by the certification bodies accredited in pursuant to GDPR.
The content on this blog is provided for general information purposes only and does not constitute legal or other professional advice or an opinion of any kind. Users of this blog are advised to seek specific independent legal advice regarding any specific legal issues. Think Tank Innovations Ltd. does not warrant or guarantee the quality, accuracy or completeness of any information on this blog. The articles published on this blog are current as of their original date of publication, but should not be relied upon as accurate, timely or fit for any particular purpose.
Accountable Care Journal
Apps offer secure solutions to clinician-patient communication risks (Apr. 2018)
Clinicians have long been disappointed at the quality of healthcare software, writes Justin Yeung, dual-qualified plastic surgeon and clinical implementation director at Canadian startup, ShareSmart, and Drea Burbank, a consultant for disruptive technology in medicine and medical technology and adviser at ShareSmart. What are the dangers of unsecured communications technologies and how can dedicated tools boost staff efficiency and enhance processes?
In a 2016 survey by Deloitte, 70 per cent of physicians thought their electronic health record (EHR) reduced productivity, 75 per cent thought it was a net financial loss, and satisfaction is shown to be decreasing over time. To quote a 2014 article:
“No other industry, to our knowledge, has been under a universal mandate to adopt a new technology before its effects are fully understood and before the technology has reached a level of usability that is acceptable to its core user.”
For the past few decades, most healthcare staff have accepted that poor interfaces, out-of-date algorithms, and poor interoperability are the cost of compliance with privacy laws.
But the truth is that hospital systems are commissioned and built at the enterprise level, with little-to-no incentive to create good software. Enterprise clinical systems benefit from reduced interoperability allowing them to retain market share. Enterprise clinical systems are commissioned by hospital administrators and often fail to perform usability testing with clinicians and are built to constantly out-of-date legal requirements, which means they often fall behind the standards of more competitive markets. As a 2015 National Health Service (NHS) panel concluded, the “digital revolution has largely bypassed the NHS.”
However, physicians also use consumer-technology such as smartphones, gaming interfaces, and cloud-based platforms. As these systems evolve, physicians are beginning to quietly rebel.
The UK panel reported:
“Many records are insecure, paper-based systems which are unwieldy and difficult to use. Seeing the difference that technology makes in their own lives, clinicians are already manufacturing their own technical fixes.
“They may use Snapchat to send scans from one clinician to another or camera apps to record particular details of patient information in a convenient format.
“It is difficult to criticise these individuals, given that this makes their job possible. However, this is clearly an insecure, risky, and non-auditable way of operating, and cannot continue.”
As most clinicians know, working groups frequently text patient details and clinical photos to each other to facilitate care interactions. In the U.S., a 2012 online survey conducted at the well-respected UC Davis medical centre privately recorded that 88 per cent of residents and 71 per cent of attending surgeons texted residents for patient-related care. In the UK, the aforementioned 2015 NHS survey reported 63 per cent of doctors admitted texting patient information, and 46 per cent sent photos or X-rays to colleagues.
Physicians still give lip-service to privacy regulations, 55 per cent of physicians say they are worried about cyberattacks, and 87 per cent of physicians claim their practice is HIPAA-compliant. However, only 60 per cent of physicians are confident they know what HIPAA-compliance requires.
As one of the most common security breaches in healthcare is stolen mobile phones, and 83 per cent of physicians use mobile phones, texting patient info is a non-trivial issue in clinical data security.
Given that this behaviour is not likely to cease we need to facilitate it in more functional ways. As Harvard scientists proposed in 2011, the most efficient way to improve medical software is to enable cloud-based clinical apps to run over existing legacy databases. This allows competitive app development cycles (i.e. iterative “agile development” vs. top-down “waterfall development”) while retaining legacy security infrastructure which most app developers are little inclined to replicate.
In Canada, we have taken the time to obtain clinical approval and legacy buy-in from hospital administrators for ShareSmart, a secure messaging app. This enables clinicians to have the utility of smartphone messaging and cloud-based photo sharing, without the potential security leaks. With this approach, it is now the gold standard for smartphone communication in Canada.
Clinicians report increasing multidisciplinary collaboration and efficiency of care and hospital administrators have reported cost savings from avoiding data breach fines.
This app is easily adapted to the UK where doctors using WhatsApp can continue to use the functions of their smartphones, but protect themselves and their patients, while keeping dual personal and work communication streams on their mobile phones.
We believe in empowering clinicians to advocate for better software. If clinical texting is a positive evolution, increases physician satisfaction and physician productivity, then forward-thinking administrators will seek to enable it with secure applications and EMR integration rather than attempting to suppress it.
