If you weren’t aware of your privacy rights before, the last few months has been a wake-up call to a lot of people – but there is still a long way to go before we all fully take back control of our privacy online. For example, did you know that the average website puts over 20 cookies onto your computer when you first log in? A cookie is a tiny piece of software that tracks what you do online after you’ve logged out of a website. Most computers will have well over 1000 cookies in the background, taking note of other places you visit on the internet.
A recent debate in Australia has also highlighted the potential for individual health records to be shared with inappropriate third parties (though changes to proposed legislation have gone some way to correcting this).
At Tamanu, we have a firm rule. We don’t share identifiable patient data with anyone, ever. In fact, Tamanu doesn’t use any of the tricks that some other software companies do to secretly capture your data and invade your privacy.
Our partners own their own data and we are simply their custodians.
Recently, you have probably also been receiving a number of emails from software services that store your personal data. This is because the European Union Parliament passed a regulation on data protection and privacy that had implications for any company storing the data of EU citizens. Most tech companies (e.g. Facebook, Google, Apple) are updating their terms of service to comply with these regulations.
We wanted to update you on what this means for Tamanu.
Tupaia does not capture patient-identifiable data of users in Europe, so there are no legal implications at all for us. Ethically though, we think the new European laws are long overdue and we intend to follow them wherever this is allowed by local laws in the countries we work in.
Patient data is stored on a secure database and is not shared with anyone else except at the request of a partner government or organisation. User passwords are stored with non-reversible encryption (which means even we can’t see them!). Patients have the right to view their own data and we can enable mechanisms to allow this (in consultation with local governments). Patients also have the right to not participate or have their data shared (again, if this is agreed to by local partners) and we enable that through our ‘anonymous patient’ feature.
We are also able to see when users log into the software, what actions they perform (usage analytics), and which surveys they have completed in programs. Again, this data is not shared – it is collected only for reporting and training purposes.
Finally, Tamanu is able to take photos and track your location – this is only done when indicated in the program and we do NOT take photos without first warning you in the app (you need to click ‘take a photo’). We use the location data to track where health facilities are – we do not track your location unless you are completing a survey.
Tamanu does not collect data from other parts of your phone or computer, it cannot see your contacts and the only cookies it uses are to record whether you are logged in. We do not share user details with anyone (unless you ask us to) and we don’t capture data that we don’t tell you about!
Please feel free to contact us for more information and to speak with one of our software developers.