The medication they can prescribe really does help: it stops your heart from racing, it helps you stop the cyclic negative thinking... it just plain helps.
Our society puts so many negative connotations on the use of drugs to address mental deficiencies that even after learning how much they could help, we hesitate for fear of the peer pressure and social stigma of "popping pills" in favor of "shut up and man up".
> We're hoping that Pacifica can help bridge that gap, ideally helping people find the care that they really need.
Great! Might I recommend using your app to provide advice on how to approach discussing this issue with their GP, or even giving links to professionals in their area? Or even provide a "doctor's view" which can be passed to your GP to assist in their diagnosis?
I make these suggestions because the emphasis on the word "privately" across your website concerns me. It seems to re-enforce the negative mindset of "this is your problem, don't bother anybody else" that I saw so profoundly affect my wife.
And if the symptoms are not clear cut, they will still give you a recommendation to someone who can identify what is going on and give you the help you need.
The GP also has the advantage of being relatively cheap.
You go to see your GP. You explain that you have anxiety (or whatever), and that it interferes with your daily life. They should follow the NICE (see below) guidance. There are "books on prescription" - curated lists of recommended self-help books; talking therapies; medication.
Or you web-search for your local "IAPT" (improving access to psychological therapies) service. This is often but not always provided by your local NHS mental health provider. You should be able to self-refer, by phone. Here's the example page for Gloucestershire: http://www.talk2gether.nhs.uk/
You can get private treatment from therapists. The BACP (British Association for Counselling and Psychotherapy) is a recognised respected professional body. So, web-search for therapists providing CBT and with a BACP registration.
NICE (National Institute for Health and Care Excellence) has some good information about what you should expect from providers.
http://www.nice.org.uk/guidance/QS53
http://pathways.nice.org.uk/pathways/generalised-anxiety-dis...
It's great that you're concerning yourself with the well-being of other people, but please allow concern over the use of medications to be between people with significant mental health issues who are taking those medications and their doctors.
I would guess that many people would consider building an app like this without thinking too much about HIPAA. "We're not doctors, we're just building an app that will help people manage their anxiety." But the app clearly asks questions of its users that are focused on mental health. If a situation arises in which a user has a bad experience related to how their information was shared, it seems quite reasonable to consider whether their right to medical privacy was violated. This seems particularly important with the unfortunate stigma associated with mental health issues.
I don't ask this just to nitpick. I'm looking at building some projects related to education, and in education there's a comparable act called FERPA - Family Educational Rights and Privacy Act. It seems convenient to ignore these kind of regulations when building projects that are meant to be really helpful to everyone, but once a project like this takes off compliance with privacy acts seems critical.
I'm quite curious to hear from the developers what their take on HIPAA has been.
That said, we treat our data as if it were PHI. We have a Business Associates Agreement signed with AWS, and take all of the precautions they require for an app that would claim it is HIPAA compliant. Technically, we could claim that we are HIPAA compliant, as we don't store PHI. But we didn't want to say that just for the sake of saying that.
The bigger question, in my mind, is about whether or not a situation would arise as you mention. The FDA recently provided a little more clarity on some of this (http://mobihealthnews.com/39775/fda-clarifies-the-line-betwe...). Specifically, Pacifica seems to fall outside regulation as it "Claims to promote relaxation or manage stress when there is no reference to anxiety disorders or other reference to a disease or condition." We try to be pretty careful about the language that we use. We don't mention things like Generalized Anxiety Disorder, Panic Disorder, OCD, etc.
The truth is that it still seems like a grey area. That same article mentions that we should not claim that we treat anxiety if we want to stay unregulated. I think that we're on the fence here. In the future, we will go after FDA clearance in any case. We just need the means to do so.
Disclaimer: I am not a lawyer, I am not your lawyer, and this is not legal advice.
There's a lot more to being HIPAA compliant than how you store PHI. As an engineer, you might view not storing PHI as compliance-by-default (the null case), but I don't think a lawyer would agree. Even if you're correct and HIPAA doesn't apply to you (which I'm not convinced is the case), it'd be like saying "we're PCI-compliant, because we don't store any financial information or process any financial transactions".
For what it's worth, I founded a company that does store PHI, and we had to get a BAA with AWS (though we ended up using Aptible (YC S14)[0] for hosting and compliance, as it's much easier. Using Aptible is like using Heroku (git push to deploy), and they manage not just the data backups/retention/etc. from a technical standpoint, but all of the human training and paperwork aspects to compliance[1].
[1] Which, to be honest, is the tough stuff. From a technological perspective, HIPAA doesn't really mandate much that developers of robust applications shouldn't already be doing, but it's the matter of actually demonstrating that you've done everything in compliance with the law that makes things complicated. Having the 'rubber stamp' of a third-party company that specializes in this matter gives immense peace-of-mind as the CTO, compared to the DIY approach.
