As a company that’s designed an app to support workers and organisations in healthcare, we encourage questions from new and existing users about how Med App handles privacy.
We’re frequently asked questions like:
- How will my data be used in the app?
- Will my data be protected?
In this article, we outline our approach to privacy, along with answers to some of Med App’s most frequently asked questions on the subject. By doing so, we’re not only demonstrating our commitment to meeting or exceeding our legal and compliance requirements, we’re also demonstrating that empowering customers to take ownership is pivotal to their success with Med App.
What data does Med App collect?
Misconduct by several high profile tech giants in relation to customer data has made customers more wary and wise, and we think that’s a very good thing. Users have come to understand that “free” does not mean totally free and they now want to know what companies like Med App do with collected data.
In the interests of full transparency, here’s what we do.
We collect three pieces of personal information: your name, phone number, and email address.
If your hospital has a subscription with Med App, the relevant manager (hospital administration, medical education or JMO manager) enters your details. On completion, an invitation to the app is sent to you, or you are granted access to the hospital within the app. Alternatively, if you download the app yourself, you will enter this data manually.
Why do you need my name, number, and email?
There are a couple of very practical reasons we ask for your name, number and email when signing up for Med App. Collecting these details allows your hospital to accurately identify the people with access to their hospital’s information. From Med App’s perspective, it also helps us resolve problems you might have when using the app, like having trouble registering, trouble resetting passwords or issues with the app.
You might be thinking, Well that all sounds great, but who can see this information?
Hospital administrators can see the full user list for their site. If they want to add more people they need to collect information through their normal processes or ask users to download, register and request access.
The MedApps support team can also see it, but will only use it to resolve problems you have with the app. In a very practical way, this means you can contact MedApps because your app keeps crashing, or your password reset didn’t come through. Every MedApps team member is bound by strict confidentiality clauses as part of their employment agreements and we also include these clauses in all the contracts with our customer sites. Disclosure is a legal issue and would be dealt with accordingly.
We only provide people access to information they need; not more or less. Regular security updates are conducted on our work devices. Passwords and accesses are stored securely.
– Share your personal information for advertising or marketing purposes.
– Send marketing emails or text messages unless you have agreed to it.
– Keep or process your personal information for any other commercial purpose.
Is my activity tracked in the app and who can see it?
Med App is designed to provide the right information to the people who need it, when they need it. In a busy hospital environment, or during a high intensity period of work like commencing a new JMO rotation or orienting new team members during a pandemic like COVID-19, a Med App user may use the app frequently.
To be clear, Med App is set up to track usage. In simple terms this means screen views (how many views of a particular article or page) and how many sessions (how many times the app is opened) are recorded. It also tracks views of documents sent through the app and invitations/QR code scans for attendance at events via the app.
Every user can find a record of their details, documents and events in the “More” section of the app. There you will see the history of documents sent to you under ‘Documents’, and all of your event invitations and attendances under ‘Events’. If you have started a support conversation with MedApps this will also appear in the ‘Feedback’ section.
in terms of analytics, we are interested in the aggregate information. So we have de-identified user names in the analytics records. This means Med App does not directly follow you as an identifiable user. The user names are de-identified to a random ‘user ID’ in the analytics. This means, it is not possible to see who views or clicks what. In the admin dashboard (hospital admin staff use to manage the app) we do track certain messages sent via the app so that hospitals can get a measure of engagement.
Here is what it looks like in the dashboard when a document has been sent or people have scanned in to an education or training event. This is only accessible to the hospital admins at your site:
Here’s an image of how individuals appear in Med App analytics:
This feature is important to us – and should be important to you too, as it means you can have complete confidence that you are free to look at whatever content you want. This is particularly significant with wellbeing content. We recognise it is vital employees feel they can access the content they need without the concern it may affect them adversely because management or administration can see who is doing what.
There is also a deeper purpose and value to using the aggregated information. It gives insight into the way Med App is used by healthcare workers, administrators, and educators. It helps the hospital teams – and Med App as app developers – to continually improve content in the app, to develop new and useful tools to help clinicians do their job, and to identify what does and doesn’t work. Ethical use of the technology means we’re able to achieve this without using surveys or evaluations, thereby causing less disruption to you.
As a technology provider, our objective is to strike a balance between providing useful and valuable insights for hospitals that allow improvement in tools and resources for clinicians, while protecting and respecting the privacy of our end users.
How does Med App work if I haven’t paid for it?
Great question, no doubt prompted by the frequently cited comment that ‘if you’re not paying for the app, then you are the product’.
While a free version of Med App is available, our commercial approach is based on a site-based subscription model. Under this arrangement, a hospital pays an annual subscription to access the platform (tailored to their business), as well as Med App’s support services. Importantly, it allows clinicians to access the app and their hospital site information as part of their regular employment.
Med App elected to adopt this model because of the ability (and corresponding incentive) to be strict about the privacy of users. It eliminates the need to sell data or details to third parties, or spam users with marketing material. Our primary driver is ensuring you have the tools to be capable, confident and efficient in your work.
Tech companies have had a bad rap lately. What about companies that control the internet and other plugins used in the app?
In Australia, we use AWS, a cloud computing service. Like other similar providers, AWS is subject to strict privacy laws and has achieved several ISO certifications. We also use other services to help us deliver the optimal experience for our customers.
Auth0 is our authentication provider. Rather than build the authentication service ourselves, we elected to work with a company that specialises in this area. Auth0 also ensures their security systems comply with relevant standards and privacy is built in at its core.
You can find out more about their system here.
Intercom provides the support chat features that help us resolve problems encountered when using the app. You can learn how Intercom complies with GDPR requirements here. A limited amount of your information (such as sign-up date and some personal information, for example your email address) is provided to Intercom. They do also use some cookies and similar technologies depending on whether you visit our app or website, as this helps us improve our service to you. Occasionally, Intercom is used as a communication tool, however this is only to allow us to respond to help queries sent to us (from users) through the website or app’s live chat button on the help/feedback section.
Twilio is used to send invitation and reminder text messages securely.
You can find out more about their system here.
Sendgrid is used to distribute invitation emails that accompany initial text messages, as well as to send password reset emails. Email digests are also sent to dashboard managers through this service.
I’m still curious and what to know more. Where do I go?
A good place to start is to check all the information we hold about you and update your personal details. You can find this in the “More” section of the app or the privacy section of our website.
You may prefer to contact us directly with your questions. Correspond via our email at firstname.lastname@example.org and we’ll get back to you within two working days.
As an organisation, we are wholly committed to taking the very best care of our customers’ privacy information. It’s why we only collect the bare minimum and restrict access (only your hospital administration team and our support team can see the information). Med App has been designed to support those doing important work in healthcare – and it’s why we’ve made a choice not to sell or exploit information for advertising or marketing purposes.