LinkORB Engineering

Storing and sharing images in [#security]

Images such as screenshots present structured information in ways that text-based media cannot. For this reason, there might be times when you need to share images with team members or the public (e.g., through documentation).

To avoid exposing images containing confidential or sensitive information, LinkORB has the following guidelines for storing and sharing images:

Storing and sharing confidential images

Do not share images containing confidential information unless necessary. Examples of sensitive information include patient provider Personally Identifiable Information (PII), intellectual property, or private configuration keys.

If you must share images containing confidential information:

  • Block out any confidential (but unnecessary to the issue) data from the image before sharing.
  • Do not store sensitive images in permanent locations unless necessary.
  • If you must permanently store or share a confidential image that will be referenced by existing and new members, save that image in a:
    • shared Bitwarden collection
    • UPR space that is accessible only by authorized team members
  • Use Bitwarden’s temporary sharing feature to share an image if blocking out confidential/sensitive information in such an image defeats the purpose of sharing it with a team member.
  • Set a reminder to delete the image from Bitwarden at a later date.

If you come across or suspect that an image containing confidential/sensitive information is stored improperly, immediately report it to your team lead.

Note that access to Bitwarden and UPR services require the approval by a team lead. If your team lead is unavailable when you need to urgently share a confidential image with another team member, please request the recipient team member’s GPG public key and use it to encrypt the image before sharing it.

Confidential content categories

The PII and Intellectual Property (IP) are the two primary categories of confidential content at LinkORB.

Patient or provider PII

Patient PII refers to any information that can identify a patient, such as their name, date of birth, social security number, medical history, and contact information.

Provider PII, on the other hand, refers to any information that can identify a healthcare provider, such as their name, license number, and contact information. Both patient and provider PII are sensitive and should be kept confidential.

Real-world example - PII

While we do not allow the storage and sharing of images containing PII between team members, the helpdesk may receive a support request to correct patient information stored in a DICOM image. In this instance, the helpdesk must share the image with the team that is authorized to correct it.

Please see the storing and sharing confidential images section above for a list of the encrypted channels you may use to share such images.

Intellectual property

Intellectual property (as it relates to LinkORB) refers to our trade secrets, digital products/software, hardware, patents, copyrights, trademarks, and inventions that the law protects for unauthorized use, distribution, etc. IP protection encourages innovation and creativity by granting exclusive rights to creators and inventors, allowing them to control the use of their creations and profit from them.

There are several types of intellectual property rights, including:

  • Patents: Legal protection for inventions, such as machines, processes, and compositions of matter.
  • Copyrights: Legal protection for original works of authorship, such as books, music, and software.
  • Trademarks: Legal protection for symbols, names, and logos to identify and distinguish goods and services.
  • Trade secrets: Confidential information, such as formulas, designs, and processes, that give a business a competitive advantage.

Do not capture, store, or share images containing sensitive or confidential IP information with unauthorized team members or the public.

Real-world example - intellectual property

One example of an instance where team members are allowed to share images containing confidential information internally is when developers collaborate on a feature and share UML diagrams describing commercially sensitive information, such as internal features of a platform for the purpose of collaboration.

Such images must be shared only with authorized team members and through our internal communication channels (e.g., Cyans, Mattermost).

Storing and sharing non-sensitive images

You may share images that do not contain confidential data with other team members through:

  • Cyans
  • Mattermost
  • Email
  • Google Drive

If an image requires permanent sharing (i.e., in the internal wiki or Team HQ), upload the image to the appropriate UPR space and reference the image from there. Please see engineering-astro content images for how to share images on this site.

Further reading

Please see Standards for images, custom visuals, and UI elements for general image standards and usage guidance.

About Security
  • Name: Security (#security)