Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Concerns about Patient Privacy and Image Access #56

Open
aranca2504 opened this issue May 16, 2024 · 2 comments
Open

Concerns about Patient Privacy and Image Access #56

aranca2504 opened this issue May 16, 2024 · 2 comments

Comments

@aranca2504
Copy link

Yo!
I'm using the image viewer and I'm impressed by its performance. Congratulations on creating such an excellent viewer! Given that we handle sensitive patient data, I'd be grateful if you could answer these questions:

  1. Does the extension access/store the images it reads locally on the user's machine?
  2. If the extension does access the images, are there any measures in place to protect patient privacy and data security?
  3. Are there any logging or tracking functionalities?

Thank you very much in advance!
Arnau
@aranca2504 aranca2504 changed the title Concerns about Patient Privacy and Image Access in .nii.gz Image Viewer Extension Concerns about Patient Privacy and Image Access May 16, 2024
@korbinian90
Copy link
Collaborator

These are important questions, thanks for asking!

  1. The extension runs locally and accesses the images from the user's machine only for displaying. Everything stays local.
  2. There are no specific measures in place to protect patient privacy. However, due to the model of only displaying data, I think there is not much concern.
  3. There is no tracking and there is only very little logging about hardware events, not related to the data. Everything is developed open source, here, in this repository.

I think it's best if I explain how the extension works and what the extension does with data in more detail:
The extension is a javascript bundle that is once downloaded when installed into vscode. After that point, it is a complete offline extension and doesn't use any cache, storage or network connectivity. The extension runs inside a sandbox environment and vscode is handling the file access. The locally running extension receives the file and displays it.

This extension has a second mode, where it can run as a webpage: niivue.github.io/niivue-vscode/
For that case the data handling is identical. When the page is opened, a javascript bundle with the app is loaded. Then, the app does all the processing offline by itself. Data access is via the file handler of the browser. No storing or sending of any data. The webpage is a progressive web app, and can be used offline after installing (this is currently only supported by google chrome)

Logging: The extension does no logging at all, but the underlying base niivue library does a tiny amount of hardware logging. This is written as javascript log:
image
I don't think vscode does store it, but I'm not sure about that.

If anything is unclear, or you think could be improved, please don't hesitate to tell me ;)

Maybe it would be good to add a Data Privacy explanation with the most important points to the Extension Manual.

All cudos for performance and the base capabilities of the viewer library go to Chris Rorden and his team working on the Niivue base.

@aranca2504
Copy link
Author

Thanks for answering! Everything clear now. And absolutely, adding a Data Privacy section to the manual is a great idea. Thanks again!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@korbinian90 @aranca2504