by beermann on 1/27/15, 1:08 PM with 59 comments
by japhyr on 1/27/15, 2:59 PM
I would guess that many people would consider building an app like this without thinking too much about HIPAA. "We're not doctors, we're just building an app that will help people manage their anxiety." But the app clearly asks questions of its users that are focused on mental health. If a situation arises in which a user has a bad experience related to how their information was shared, it seems quite reasonable to consider whether their right to medical privacy was violated. This seems particularly important with the unfortunate stigma associated with mental health issues.
I don't ask this just to nitpick. I'm looking at building some projects related to education, and in education there's a comparable act called FERPA - Family Educational Rights and Privacy Act. It seems convenient to ignore these kind of regulations when building projects that are meant to be really helpful to everyone, but once a project like this takes off compliance with privacy acts seems critical.
I'm quite curious to hear from the developers what their take on HIPAA has been.
by falcolas on 1/27/15, 2:01 PM
The medication they can prescribe really does help: it stops your heart from racing, it helps you stop the cyclic negative thinking... it just plain helps.
by graycat on 1/27/15, 4:08 PM
If the suggestions work, terrific.
But: As someone who had a close family member die from anxiety disease, I have to say that during the long course of the disease we thought of all those suggestions, especially cognitive ones, and many more, and they were all like a BB gun against a Russian tank. The real problems were much deeper.
And the cognitive approaches, that didn't work, were being tried by a genuinely brilliant patient -- Valedictorian, PBK, Summa Cum Laude, world famous research university Ph.D. Cognitive? No shortage of cognitive ability: The patient saw and understood the cognitive ideas, maybe more deeply, and certainly faster than the professional could present them. At one point, the professional had the patient write a paper describing the cognitive approaches then exclaimed that the paper was "brilliant". Yes, it was -- very clear, etc. And the cognitive approaches? Total flop.
So, after considering such suggestions, good ideas, and face validity, I get led to consider also the old, two criteria -- safety and efficacy.
Again, if the suggestions work, terrific. But I would suggest for such patients and their families, ASAP, and maybe not in this order, (1), if only to be a better, loving family member, learn as much of the Clinical Psychology 101 level material you can and (2) get the best professional help you can. And for (2), if at first the treatment doesn't look quite promising and/or fairly soon there is no significant progress, which in my small sample size seems quite likely, then get some better professional help.
Be careful with anxiety disease: Else members of the close family can throw away significant parts of their lives, and the patient, all of theirs.
In K-12 or even in a college STEM BS you may not have been taught good information about anxiety disease -- so, at first symptoms, and you need to know about such symptoms, get caught up.
by beermann on 1/27/15, 4:30 PM
Pacifica is a hybrid application, built on the Ionic Framework (http://ionicframework.com/). We've been pretty happy with Ionic, it's the main reason we were able to release on Android and iOS simultaneously. Thanks to Max and the Drifty team for creating a great platform.
There are a lot of comments and questions about privacy and compliance. I'll try to summarize some of my answers:
We don't technically store what's called Protected (or Private) Health Information. This is because Pacifica is a self-help tool and PHI is defined as originating from a healthcare professional. That being said, we are taking steps to treat our data as if it were PHI. We have a signed Business Associated Agreement with Amazon and are trying to operate as if we were HIPAA compliant (we technically are, in the same way that any company that doesn't store PHI is HIPAA compliant).
Regarding privacy and security: yes, we're in the cloud. Specifically, on AWS. While this may be contentious, we believe that there's no reason this is less secure than if you were hosted in a local colocation facility. Amazon has pretty rigorous requirements for who has access to machines and who can access data on those machines. Many of their services are HIPAA compliant, and they certainly take this extremely seriously.
In addition, we do try to make sure everyone's data is as safe as possible. The mobile applications communicate with our servers over HTTPS. We're using Elastic Load Balancers but don't terminate SSL at the ELB, it passes through to our own server so Amazon doesn't have the private keys. Recordings are stored encrypted in S3, and our RDS instances are also encrypted. There's more that we can do (as there always is), but we wanted to provide a little information about what we are currently trying to do to protect things. We welcome any additional suggestions.
by airza on 1/27/15, 1:55 PM
by DanBC on 1/27/15, 3:09 PM
Did you check the NICE guidance for Computer based CBT? http://www.nice.org.uk/guidance/TA97
They recommend some software; they do not recommend others. It would be interesting to see if your app avoids the mistakes made in the unrecommended softwares.
(NICE is one of the English "DEATH PANELS" - commissioners of health services need to pay attention to what NICE says.)
by addydev on 1/27/15, 1:20 PM
by foolinaround on 1/27/15, 2:44 PM
2) How long do you retain data - -- How long is it needed for the proper functionality of the app -- How much longer do you store it for your internal research and data mining purposes.
3) Can the data be destroyed on demand, when an account is closed?
4)Can much of the data be stored on the device itself? Will this be on the roadmap?
( i have more questions, but this is a start :) )
by fluidcruft on 1/27/15, 7:43 PM
I mean Dr Moberg seems bolted on as an afterthought when you realized "oh, shit people might actually expect to see relevant credentials". Apparently you don't even know what she does there besides "contributes to Pacifica’s development on a regular basis". The site is already dripping with Valley happy-derp marketing speak and that's the best spin you can do about someone that should be at the center of the project? If that's not the case, you really need to fix your messaging.
by mcfist on 1/28/15, 6:36 PM
by Deebot on 1/27/15, 3:17 PM
What an awful idea. I can't help but wonder what their goal is with the data they're collecting via this app.