Research & Technology

Health-E You/Salud iTu is a novel, interactive, patient-centred, mobile clinical contraceptive health application (app), designed to be used as a clinician extender and in conjunction with a healthcare visit. 

It is a web-based application so the user can access the website that hosts the app from any computer device with internet access (Smartphone, tablet, laptop or desktop).

App data is stored in UCSF Salesforce, a separate secure data system. This study meets the highest data security standards for protection patient information at UCSF. Health-E You has a Drupal web-based interface (also known as a view layer) that is user-friendly. Data entered is then hosted on the UCSF Salesforce Platform which is updated and maintained by the UCSF Information Technology Services team, who ensures that strict data security standards are met at all times (see Figure).  Platform encryption has been configured to encrypt data at rest. Salesforce uses industry standard encryption products to protect data to and from the customer’s desktop. These include 128-bit Verisign SSL certification and 2048-bit RSA public key. Only authorized UCSF personnel of access. This study complies with The Federal Health Information Portability and Accountability Act (HIPAA) protects the disclosure of patients’ health information by health care providers. Under HIPAA, SBHC staff cannot share student health information with any outside individuals or organizations. HIPAA is a federal law; states may have additional laws governing health privacy.

Diagram

Description automatically generated

As part of the App, users are provided a summary of information from the app and then asked:

 

If you would like your healthcare provider to receive this summary through a secure e-mail, please enter the following information. This is completely confidential and is kept private between you and your healthcare provider. Enter only what you are comfortable with. This will only be used to support your health care. If you do not want this shared with your provider, please touch the "Next" button below.”

 

Patients who want to share the information with their healthcare provider can then provide either their cell phone number and/or their first name and first initial of the last name. This is the minimal amount of information necessary to correctly link the user with their health care provider. Only upon patient request, is an e-mail generated from Salesforce which contains e-mail security mechanisms. For this project the Salesforce team used DomainKeys Identified Mail (DKIM) in Salesforce to send the secure e-mail. Technically DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication. Thus, the e-mail is sent via secure UCSF e-mail to a designated clinic e-mail which is provided by the clinic (please refer to Item # 4 in the Memorandum of Understanding between UCSF and Participating School Based Health Centers (SBHCs). By collecting this minimal amount of data, in the unlikely event the Salesforce system or the e-mail is breached, it would be extremely difficult to link the app user with their health information.