We open-sourced our HIPAA policies where I work at Catalyze recently. Check 'em out and good luck! http://catalyzeio.github.io/policies/
o_O
I am not your lawyer, and this is not legal advice, but I strongly suggest you talk to an attorney who is experienced with the FDA's regulatory approach right now.
Claims that a product helps treat anxiety are regulated. Claims that a product is based on CBT (or any therapy) are even stronger warning signs.
This does not look like a grey area to me at all.
"We're carefully avoiding anything that might make us comply with regulations that could potentially get in the way of our harvesting of your thoughts and mental health status"
To repeat : the privacy policy and "about" sections need a lot of work considering the nature of this app.
This sounds perfectly honest, and I appreciate you acknowledging that.
I wonder if some of the information shared through the app would start to become "medical history". If you're being careful about your language to avoid clinical terms, but the substance of what your users are sharing is mental health related, I wonder if someone could make a case that you are actually collecting a medical history. But IANAL, so I don't know how that would play out.
Personally, I am not a fan of a general statement like "don't collect any data". As a patient, I am totally ok if a system collects data ON me BUT never ABOUT me. In another words, the data should in no way be identifiable. That way, we continue to make progress while maintaining privacy.
A previous version of that scheme, run under different rules, saw anonymous patient data being sold to insurance companies. (It's now a criminal offence to sell off the data.)
That stupid decision has led to delays.
http://www.bbc.co.uk/news/health-26253440
http://www.bbc.co.uk/news/health-26239532
http://www.bbc.co.uk/news/health-26347026
http://www.bbc.co.uk/news/health-25919399
etc etc.
Looks like you have to login and your private medical data is stored "in the cloud." I have no idea why anyone would think this would be a good idea. Storing it locally would be the only remotely sane solution.
I mean, I don't mind telling someone I have an anxiety disorder (and I do have one). But the content of some of those intrusive thoughts is something I don't want anyone to know. Especially not some startup who may sell their company to, say, Facebook one day. Some of my intrusive thoughts are things that I did wrong (10 years ago...). So logging them would mean a third party would have an entire database of almost every mistake I made in my life, out of context. The potential for that to go wrong is... extreme. I'd rather have nudes be leaked.
And the stupid embedded video in a jQuery modal. Stop it, you're making your videos unusable. Let me pause. Oh wait, I can't. I need to pause the video because it runs at lighting speed, so fast it is impossible to gain any information at all from it unless you pause it.
The website rendered so badly on my phone I went to go check out how it looked on the desktop. Well, the video pause issue is fixed... (I still think putting a video in a jQuery modal is incredibly annoying...just embed the video)
You need to fire your "usability consultant." Your color scheme is absolutely horrible for anyone who is older or with less than perfect vision. It is very difficult to read for me.
Any time your as yourself "should I display my -main content-* in white text" the answer should be no. Doublely so if you your background is light pastel green.
Light grey on white is another combo that is extremely hard to read. So is white on very light picture of a beach.
Animated backgrounds(?) (The background is not animated in my mobile browser) are not only are incredibly distracting, but also actually, ironically, cause anxiety for me. I'm sure I'm not the only one.
I know different people have different preferences, but at LEAST give your color scheme some halfway sane contrast. And fix the rendering errors on mobile. Both issues, besides affecting usability, make you look amateurish. In my opinion.
*not saying you should never use white text, ever. Just not in paragraph form.
In addition, it obviously isn't enough to just say that "we take privacy very seriously," although we do. While we don't store Protected Health Information, we treat the data we do store as such and are taking the same steps to protect users' data that we would have to if we were.
2) How long do you retain data - -- How long is it needed for the proper functionality of the app -- How much longer do you store it for your internal research and data mining purposes.
3) Can the data be destroyed on demand, when an account is closed?
4)Can much of the data be stored on the device itself? Will this be on the roadmap?
( i have more questions, but this is a start :) )
1) We don't do anything with it other than use it to provide the best user experience we can. We won't turn it over to other organizations. Technically, the thought records could be used to identify an individual based on your voice, but someone would need to gain access to them. They are stored and transmitted encrypted.
2) Currently we retain all data. This may change in the future. For the progress to work correctly you'd want to retain a month's worth of data. The idea is that thought records help you analyze your thinking over time. This may take months, or longer. I kind of like the idea of allowing the user to set their own retention policy though. It would take a little work to implement, but I think it's reasonable.
3) Yes, if you close your account we will destroy everything (except for what we need to retain for purchasing records, but that is anonymized when we delete an account). You can't currently request that through the app though, you have to email us at info@thinkpacifica.com.
4) We actually have implemented a lot of offline functionality. We just couldn't get it to where we wanted to before launching. As a bootstrapped company, we need to try to ensure our longevity in order to provide this. But yes, it's definitely on the roadmap.
Happy to answer anything else!
I would request that you build a roadmap on your webpage, stating the various plans you have and appropriate current prioritization. If possible, allow registered users to add comments/votes.
