Tell me more about the security and privacy aspects of Dermcam. When I use the OSCAR integration, what happens to my logon details?
We spent a lot of time thinking about security and privacy. All of the communication with OSCAR is as secure as using OSCAR in your Firefox browser from a laptop over WiFi.
When you login with your OSCAR credentials in your Firefox browser, the browser is sending your credentials to the OSCAR server over HTTPS. Dermcam does the same. The only place the credentials are sent to is your OSCAR server. They are sent down a secure channel to the OSCAR server, exactly like what happens in your Firefox workflow.
Regarding the OSCAR credentials – yes, those are needed for the integration to work. However, the app gives you a choice (and you can control your preference at any time): you can ask the app to remember your credentials, in which case it stores them encrypted, locally on your device in the Apple approved location for sensitive password information (“Keychain”); or you will be prompted to enter the credentials as necessary, in which case the app never touches your credentials.
Originally it was our intention to never store the credentials, but it was a requested feature by other physicians, so we added it. It’s also possible to make the app remove your remembered credentials (tap the trash icon on the settings screen).
What about on Android?
On Android, if you ask Dermcam to remember credentials, Dermcam encrypts the credentials (password, username, and pin), stores the encrypted credentials on your phone, and does not send the credentials anywhere except to your OSCAR server in order to login.
The credentials are encrypted using an RSA-based private/public key encryption. The private/public keys are stored in your device’s Android Keystore which is the most secure location on an Android device, and the Android-approved location for encryption keys.
The app frequently asks me to sign into OSCAR. And I’m seeing a prompt that says my device does not have a passcode. How can I bypass this step?
In order to have the app automate the sign-in process, it must store your OSCAR credentials. For the app to securely store your OSCAR credentials, you must have a passcode set for your iPhone. This is a security restriction that we have added to protect your OSCAR credentials.
The device passcode is something you set on your iPhone in your phone’s Settings screen. More information about that and how to set a passcode can be found in this Apple article: support.apple.com/en-ca/HT204060.
When I use the OSCAR integration, where are the photos stored?
Photos are stored on the file system of your OSCAR server along with scanned documents and other files you typically add to OSCAR. The photos are not stored in the database. We intentionally do not store the photos in the database to prevent bloating the database.
Are photos ever stored on my phone?
On iPhone, photos are never stored on your phone.
On Android, it depends on the configuration of the camera app that you pair with Dermcam, (at initial Dermcam app setup). For the best experience on Android, we recommend using either the default device camera or Google camera.
How large are the photos that are stored?
In our beta test with 10 users across 5 different clinics, we tried a number of different sizes before finally getting everyone to agree on the size that the app uses. We were very cognizant of the amount of disk space each image would be taking up, while also trying to find an image size that the physicians would be happy with. The size the app is currently using produces approximately a 900 KB file. This is an insignificant file size in comparison to digital photography standards.
What versions of OSCAR are supported?
OSCAR v12 is fully supported. Versions between v12 and through v14 will work, however an OSCAR server bug was introduced at some point during v14 development which caused Dermcam images to stop being viewable – if you are encountering this issue, please email us for assistance in correcting this issue. Please see here for more information about v15.
I keep getting “can’t upload to OSCAR”. What do I do?
- On your device, open your web browsing app, and browse to your OSCAR login screen. Make a note of the web address (URL) that your web browsing app is using. Now check the web address configured in Dermcam: take a photo, tap the gear icon in the top right corner. Please ensure Dermcam has the correct web address for your OSCAR server.
- If you aren’t able to reach your OSCAR login screen from your web browsing app, please double check your network connection. Please check if your device is connected to the clinic WiFi, or if it’s using cellular data (do you see the WiFi symbol in the top bar of your device?). Sometimes your OSCAR server may have a different web address depending if you’re on (inside) or off (outside) the clinic WiFi.
- If it is still not working, please restart your device.
- If it is still not working, please use the Contact Support button on the app’s settings screen for assistance.
I’m not sure how to configure Dermcam with my OSCAR server.
Please see here.