Justin Yeung MD, FRSC, and Drea Burbank MD
Smartphones as A Privacy Solution (Mar. 2018)
Dr. Justin Yeung is a board-certified Plastic Surgeon with dual clinical and academic appointments and 5 years as the Clinical Implementation Director for ShareSmart, a secure clinical messaging app for clinicians. Dr. Drea Burbank is a consultant for disruptive technology in medicine and Medical Technology Advisor at ShareSmart. Full bios here
Facebook is under intense public criticism from the US and the UK for privacy breaches. Although the details are still emerging, it seems the company allowed a third-party to administer a “personality test” to ~50 million US voters for “academic purposes”. However the data was misused, delivered to a political consulting firm, and used to target paid ads for Trump’s presidential campaign.With increased digitization, privacy will be a major issue in the 21st century. Some futurists believe increased transparency can be positive but no one is more aware of the contemporary tug-of-war between open communication vs. personal privacy than clinical staff. Clinical texting might be risqué, but it is also ubiquitous. A 2015 study conducted in the UK suggested that up to 65% of doctors and 14% of nurses were using SMS or app-based messaging to sent patient-related clinical information to colleagues and up to 46% of doctors and 7% of nurses sent pictures. A similar 2012 study conducted in the US found that 88% of residents and 71% of attending surgeons texted residents for patient-related care. As 2015 National Health Service (NHS) panel explained: “They [clinicians] may use Snapchat to send scans from one clinician to another or camera apps to record particular details of patient information in a convenient format” “It is difficult to criticise these individuals, given that this makes their job possible. However, this is clearly an insecure, risky, and non-auditable way of operating, and cannot continue.” In the UK doctors using WhatsApp advocated for its use by saying that it was not only free but “end-to-end encrypted, everyone knows how to use it, and it will always be updated to the latest software.” However, WhatsApp is owned and data mined by Facebook. Doctors are right to advocate for more useful software; however, they must have more secure options than consumer texting apps. Currently the most common security breach in healthcare is stolen mobile phones containing unsecure clinical data. The good news is that physicians want to use secure smartphone messaging, the same UK study showed that most clinical staff (72% of doctors and 37% of nurses) even if they do not text wanted a secure means of sending clinical information via smartphone. Technology and governing bodies have evolved to meet clinician’s needs. The Canadian Medical Association leads the world in digital professionalism and they recruited Dr. Justin Yeung, the Clinical Director of ShareSmart to define a Best Practices Guideline for clinical smartphone use. To summarize the guideline, clinicians now have the freedom to take and text clinical photos from their smartphones. But only when using next-gen digital apps that securely store and transmit patient data. Apps like ShareSmart meet all national requirements for digital photo-sharing including informed consent, encrypted transmission, secure storage, audit trails, and breach reporting. For clinicians using SMS or WhatsApp, Facebook’s embarrassing public reversal is a timely reminder that professional messaging systems are a worthwhile investment. Digital professionalism is not only a professional standard, now it’s easy to do, and supported by hospital systems and professional bodies. With the proper software, smartphones can be a privacy solution.
Canadian Medical Association
BEST PRACTICES FOR SMARTPHONE AND SMART-DEVICE CLINICAL PHOTO TAKING AND SHARING (Mar. 2018)
Clinical photography is a valuable tool for physicians. Smartphones, as well as other devices supporting network connectivity, offer a convenient, efficient method to take and share images. However, due to the private nature of the information contained in clinical photographs there are concerns as to the appropriate storage, dissemination, and documentation of clinical images. Confidentiality of image data must be considered and the dissemination of these images onto servers must respect the privacy and rights of the patient. Importantly, patient information should be considered as any information deriving from a patient, and the concepts outlined therefore apply to any media that can be collected on, or transmitted with, a smart-device.
Clinical photography can aid in documenting form and function, in tracking conditions and wound healing, in planning surgical operations, and in clinical decision-making. Additionally, clinical photographs can provide physicians with a valuable tool for patient communication and education. Due to the convenience of this type of technology it is not appropriate to expect physicians to forego their use in providing their patients with the best care available. The technology and software required for secure transfer, communication, and storage of clinical media is presently available, but many devices have non-secure storage/dissemination options enabled and lack user-control for permanently deleting digital files. In addition, data uploaded onto server systems commonly cross legal jurisdictions. Many physicians are not comfortable with the practice, citing security, privacy, and confidentiality concerns as well as uncertainty in regards to regional regulations governing this practice.1 Due to concern for patient privacy and confidentiality it is therefore incredibly important to limit the unsecure or undocumented acquisition or dissemination of clinical photographs. i
© 2018 Canadian Medical Association. You may, for your non-commercial use, reproduce, in whole or in part and in any form or manner, unlimited copies of CMA Policy Statements provided that credit is given to Canadian Medical Association. To assess the current state of this topic, Heyns et al. have reviewed the accessibility and completeness of provincial and territorial medical regulatory college guidelines.2 Categories identified as vital and explored in this review included: Consent; Storage; Retention; Audit; Transmission; and Breach. While each regulatory body has addressed limited aspects of the overall issue, the authors found a general lack of available information and call for a unified document outlining pertinent instructions for conducting clinical photography using a smartphone and the electronic transmission of patient information.2 The discussion of this topic will need to be ongoing and it is important that physicians are aware of applicable regulations, both at the federal and provincial levels, and how these regulations may impact the use of personal devices. The best practices supported here aim to provide physicians and healthcare providers with an understanding of the scope and gravity of the current environment, as well as the information needed to ensure patient privacy and confidentiality is assessed and protected while physicians utilize accessible clinical photography to advance patient care. Importantly, this document only focusses on medical use (clinical, academic, and educational) of clinical photography and, while discussing many core concepts of patient privacy and confidentiality of information, should not be perceived as a complete or binding framework. Additionally, it is recommended that physicians understand the core competencies of clinical photography, which are not described here. The Canadian Medical Association (CMA) suggests that the following recommendations be implemented, as thoroughly as possible, to best align with the CMA policy on the Principles for the Protection of Patient Privacy (CMA Policy PD2018-02). These key recommendations represent a non-exhaustive set of best practices – physicians should seek additional information as needed to gain a thorough understanding and to stay current in this rapidly changing field.