Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the ninja-forms domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/html/wp-includes/functions.php on line 6114
Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the simple-custom-post-order domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/html/wp-includes/functions.php on line 6114
Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-mail-logging domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/html/wp-includes/functions.php on line 6114
Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the health-check domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/html/wp-includes/functions.php on line 6114
Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the updraftplus domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/html/wp-includes/functions.php on line 6114
Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the rocket domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/html/wp-includes/functions.php on line 6114 Harvard and Nextcloud fight against COVID-19, Nextcloud introducing HIPAA compliance features to support health care - NextcloudSkip to main content
Nextcloud Hub is used in a few dozen hospitals and medical institutes in various ways. The DICOM viewer app for Nextcloud in particular is used in Brazil in the fight against COVID-19. A press release with a quote from Harvard professor Gordon J. Harris was released today and in this blog we’ll give some more background details!
Nextcloud in use in Brazil against COVID-19
The Massachusetts General Hospital did a press release last week about the OHIF viewer and its use in the fight against COVID 19. MGH is the original and largest teaching affiliate of Harvard Medical School, Boston, MA, USA. They support the OHIF foundation, and OHIF and its members are developing and contributing to libraries and tools like Cornerstone which power many medical image viewers including the Nextcloud DICOM viewer.
The use of OHIF/Cornerstone imaging technology as a web viewer for the Nextcloud open-source file sharing platform is being made available for free to help save lives during this COVID-19 crisis. This type of integration is exactly the kind of use of open source software that we envision to benefit the medical sector and it is our main motivation behind building open, easy access technology and imaging platforms for medical data.
— Gordon J. Harris, Professor of Radiology at Harvard Medical School, Director of 3D Imaging at the Massachusetts General Hospital and President of the Open Health Imaging Foundation
The DICOM viewer was developed by Aysel Afsar and we wrote about this when the app was initially released and did again in an update some time later. The usage of the app is rather wide spread, as Aysel figured out when she received a thank-you email for her work from Dr. Nelson A. Gody, chief radiologist in a hospital in the city of São Paulo, southeastern Brazil.
I come to wish you my gratitude for the Nextcloud Dicom Viewer app. In such a delicate and difficult moment, DICOM Viewer contributes free, simple, fast and efficient as an early diagnosis tool and report of 122 viral pneumonia exams compatible with COVID-19 in several regions of BRAZIL, in the last 15 days. Thank you very much from the heart.
— Dr. Nelson A. Gody in his email from Aysel’s linked-in post.
It is absolutely great to see open source technology enabling doctors around the world to do their work safely, quickly and without having to hand over personal, medical data from patients to foreign and proprietary tools.
Upcoming in Nextcloud Hub: more advanced HIPAA compliance features
At Nextcloud we are of course supportive of the use of Nextcloud Hub in the medical sector! Several dozen Nextcloud customers in the medical sector have deployed Nextcloud over the last few years. This includes a Ministry of Health in the middle east, more than a dozen medical institutes and hospitals in European countries as well as many the US, UK and Australia. There is also a number of regional Red Cross organizations and several international research organizations active in disease modeling and cancer research.
To support the global fight against COVID, Nextcloud has accelerated the development of a number of security features important in medical settings. The Health Insurance Portability and Accountability Act (HIPAA) requires applications to implement a series of security features. Nextcloud Hub version 19 will support several new capabilities and introduce a compliance app providing an overview of the current compliance status. This will facilitate deployment of Nextcloud Hub in HIPAA compliant settings.
Achieving HIPAA compliance
The HIPAA compliance regulation sets out a range of guidelines around security. In many cases, organizations are allowed to use alternative solutions than what is recommended. Those alternatives have to provide equivalent protection and the organizations have to justify the change. Of course, as requirements and best practices change over time, so should the protections that are employed in real life situations.
As an example of those changes, think of passwords. Once upon a time, we thought the best passwords are inscrutable, hard to remember series of random characters that include lower and upper case characters, numbers and special characters. Passwords had to be changed regularly, often every 30 days. As a well known XKCD comic explains, the real security provided by these measures was limited!
Nextcloud Hub currently offers a wide range of protections for users. Let me highlight a few:
These features are of course part of a process focusing on security in our development processes and complemented with browser and encryption-related security features and more. All of this is backed by our USD 10.000 security bug bounty program!
This gives healthcare organizations a wide range of capabilities to rely on when protecting personal medical data. To enable Nextcloud Hub to fit in the various implementations and local regulatory environments, we are working on a number of additional measures that can allow Nextcloud Hub to fullfill the specific HIPAA requirements that a health care provider has identified and complies with.
The improvements under development include:
The introduction of automatic logout
Password reuse limitations
Automatic account locking in response to failed login attempts
Most of these will come with the upcoming Nextcloud Hub release next month. As compliance is such a specific thing, we have contemplated creating a compliance checking app but this will have to be put together separately for each health care customer if they wish. Often, specific changes have to be made for the internal compliance review, which we help with.
In the end, however, the result is that hospitals and other healthcare providers can benefit from the secure, efficient collaboration and communication Nextcloud offers!
It is exciting to see Nextcloud continuing to make progress in the area of security and privacy, becoming an even more versatile tool for use with private and medical data.
— Aysel Afsar, lead developer on the Nextcloud DICOM viewer
“When we have welcoming communities of contributors, open source software gets better and more useful to everyone.” Limor Fried, Electrical Engineer, Inventor and Founder of open-source hardware company Adafruit We believe in this ideal and love to work with our community. We are always looking to involve more people in Nextcloud, bringing in their ideas, […]
When cables are cut, sanctions are put in place or privacy legislation prohibits the use of the service your entire organization depends on, what can you do? Amidst geo-political changes, organizations face dependencies on large, centralized communication platforms. A major example of this is the SaaS-only communication platform Microsoft Teams. It is the only solution […]
In Nextcloud Hub 8, we introduced interactive widgets, a completely new mechanic that lets you share, access and interact with items from various apps in a compact widget format throughout your platform.
We save some cookies to count visitors and make the site easier to use. This doesn't leave our server and isn't to track you personally!
See our Privacy Policy for more information. Customize
Statistics cookies collect information anonymously and help us understand how our visitors use our website. We use cloud-hosted Matomo
Matomo
_pk_ses*: Counts the first visit of the user
_pk_id*: Helps not to double count the visits.
mtm_cookie_consent: Remembers that consent for storing and using cookies was given by the user.
_pk_ses*: 30 minutes
_pk_id*: 28 days
mtm_cookie_consent: 30 days