MedShr was developed to enable doctors to use their own smartphone to share and discuss clinical cases, and to do this in a way that is compliant in terms of patient privacy, data protection and information governance.

MedShr: a private, professional and verified network

All MedShr members are verified as doctors, medical students or registered healthcare professionals before being allowed to view or discuss clinical cases. The basic principle is that members are expected to conduct themselves as they would in a professional environment, and that they will be held to account by their registering body if necessary. MedShr cases are anonymous, with patient consent for photos and movies to be shared for medical education. The case histories, descriptions, images and discussions are not allowed off the MedShr platform, and are stored in encrypted cloud storage. Members determine whether a case is visible to all members, to a group or selected members. The MedShr Community Team review cases to ensure they adhere to privacy requirements and there are simple ways for members to report any concerns. https://www.youtube.com/watch?v=L_c2lbS54ZU

MedShr protects member privacy and patient data

Recent news on Facebook and how Cambridge Analytica gathered information about users has highlighted the need for networks to protect their members and take responsibility for the data they hold. MedShr does not share individual member information with any third party without consent. For members who sign up or log in using the Facebook, LinkedIn or Google API we only use this to collect the profile data that is required to pre-populate their profile information.

MedShr is GMC and HIPAA compliant

MedShr is registered with the Information Commissioners Office and is compliant with the Data Protection Act. The system is compliant with GMC and RCN requirements in the UK, and HIPAA compliant in the USA. We also work with a range of NHS bodies and Health Education England.

MedShr is GDPR compliant

From May 2018, MedShr data in the European Union is subject to the General Data Protection Regulation (GDPR) that provides a single set of rules across Europe. We have been proactive in responding to GDPR and have updated the MedShr Terms and Conditions and Privacy Policy to comply with the key principles:

• Right of Access: Our members have the right to get access to their personal data and information about how this personal data is being processed.
• Right to Erasure: A member has the right to request erasure of personal data related to them on any one of a number of grounds
• Data Portability: A person is to be able to transfer personal data from one electronic processing system to and into another

Data protection in MedShr is “by design and by default” as stipulated by GDPR Article 25, which requires that data protection to be designed into the development of business processes for products and services. Privacy settings are therefore set at a high level by default. A report by the European Union Agency for Network and Information Security elaborates on what needs to be done to achieve this. It specifies that encryption and decryption operations must be carried out locally, not by remote service, because both keys and data must remain in the power of the data owner if any privacy is to be achieved. The report specifies that outsourced data storage on remote clouds is practical and relatively safe if only the data owner, not the cloud service, holds the decryption keys. MedShr maintains records of data processing activities that include purposes of the processing, categories involved and envisaged time limits. These records will be made available to the supervisory authority on request under Article 30.

MedShr Commercial Partners and Sponsors

MedShr is free to use and we work with a range of commercial partners and sponsors to fund the network. These include commercial educators (e.g. BMJ Group, Omniamed, and Cardiovascular Research Foundation), pharmaceutical and device companies, and healthcare providers (e.g. NHS, BMI, Abraaj Group). There are some basis principles that are applied to protect our members maintain the integrity of MedShr:

• Industry employees do not have access to the MedShr platform and are not able to create, view or comment on cases.
• MedShr cases are created by physicians and not by industry employees
• MedShr does not provide any personal member data about members to commercial sponsors
• Commercial sponsors may supply content to MedShr, such as webinars or troubleshooting movies for devices. Any such content or advertisement is clearly marked as such.

The principles are similar to those applied to a specialist conference and we feel strike the balance between sponsored medical education without compromising the integrity of the MedShr community. Since its launch in October 2015 MedShr has grown rapidly and now has over 500,000 members in 180 countries with activity in every clinical specialty. We would like to support doctors and healthcare professionals around the world to create and discuss clinical cases, to share their knowledge and skills, and to improve patient care. Social media has allowed doctors to connect and engage as never before but we must ensure we that we maintain patient privacy, especially when discussing cases. We would urge doctors and healthcare professionals to move clinical case discussion from Facebook, Twitter, LinkedIn and messenger services to MedShr, which is purpose built to support medical professionals and protect patients. As MedShr grows your feedback is essential to ensure that MedShr continues to support its members and improve its services. Please contact the MedShr Team at info@medshr.net if you have any comments or suggestions.