Security & Privacy Policy

mindLAMP is a customizable smartphone app designed and developed by our team to support research in mental health. mindLAMP is designed to collect information and record lived experience through surveys, cognitive tests and games, Apple HealthKit and Google Fit monitoring, and phone sensors. The data collected offers patients and clinicians insight into behavioral and physiological patterns that may help inform future diagnoses and treatments for mental illness.

Your Personal Information

“Your information” is the information we request when you initially download and launch the app. It is then accessible from your user profile under ‘Settings.’ This information includes, but is not limited to your user name and user profile you had used to register for the app. We also receive other types of information about you that is customarily gathered by web and mobile applications:

We receive data about you whenever you interact with the mindLAMP app, such as when you launch the application, click on, view or otherwise interact with a feature. This may include date and time of the request, the feature requested, and completion status of the request.
We receive data from the mobile phone you use to launch mindLAMP app.
We receive data about your answers to surveys and cognitive tests.
If you opt in, we receive geospatial data that can tell us where you are nearby when you interact with the app.
If you opt in, we receive data about your step count and other information provided by Apple Health Kit or Google Fit.

How We Use Your Personal Information

Your personal information may be used to support internal operations, including troubleshooting/user support, and service improvements. To ensure you are receiving the highest level of service in your interaction with the mindLAMP app, your contact information may be used to communicate back with you regarding your requests.
We also use the data to create aggregated statistics which helps us in the improvement of our service. Aggregated data allows us to evaluate "traffic" patterns to our app in terms of the number and role of visitors, level of demand, most popular requests, and types of errors. These statistics are not linked to any personal information that can identify any individual person. This data may be kept for an indefinite amount of time, and it may also be used at any time and in any way reasonably necessary to monitor for security breaches and to ensure the integrity of the data on our servers.

Information We Share With Others

We do not sell, trade, or otherwise transfer to outside parties any information we receive. We may release information we collect to judicial, law enforcement or other government agencies when we believe release is appropriate to comply with a governmental or court order, or the law, to enforce our own policies, or to protect ours or others’ rights, property or safety.
We may share aggregate statistics about our visitors, general traffic patterns, app usage, survey answers, cognitive test results, and phone collected data like step count, geospatial location, flights of steps climbed (and other Apple Healthkit and Google Fit data) for purely research purposes. If used for research, your data will be only used in an aggregate form. We will never use your data for marketing or commercial purposes.

How We Protect Your Information

We make every reasonable effort to protect your information against unauthorized access, alteration, disclosure or destruction using current security technologies. Servers that host the mindLAMP app and store your personal information are maintained in a secured facility behind a firewall. The mindLAMP app security measures are reviewed regularly and are consonant with policies for secure healthcare data storage. Finally, we restrict access to users’ personal information to our employees, contractors and agents who need to know that information in order to process it on our behalf for purposes of providing you support and services. These individuals are required to attend training on patient privacy and confidentiality and are bound by strict confidentiality obligations.

Deleting Your Account

Your account may be deleted via the app through the delete my account button. You may delete your account at any time. When you delete your account you will be asked if you want us to delete your data as well.

Copyright And Proprietary Rights

The mindLAMP app, its features and contents are protected by copyright and other intellectual property laws, as well as other state, federal and international laws and regulations. Unless otherwise expressly provided in these Terms of Use, you may print or download information from the app for personal, non-commercial use only, provided you identify the source of the material, include a statement that the material is protected by copyright law, and do not modify any of the information. Reprinting, or otherwise reproducing, and/or reproducing any document in whole or in part is prohibited, unless prior written consent is obtained from the copyright owner.
Nothing in these Terms of Use shall be deemed to grant you any right, title, license or interest in or to any software or documentation, or in any related patents, copyrights, trademarks, trade secrets or other intellectual property of any kind.

About

The LAMP platform a is free and open source software platform currently developed by Beth Israel Deaconess Medical Center (BIDMC) Division of Digital Psychiatry. Although LAMP has broad potential, we are here using it as an interface that patients and clinicians can use together to capture relevant data and generate reports. It’s important to note that LAMP is not an electronic health record system or offering clinical decision support. Because LAMP has been developed in clinical settings and designed to support patients and clinicians – the foundation of LAMP is rooted in privacy and security. Below is an outline of the technical specifications that highlight the privacy and security in the LAMP.

Login and Authentication

Credentials are required to access the LAMP Platform. By default, a clinician can see the data of their patient, but any other access must be explicitly granted. The clinical sites administrator will be able to view aggregate reports that contain no identifying information about the patients at a site.

Technical Safeguards

As data is transferred between the device and server, it is encrypted in flight using the TLS v1.3 protocol atop the HTTP/2.0 transmission format. As data is accepted by the server, it is stored in the data lake encrypted at rest using AES-256 encryption through a secret key unique to each site. Any requests made to the server to create, update, delete, or even read data, will cause the incremental addition of the request to an audit log, along with the credentials used to make the request so it is possible for a site to monitor all requests for data.

Personal Health Information (PHI)

There are 18 identifiers that make health information PHI. The one PHI type that LAMP will collect are dates as information is timestamped. LAMP will not collect patient names and uses codes instead. Thus, linking any information collected by LAMP to a unique patient is not easy without a key which will be kept by each site and not shared.

HIPAA

LAMP offers physical and technical safeguards that are in line with the HIPAA Security Privacy Rule. Specifically, the rule “requires covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting e-PHI including:

a) Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or transmit;

b) Identify and protect against reasonably anticipated threats to the security or integrity of the information;

c) Protect against reasonably anticipated, impermissible uses or disclosures; and

d) Ensure compliance by their workforce.

LAMP meets this through the offering the follow features:

1. Limited facility access and control with authorized access procedures in place

2. Restrictions for transferring, removing, disposing, and re-using PHI

3. Access control allowing only for authorized personnel to access PHI.

4. Audit reports / tracking logs that record activity

5. Integrity controls in the database that ensure data is not altered or destroyed unless by an authorized user with the appropriate permissions

6. Encrypted network transmissions

Breach Policy

In the event of a suspected data breach, a site lead may immediately revoke all credentials and immediately disable access to the data. As both a public and private key are required to decrypt exported data, and separate private keys are maintained per site and per patient, a data breach of one sub-section of the data cannot and will not affect other sub-sections or the entire platform Furthermore, devices are identified by a unique per-device token and data integrity in flight can be ensured when reviewing the audit trail by cross-referencing this device-specific token. As noted above, LAMP does not record name but identifies users by codes so even with a breach, it will be hard to connect a person to their data.

Risk Analysis and Management

Our team performs frequent risk analysis as part of our security management processes.