DIPS Arena Mobil

Overview

DIPS takes seriously its obligation to protect the confidentiality and personal information of both the clinical user and the patient. DIPS Arena Mobil (Arena Mobil) for healthcare providers is dependent on access to installed DIPS Arena services within the health organization. 

This Privacy Policy describes how Arena Mobil use, store, and transmit information and data. DIPS may modify this Privacy Policy at any time effective upon its posting.

 

Your Personal Information

When you use Arena Mobil, DIPS do not receive any personal data directly from you or your device. As described below, our application connects with systems operated and maintained by a healthcare institution that uses DIPS’s software. 

 

Connections to Healthcare Institutions

To use Arena Mobil, you must have an account with a healthcare institution who uses DIPS’s software. Your use of Arena Mobil with that healthcare institution may be subject to that healthcare institution’s policies and terms. It is important for you to acknowledge that, while connected or attempting to connect to the healthcare institution's system, the institution may gather, store, process, maintain, upload, sync, transmit, share, disclose, and utilize certain data and associated information. This includes, but is not limited to, details or data pertaining to the characteristics or usage of your device, system and application software, peripherals, as well as your personal information, location data, and other content. 

Should you have any inquiries regarding the policies or terms of your healthcare institution, kindly reach out to them directly for assistance.

 

Using Third Party Tools and Features

If you use tools or features from other providers, like speech-to-text, you have to follow the rules of those companies. If you're unsure about those terms or policies, ask your healthcare institution or the company that made the tool. 

 

How We Protect Your Personal Information

Safeguarding the security of your information and data when using Arena Mobil is a top priority for us. We employ various technical measures to ensure the confidentiality, integrity, and availability of your personal information. This includes utilizing advanced technologies such as Transport Layer Security (TLS)/Secure Sockets Layer (SSL) certificates and encryption. We follow the guidelines given by Apple and Google on how to store and transmit data.

In addition, healthcare providers with whom you connect may use a variety of physical, administrative, and technical measures to protect your personal information.

User Accounts and Access

Arena Mobile does not manage user accounts directly.

Users, roles, and access rights are managed by each healthcare organization’s identity and access management systems and synchronized to Arena Mobile through DIPS Federation Service and associated DIPS services.

Access to patient information and application functionality is therefore governed by the permissions assigned by the healthcare organization.

Storage of User Data

Arena Mobile only stores the security and session data necessary to enable secure sign-in and use of the application locally on the device. This may include:

・ authentication tokens
・ temporary session data
・ user security settings related to the session (for example, session PIN codes)

Data is stored encrypted using secure storage mechanisms provided by the operating system:

・ iOS Secure Enclave on Apple devices
・ Android Keystore on Android devices

Arena Mobile does not permanently store patient record data or sensitive health information on the device.

Deletion of User Data

Users can request removal of access by contacting their healthcare organization or local IT/system administrator.

When a user is removed or deactivated in the healthcare organization’s systems, access to Arena Mobile will be revoked accordingly.

Local session data and authentication tokens are automatically deleted when:

・ the user signs out
・ the session expires
・ the app is uninstalled
・ the device is remotely wiped or managed through the organization’s Mobile Device Management (MDM) solution
 

Contact DIPS 

If you have questions about medical information in an account with a healthcare organization using DIPS`s software, please reach out to your healthcare organization using the contact information in their privacy policy. 

If you have any questions about this Privacy Policy, you may contact DIPS at +47 75 59 20 00 or at personvernombud@dips.no.