TELEPATHOLOGY DATA SECURITY

Augmentiqs is a Native Application that is installed on the user’s PC. Augmentiqs utilizes a hardware fingerprint and optional password to identify the user.

Augmentiqs uniquely identifies and authenticates each user. Access is assigned by unique hardware fingerprint, with role-based access being optional.

The password control settings are as follows:

• Minimum length – 6 characters
• Expiration – 6 months
• History re-use – 6 last passwords
• Creation restrictions – at least one digit and one upper case
• Violation threshold checkout – 5 consecutive failed attempts

Augmentiqs utilizes an electronic procedure to terminate, lock, disable or otherwise secure an electronic session after a pre-determined period of inactivity.

Accounts can be managed by Augmentiqs IT or Institution IT department.

Augmentiqs enables the following events to be tracked and easily reported on:

• Invalid login attempts
• Successful login attempts
• Dormant user account activity
• User access activity tracking
• Patient centric access tracking
• Application administrator actions

Augmentiqs does not store or transmit PHI, PII, or other regulated data.

An Augmentiqs remote telepathology feature allows the transfer of annotations which, although not remaining on our servers, can be subsequently stored by the remote user. The purpose of these annotations is for specific lesion reference, and are added manually by the user. This feature can be turned off.

Augmentiqs application supports encryption of data in transit using TLS 1.2

An SSL certificate is used on server side.

Institution data is stored at the institution.

Augmentiqs does not store any confidential data on its servers. The only exception to the stored data policy is user password, which is hashed and not known to us.

This data is stored on a highly secured cloud server.

In the event that an institution ceases the use of Augmentiqs, it is possible to remove any password data by sending a specialized request to our support team, which will then processed by our IT department.

All of Augmentiqs data security, redundancy, backup, and prevention of co-mingling relating to remote telepathology is handled by the Augmentiqs cloud provider. A current SSAE-16 & SOC2 report are available upon request.

Augmentiqs creates a secure connection between remote viewers, with the Augmentiqs cloud server creating a handshake between the multiple remote parties.

Augmentiqs requires Internet upload speed of at least 2 Mbps. For telepathology sessions with more than 3 remote viewers, an upload speed of at least 5 Mbps is recommended.

Augmentiqs requires the Internet-facing firewall to allow outbound/inbound TCP ports 443 and 80 connections. Optimal connectivity between parties should allow outbound/inbound TCP port 5777 connections.

Augmentiqs image capture enables saving of annotated images to the user’s PC in either TIFF or PNG format, with magnification and case data superimposed. The software includes an optional hierarchical database functionality allowing images to be categorized according to different parameters (i.e. study, patient, organ, slide) and is intended to assist hospitals/labs use Augmentiqs according to their specific SOPs for HIPAA/GLP/CLIA compliance.

Augmentiqs implements multiple security features to ensure only permitted parties may access the telepathology session.

These steps show how data is protected:

1. Augmentiqs separates the audio and video feed. In event one channel is breached, the other channel will remain secure.
2. Microscope user will provide remote party with unique code to connect to their microscope.
3. Remote party & microscope user will use telephone or other audio means to coordinate telepathology session.
4. Remote party will request connection from microscope user via software client.
5. Microscope user will accept the connection via the Augmentiqs software application.

Augmentiqs enables labs to conduct telepathology consultations while maintaining a complete digital record. Data generated via the Augmentiqs system is stored locally on the pathologist’s PC. It is solely the pathologist’s decision to decide if the data should be moved to a cloud or local server, if the data collected should include patient identification or be de-identified, and if other parties/person should have access to this data.