Basic questions

What kind of product or service is this?

Shadow Health provides students and faculty access to Digital Clinical Experience™ (DCE) products in which students interact (ask questions of, view anatomy, perform simulated examinations of) with virtual patients -- computer generated characters which play the role of a patient in a simulated provider-patient encounter. This is much like a “serious game” designed to improve students’ interviewing and examination abilities and allow faculty to evaluate students. The DCEs are delivered from a set of web applications and services to the user’s browser; in this manner out products are similar to a Software-as-a-Service model.

How do students access the product(s)?

The student will use a web browser to access the product(s). The browser must support WebGL, and a browser-native WebGL / javascript client will be used to deliver product content. Students will need to create an account with the service, either at https://app.shadowhealth.com or through an LTI integration with the institution’s LMS.

What software needs to be installed on my institution’s machines?

This applies primarily if students will be using Shadow Health from an institution’s computer lab or using Shadow Health in a class or laboratory setting that utilizes institution provided machines.

Shadow Health uses WebGL to deliver a simulation experience in the browser. This requires that your machines have available at least one of Google Chrome, Microsoft Edge, Firefox, or Safari. The most recent version of each of these browsers is able to run WebGL.

Also see our recommended system specifications: https://support.shadowhealth.com/hc/en-us/articles/360004558353

Are administrative rights or modified permissions required to run Shadow Health?

No. Shadow Health runs in the browser using WebGL and javascript; no administrative rights or modified permissions are required.

What browsers and operating systems will this product be accessible from?

Recommended system specifications are available at: https://support.shadowhealth.com/hc/en-us/articles/360004558353

Will Internet or outside network access be required to use the product?

Yes, internet access is required continuously during the use of the product(s).

Does a certain port or ports have to be available for communication outside of my institution’s network? If so what port(s) are required?

All communication occurs over HTTPS; if outbound 443 is open, the product should function.

What endpoints does this application access outside of my network?

In order to use the Digital Clinical Experience, the user must have access, via browser, to https://app.shadowhealth.com. The WebGL client will additionally access other services i.e. https://*.shadowhealth.com as well as Amazon AWS Cloudfront CDN and S3 services for delivering content. Endpoints include https://*.cloudfront.net, https://s3*.amazonaws.com and https://api.shadowhealth.com

Is there a mobile (iOS, Android) app version?

Not currently.

Is there a native (Windows, OS X) version?

Not currently.

Does the software require any special hardware (webcams, microphones) to operate?

No special hardware is required. We recommend that students use headphones, as laptop/desktop speakers may not provide sufficient fidelity of low frequency sounds for students to accurately identify them (e.g. when auscultating for heart sounds).

Is the product compliant with accessibility standards e.g. WCAG, Section 508 / ADA?

Our products are designed to meet WCAG 2.0, Level AA, which was adopted by Section 508 in 2017. High level information about our WCAG compliance efforts is available at https://support.shadowhealth.com/hc/en-us/articles/360004578473. Detailed results of a WCAG audit as well as a VPAT are available upon request.

Portions of the products include interactive (i.e. non-linear), real-time 3D graphics with audio and text. This type of media is not meaningfully covered by WCAG or any other standard; it is neither “time-based,” “pre-recorded,” nor “live.”  Within this portion of the product we attempt to meet as many of the WCAG 2.0 Level AA criteria afforded in this type of media: we provide synchronized audio and visual representations of character dialogue and instructional media; keyboard and alternative pointing devices are supported; the experience is self-paced. As necessary, we are able to provide alternative representations of product content to users who require it.

Infrastructure and security questions

Where is this product(s) hosted and on whose infrastructure?

The product is hosted on Amazon Web Services (AWS) public cloud. We have chosen AWS in part due to their commitment to ensuring the compliance of their infrastructure with various standards desired by our customer institutions, https://aws.amazon.com/compliance/programs/, including ISO 27001. AWS also makes available SOC reports and provides standards for building FERPA compliant applications on AWS infrastructure http://d0.awsstatic.com/whitepapers/compliance/AWS_FERPA_Whitepaper.pdf.

Does Shadow Health own the hardware / data center from which the product(s) is delivered and/or data stored?

No, infrastructure is owned and maintained by Amazon Web Services.

At what physical locations is my institution’s user data stored?

Currently all logical resources are located within Amazon Web Services’ US-East-1, US-East-2, and US-West-2 regions, which provides multiple “Availability Zones” each comprised of one or more physical data centers; these are located in Virginia, Ohio, and Oregon, in the US. Shadow Health is not able to provide exact physical locations at which data is stored, as Amazon does not publish exact locations of data centers.

My institution is in Canada, can you host the product / data in Canada?

We are currently in the process of evaluating replicating our infrastructure in the AWS Canada region (Montreal). It is notable that the AWS CA-Central-1 region does not yet support the full set of services or high availability provided by the US regions.

