Timely Care Through Early Detection.
VitalProbe
Data Security Policy
Securing sensitive vitals (health) data collected by wearable IoT devices is crucial due to its personal nature and potential impact on individuals. Here are some key aspects we considered while designing our vitals data security architecture:
​
Threats and Vulnerabilities:
​
-
Data interception:  Malicious actors might intercept transmissions between VitalsTrak and the cloud, stealing sensitive data like heart rate, or even location. To deter this, we encrypt data on the device, in flight and at rest on the cloud. ​
​​
-
Unsecured storage:  Vitals data breaches at servers storing health information can expose large numbers of users. At no point in its journey from VitalsTrak to the cloud, users vitals data is exposed unencrypted.
​​
-
Weak authentication:  Inadequate password practices or insecure login protocols can create entry points for hackers. We use multimodal strong authentication and do not share any personally identifiable information.
​​
-
Malware attacks:  Devices may be vulnerable to malware that steals health information or disrupts their functionality. Our robust and secure architecture prevents malware attacks.
​​
-
Insider threats:  Authorized personnel with access to health information might misuse or sell it. Our strong authentication and user consent prevents such abuse.
​​
Best Practices for Data Security:
​
-
Encryption:  We implement strong encryption for vitals data at rest (stored) and in transit (transferred).
​​
-
Authentication and authorization:  We use multi-factor authentication and robust access control measures – user consent.
​​
-
Regular security updates:  We ensure that VitalsTrak and associated software are updated with the latest security patches.
​​
-
Network security:  We secure the network. connections used by VitalsTrak and cloud platform.
​​
-
Privacy-preserving technologies:  We utilize techniques like anonymization or differential privacy to protect sensitive vitals data while allowing for analysis or predictive analytics.
​​
-
Transparency and compliance:  We clearly communicate vitals data collection and usage practices to users and comply with relevant privacy regulations like HIPAA or GDPR.
​​
Additional Considerations:
​
-
Device security features:  VitalsTrak has built-in security features like secure connect, and hardware-based encryption.
​​
-
Data minimization:  VitalsTrak collects only vitals data.
​​
-
Regular security audits:  We conduct regular security assessments to identify and address vulnerabilities.
​​
-
User education:  We educate our users about secure practices like strong authentication and avoiding suspicious links or apps.
​​
Remember, data security is an ongoing process, not a one-time solution. By implementing these best practices and staying informed about emerging threats, you can help ensure the safety and privacy of your health data when using VitalsTrak.
VitalsProbe
Data Privacy Policy
Data privacy remains a critical concern for wearable IoT health monitoring devices, given the sensitive nature of the data we collect.  Here's a deeper dive into this important topic:
​
Key Privacy Issues:
​
-
Data collection and usage:  We clearly inform users about what data is collected. User decides with whom to share the data either via written consent for ongoing basis or with a one-time code for temporary share. We use anonymized data for predictive analytics and storing it for historical analysis.
​​
-
De-identification and anonymization:  To eliminate Re-identification risks and potentially compromising privacy, we don’t store or forward user’s personally identifiable information (PII).
​​
-
Data sharing and third-party access:  We don’t share any data PII or anonymized with anyone. User decides who to share the data with.
​​
-
Targeted advertising and profiling:  We don’t allow or encourage vitals data for this purpose.
​​
-
Security vulnerabilities:  As mentioned earlier, security breaches can expose sensitive health data. We capture only anonymized vitals data which is mapped to the individual VitalsTrak. Each VitalsTrak has unique ID, and all vitals data is linked to it during storage and flight. Data at each stage is encrypted. Anonymized vitals data is mapped and linked to a particular at the service provider end (Hospital, Caregiver, etc.).
​​
User Control and Transparency:
​
-
Granting and revoking consent:  Users have clear ways to grant, modify, or revoke their consent for vitals data collection and usage. 
​​
-
Data access and portability:  Users can access their vitals data easily and understand it. Data portability allows them to transfer it to other platforms if desired.
​​
-
Data deletion and retention:  Users can request deletion of their vitals data after a certain period, following data retention policies of the care provider.
​​
Regulatory Landscape:
​
-
HIPAA (US): Protects the privacy of individually identifiable health information.
​​
-
GDPR (EU):  Gives individuals control over their personal data and imposes strict data protection requirements.
​​
-
Other regional regulations:  Need to add MNRA, CDSO, etc.
​​
Protecting your own Privacy:
​
-
Choose devices with strong privacy practices:  Research before buying and prioritize devices with transparent data policies and user-friendly control options.
​​
-
Review privacy settings:  Carefully review and adjust privacy settings on the device and associated app to limit non-vitals data collection and sharing.
​​
-
Be mindful of data sharing:  Consider what PII data you're comfortable sharing and with whom. Opt-out of unnecessary PII data sharing wherever possible.
​​
-
Stay informed:  Keep yourself updated on privacy developments and legislation related to wearable devices.
​​
By understanding data privacy concerns and taking proactive steps to protect your personally identifiable information (PII), users can leverage the benefits of wearable health technology while minimizing privacy risks.