The idea for the DizzyDoctor System was introduced by Dr. Ian Purcell after decades of working with vertigo patients. The most difficult component to managing a “dizzy” patient was seeing the patient during a vertiginous event. Patients would have brief or prolonged episodes of vertigo away from the clinic and were often symptom free by the time they came into the clinic for evaluation. For years, Dr. Purcell and his Otolaryngology (ENT) colleagues discussed the need for remote access diagnosis for their patients.
DizzyDoctor partnered with Seamgen to bring an FDA approved medical application to market. The DizzyDoctor System is a unique device – a vertigo recording mobile application paired with goggles to hold your smartphone in place – enabling patients to use their smartphone to record eye movements in “real time” during an attack of disequilibrium or vertigo. The application offers patients the ability to conduct tests in a remote setting, away from a clinical environment.
“I feel this has been one of the most important diagnostic breakthroughs available for the dizzy patient in the last ten years” said Dr. Ian Purcell.
Recordings from the application, including video, motion, and pupil tracking are all automatically uploaded to the DizzyDoctor website. The data can then be processed for the purpose of diagnosing. The physician then has the ability to access all this very important data during the patient’s next appointment or even remotely.
To ensure the security and confidentiality of patient identifiable information and health data in the DizzyDoctor mobile application and website, Seamgen employed a number of security best practices.
The DizzyDoctor application is secured by user log in, with password complexity rules to enhance security. Only the registered user can see user details or data, and only when logged in. In addition to the password protection, the app uses the iOS operating system-provided secure app sandbox for storage. Following Apple’s guidelines for secure application development, we store all user information in the app sandbox, accessible only through the app by a logged-in user. The patient videos are encrypted prior to saving so that they are protected when being queued up to send to the server.
On the Server
The DizzyDoctor services are hosted on an AWS EC2 instance with encrypted storage to ensure all data is protected at rest. The server only supports HTTPS, ensuring all connections are secured by SSL. All videos and health related data are stored encrypted, using Amazon S3 encryption keys. The data is only decrypted immediately prior to sending to the browser, at which time it is sent securely via SSL.
On the web application, patient-related data is only available to the patient. The patient must provide their own credentials for any data to be displayed, even on the doctor’s section of the web application. Data is transmitted to the browser secured by SSL, and the user’s session times out after N minutes, requiring the user to log in again to view their data