iRehab Data Security Statement for Research
This document is intended for researchers to include in IRB (Institutional Review Board) applications, describing iRehab's data collection, storage, security controls, and export mechanisms.
Last updated: 2026-03-26
§1 Platform Overview
iRehab is a post-operative rehabilitation tracking system developed by De Novo Orthopedics Inc., consisting of three components:
| Component | Purpose | Technology |
|---|---|---|
| Doctor PWA | Physician/PT view patients, prescribe, track | Alpine.js + Cloudflare Pages |
| Patient PWA | Patient exercises, pain reports, photos, questionnaires | Alpine.js + Cloudflare Pages |
| Go API | Backend API server | Go + Google Cloud (GCE) |
§2 Types of Data Collected
| Data Type | Content | Frequency |
|---|---|---|
| Demographics | Name, national ID, phone, email, birthdate | At registration |
| Clinical | Surgery date, diagnosis, procedure, laterality | At registration / physician update |
| Pain Score (VAS) | 0-10 Visual Analog Scale | Daily |
| Exercise Logs | Completed exercises, sets, post-exercise pain, swelling | Daily |
| PROM Questionnaires | 19 validated instruments (PROMIS Global-10, KOOS JR, HOOS JR, WOMAC, Oxford Knee/Hip Score, EQ-5D-5L, ODI, NDI, QuickDASH, UCLA Shoulder, Constant-Murley, Parker Mobility, Macnab, VAS series), auto-matched by procedure | Pre-op baseline + post-op 6w/3m/6m/1y |
| Surgical Record | Surgical approach, fixation type, implant (manufacturer/model/lot), ASA grade, robot/navigation, operative time, blood loss, complications | Once post-op |
| Billing/Materials | Product name, brand, quantity, NHI code, price type (self-pay/NHI) | Post-op |
| E-Consent | Digital signature, timestamp, version, consent/decline/withdraw status | Once pre-op |
| PT Assessments | ROM, effusion grade, functional tests (TUG, sit-to-stand, single-leg stance), SOAP notes, phase decision | At clinic visits |
| Wound Photos | JPEG images (requires photo consent) | Daily (recommended) |
| Prescriptions | Exercises, sets, reps, override reasons, patient state snapshot at override | Physician/PT prescribed |
§3 Data Storage & Security
| Item | Description |
|---|---|
| Structured data | Google Cloud Firestore (ISO 27001, SOC 2 Type II) |
| Image data | Google Drive (Google Workspace) |
| In-transit encryption | TLS 1.3 |
| At-rest encryption | AES-256 (Google Cloud default) |
| Server location | Google Cloud — asia-east1 (Taiwan) |
| Authentication | JWT (HS256, 90-day expiry) + API Key middleware |
| Password storage | bcrypt hash (not plaintext) |
§4 Access Control
| Role | Access Scope | Mechanism |
|---|---|---|
| Attending physician | Own patients only | IDOR Guard (server-side JWT/Token scope verification) |
| Physical therapist | Supervisor's patients | SupervisorId in JWT claims |
| Patient | Own data only | Patient JWT IDOR guard |
| Other physicians | No access | HTTP 403 Forbidden |
| Platform admin | Technical support only, no clinical use | Global API Key (server-only) |
§5 Data Export & De-identification
Physicians can export all patient data with one click from the Doctor PWA Profile page. Export is always free.
| Item | Description |
|---|---|
| Format | JSON (open standard, readable by any tool) |
| Scope | All of the physician's patients (VAS, exercise logs, PROM, assessments, prescriptions) |
| De-identification | Researcher must de-identify after export. Platform does not auto-de-identify |
| Image export | Wound photos must be downloaded separately from Google Drive |
§6 AI Tool Access (Optional)
Physicians may optionally use AI tools (e.g., Claude Code, Gemini CLI) to analyze their patients' rehabilitation data. This is optional and does not affect basic platform usage.
- AI tools default to read-only access. With Phase 2 enabled, AI can draft assessment notes, but only as drafts (draft-only enforcement) requiring physician confirmation
- PII (national ID, phone, email) is automatically stripped before reaching AI
- AI tools run on the physician's personal device, not hosted by the platform
- iRehab does not store physician AI conversations
- API tokens stored as SHA-256 hash, revocable anytime
- How external AI tools handle data depends on the physician's chosen provider and plan
§7 Data Retention & Deletion
- Data retained while account is active
- Physicians can export all data anytime (JSON format)
- Patients or physicians can request permanent deletion (contact service@denovortho.com)
- No contract lock-in, no minimum usage period, no cancellation fees
§8 Suggested Content for IRB Application
Researchers may cite this page in the "Data Security" or "Data Management Plan" section of their IRB application, with the following statement:
"This study uses post-operative rehabilitation data collected via the iRehab platform (De Novo Orthopedics Inc.). Data is stored in Google Cloud Firestore (ISO 27001 certified), transmitted via TLS 1.3 encryption. Each physician can only access their own patients (IDOR access control). Data is exported in JSON format; researchers perform de-identification after export. Full data security statement: denovortho.com/irehab/irb-data-statement."
Contact
For more detailed data security documentation or technical architecture documents, contact:
service@denovortho.com