Is the product provided in a private environment or the public cloud?

Web applications and services delivering the product to the browser clients run on infrastructure owned and managed by Amazon Web Services, the top provider of public cloud services.

Is the product hosted on a dedicated server or shared physical server?

The web application and web service components of the product are hosted across many shared physical servers. We use several of AWS’s networking and load balancing features, including security groups, network ACLs, virtual private cloud (software defined networks) to restrict access to logical servers and provide protection against DoS and penetration attacks.

What type of encryption does the vendor provide?

• Passwords are only stored as a secure hash with random salt.
• Data is encrypted at rest using SHA-256 using a managed key service within AWS.
• Communication between browser and servers delivering the product(s) uses TLS.
• Communication among production applications and services not located in the same logical subnet use TLS.
• All *.shadowhealth.com SSL certificates use SHA-2 and are issued by a reputable CA.

How do the user’s machine / client and the servers providing the product communicate?

The WebGL client running in the user’s browser communicates over HTTPS with servers and services running on Amazon Web Services infrastructure. These include AWS Cloudfront (content distribution network to deliver product assets to the client), AWS API Gateway providing the client an API to the Shadow Health services composing the product delivery system, as well as the load balancers and servers running https://app.shadowhealth.com (or https://<institution>.shadowhealth.com if you are an LTI customer) the front-end delivery platform for Shadow Health products.

What data is transferred between user client and server(s) during use of the product?

1. During use of the product the user will authenticate with the front-end delivery platform i.e. login at https://app.shadowhealth.com, access his/her course and assignments, and create assignment attempts.
2. The WebGL client and the delivery platform communicate bidirectionally during the assignment attempt. All communication is over HTTPS / TLS. Data exchanged includes
1. The user’s first name and random IDs representing the assignment attempt are passed to the client
2. Data generated by the user’s attempt -- questions asked, examination actions performed, documentation written -- is passed to the delivery platform’s services for storage and later retrieval in the front-end delivery platform (e.g. retrieved when a student views the results of the assignment attempt).
3. Upon resuming an assignment attempt, the saved data of (b) is passed from the delivery platform to the client.

Do you provide SSO or integration with institutional LMS?

Yes, we support the LTI standard for SSO account provisioning and login from institutional LMS supporting LTI v1.0 and above. The LTI integration procedure is documented here

With LTI integration, each time a course runs (i.e. semester, trimester, or month) a new URL for accessing the product via LTI is generated. These links are configured with custom parameters that change each term. The school will be responsible for placing this link in their LMS each term.

What is the integration procedure for institutional IT?

Typically there is little to no integration procedure required for institutional IT. If students are required to access the product via the institution’s classroom or lab computers, these machines should

• Meet the recommended specifications: https://support.shadowhealth.com/hc/en-us/articles/360004558353,
• Have installed any of
  • The most recent version of Google Chrome, Microsoft Edge, Firefox, or Safari.
  • All web communication occurs over HTTPS on port 443, so there is typically no network configuration required to use the product.

What is the vendor’s network power and uptime commitment?

Amazon Web Services (AWS) commits to an uptime of 99.95% for compute services and 99.9% for data storage services. Users access Shadow Health products from the user’s ISP directly to AWS endpoints; Shadow Health’s corporate network does not see production traffic.

What is your uptime commitment?

We do not provide a standard uptime commitment as we do not manage the network. On a contractual basis, an SLA can be established. All infrastructure used to deliver the product is managed by Amazon Web Services. Amazon Web Services (AWS) commits to an uptime of 99.95% for compute services and 99.9% for data storage services. We use high availability deployments of critical systems to achieve systems-level uptime at or near infrastructure uptime. Users access Shadow Health products from the user’s ISP directly to AWS endpoints; Shadow Health’s corporate network does not see production traffic. Shadow Health conducts planned maintenance of our systems on a regular cadence; users are notified at minimum one week in advance via banner message on https://app.shadowhealth.com and/or our status page located at https://status.shadowhealth.com.

I need an SLA, do you have one?

An SLA may be established on a per-contract basis.

Registration and payment questions

How do students register for or purchase the product?

1. To create a student account, a user visits https://app.shadowhealth.com and first enters a pin provided by the course instructor. Only if the pin is valid is the user able to proceed.
2. The user enters their first and last name, email address, and password; these are used to create a student account and the pin used to associate the student account with the correct course. Only a secure hash of the password is stored and the other PII directory data is encrypted at rest.
3. The user must next view and certify that they are aware of the required system specifications to run the product and agree to the Privacy Policy and Terms of Service.
4. If the institution has paid for the license, the student now has access to the product.
5. If the institution is having the student pay for the license, the student now enters credit card payment information which is submitted only to our PCI-compliant payment processing vendor Stripe; if this is processed successfully, the student now has access to the product.