My comments on your answers above:
1) Am I correct in assuming that this data as such is not valuable without voice identification? Are there ways to anonymize this - just asking.
The website talks vaguely about turning over to authorities, but more details in the privacy policy would assuage some of our fears.
2) You might want the user to download that data, and then get it off your system. Saves your space, liability etc without possibly impacting the app.
If the user wants highly accurate data, he leaves it there. Otherwise he deletes it. The onus should be on the user.
3) I don't think this is mentioned on your site?
4) Awesome!
I mean Dr Moberg seems bolted on as an afterthought when you realized "oh, shit people might actually expect to see relevant credentials". Apparently you don't even know what she does there besides "contributes to Pacifica’s development on a regular basis". The site is already dripping with Valley happy-derp marketing speak and that's the best spin you can do about someone that should be at the center of the project? If that's not the case, you really need to fix your messaging.
We created Pacifica because my co-founder, Chris, has struggled with anxiety his whole life. He came to me saying that we should try to do an app based on CBT. Personally, I've had insomnia for quite a while and I was really interested in how CBT might apply to both of our situations. We did a ton of research and Christine was one of the people we reached out to to make sure that we were adhering to the best practices in the profession.
I'm sorry you see this as snake oil. We've really tried to build an app that fits into the daily lives of people with anxiety. Furthermore, it's designed from the perspective of someone with anxiety to provide tools that you can actually use throughout your day. Is there a particular aspect of the app that you don't like or is it simply the site itself?
If the suggestions work, terrific.
But: As someone who had a close family member die from anxiety disease, I have to say that during the long course of the disease we thought of all those suggestions, especially cognitive ones, and many more, and they were all like a BB gun against a Russian tank. The real problems were much deeper.
And the cognitive approaches, that didn't work, were being tried by a genuinely brilliant patient -- Valedictorian, PBK, Summa Cum Laude, world famous research university Ph.D. Cognitive? No shortage of cognitive ability: The patient saw and understood the cognitive ideas, maybe more deeply, and certainly faster than the professional could present them. At one point, the professional had the patient write a paper describing the cognitive approaches then exclaimed that the paper was "brilliant". Yes, it was -- very clear, etc. And the cognitive approaches? Total flop.
So, after considering such suggestions, good ideas, and face validity, I get led to consider also the old, two criteria -- safety and efficacy.
Again, if the suggestions work, terrific. But I would suggest for such patients and their families, ASAP, and maybe not in this order, (1), if only to be a better, loving family member, learn as much of the Clinical Psychology 101 level material you can and (2) get the best professional help you can. And for (2), if at first the treatment doesn't look quite promising and/or fairly soon there is no significant progress, which in my small sample size seems quite likely, then get some better professional help.
Be careful with anxiety disease: Else members of the close family can throw away significant parts of their lives, and the patient, all of theirs.
In K-12 or even in a college STEM BS you may not have been taught good information about anxiety disease -- so, at first symptoms, and you need to know about such symptoms, get caught up.
Pacifica is a hybrid application, built on the Ionic Framework (http://ionicframework.com/). We've been pretty happy with Ionic, it's the main reason we were able to release on Android and iOS simultaneously. Thanks to Max and the Drifty team for creating a great platform.
There are a lot of comments and questions about privacy and compliance. I'll try to summarize some of my answers:
We don't technically store what's called Protected (or Private) Health Information. This is because Pacifica is a self-help tool and PHI is defined as originating from a healthcare professional. That being said, we are taking steps to treat our data as if it were PHI. We have a signed Business Associated Agreement with Amazon and are trying to operate as if we were HIPAA compliant (we technically are, in the same way that any company that doesn't store PHI is HIPAA compliant).
Regarding privacy and security: yes, we're in the cloud. Specifically, on AWS. While this may be contentious, we believe that there's no reason this is less secure than if you were hosted in a local colocation facility. Amazon has pretty rigorous requirements for who has access to machines and who can access data on those machines. Many of their services are HIPAA compliant, and they certainly take this extremely seriously.
In addition, we do try to make sure everyone's data is as safe as possible. The mobile applications communicate with our servers over HTTPS. We're using Elastic Load Balancers but don't terminate SSL at the ELB, it passes through to our own server so Amazon doesn't have the private keys. Recordings are stored encrypted in S3, and our RDS instances are also encrypted. There's more that we can do (as there always is), but we wanted to provide a little information about what we are currently trying to do to protect things. We welcome any additional suggestions.
Did you check the NICE guidance for Computer based CBT? http://www.nice.org.uk/guidance/TA97
They recommend some software; they do not recommend others. It would be interesting to see if your app avoids the mistakes made in the unrecommended softwares.
(NICE is one of the English "DEATH PANELS" - commissioners of health services need to pay attention to what NICE says.)
What an awful idea. I can't help but wonder what their goal is with the data they're collecting via this app.