Does Shadow Health collect credit card information?

No. We use Stripe as our payment processing vendor. Users paying by credit card enter their card number and security code (CVV) into a form which is rendered from a Stripe API endpoint. Submitting this form sends these values directly to Stripe for processing. Stripe returns a token denoting whether the card is successfully billed. No Shadow Health systems sees nor stores any payment information.

Is Shadow Health PCI compliant?

Yes. Please see this article for more information https://support.shadowhealth.com/hc/en-us/articles/360004578473

Data and privacy questions

Is Shadow Health compliant with GDPR?

Shadow Health is in the process of auditing our compliance position. A new Privacy Policy, Cookie Policy, and additional features to more efficiently support user’s rights under GDPR were released May, 25th, 2018.

What data is collected from students when they register or purchase the product?

The student’s first and last name and email address are required to create an account with Shadow Health. A phone number is recommended for expediting Customer Support requests and verification in the case of account recovery.  

Users paying by credit card enter their card number and security code (CVV) which are submitted to our PCI-compliant payment processing vendor Stripe. Stripe returns a token denoting whether the card is successfully billed. No Shadow Health systems sees nor stores any payment information.

What data is collected from students when they use the product?

• Non-personally identifiable information about the user’s PCs, including browser, operating system and version, video card manufacturer and version, CPU manufacturer and version, CPU frequency and bus size, main memory size, video memory size, and video memory shader model version. This data is used to establish and maintain development hardware targets and for customer support.

Does the product collect information that can be used to uniquely identify a student’s computing device?

No. While we collect information about the computing device(s) with which the user access Shadow Health products for purposes of establishing hardware targets and for customer support, we do not collect information that can be used to identify a specific machine, such as hard-drive device IDs or MAC addresses.

Will this application store or capture sensitive information such as credit card number, SSN, name, date of birth, medical record or health care insurance information?

• Payment information is submitted directly to our payment processor, Stripe, and is neither collected nor stored by Shadow Health systems.
• SSN is not collected.
• Date of birth is not collected.
• Medical records and health care insurance or other PHI is not collected.
• The student’s first and last name are collected so that they may be identified within the system by their course faculty. This directory information is encrypted at-rest.

Is there data that students input or create during the course of using the product?

• Use of the product generates data describing the user’s interactions with the Shadow Health DCE assignments, i.e. questions asked, examinations performed on the virtual patient characters.
• Users write documentation of virtual patient findings as part of the DCE assignments.
• Users complete free-text and multiple choice quizzes as part of the DCE assignments.
• Users write reflective journaling entries as part of the DCE assignments.
• Faculty users write comments addressing a student’s performance on the DCE assignments.
• The product generates numerical measures of student performance on the DCE assignments.

Do I need to worry about HIPAA?

No. Shadow Health provides only simulations in which students interact with virtual patients -- computer generated characters -- no patient data or personal health information (PHI) of any person(s) is collected or stored by any Shadow Health application, service, or process.

• Shadow Health does not facilitate any student-patient, provider-patient, or patient-patient interactions.
• Shadow Health does not facilitate recording medical data of human patients in an electronic health record.
• Shadow Health does not facilitate students recording PHI of themselves nor any other human in an electronic record of any form.

Do I need to worry about FERPA?

Shadow Health collects from students directory information (full name, email address, optional phone number).

Shadow Health does not collect institutional “educational information”. Students complete an assignment in the Shadow Health system and receive a score for the assignment; Institution-assigned assignment grades are not stored in Shadow Health systems. Additionally we do not collect or store student transcripts, GPA, course grades, social security number, or academic evaluations.

Additionally, Shadow Health collects data directly from students; no student data is collected from your institution. Some institutions contracting with Shadow Health add contract provisions for Shadow Health to be considered a “school official” of the institution with “legitimate educational interest” in the student data as these terms have been defined under FERPA regulation 34 CFR 99.31.

Under FERPA what PII does Shadow Health collect and store and what is it used for?

Student PII collected is encrypted at rest. Data collected consists of

• The student’s first and last name are collected during registration.
• Student phone number is optionally collected during registration. If provided, the student’s phone number will only be used to assist Customer Support in account verification and recovery.
• Student email address (we recommend but do not require that this be their institutional email address) is required to create an account with Shadow Health.

Uses of PII

• Within the Shadow Health systems
• Student first and last name are visible to the student’s course faculty within the Shadow Health system.
• Student email is used as the student’s authentication credential for Shadow Health systems. Student email is visible to the student’s course faculty within the Shadow Health systems. Shadow Health systems will use student email to send automated transactional (not marketing) emails in response to student requests such as password reset.
• When students contact Customer Support
• Student name and email will be associated with the issue ticket created when a student contacts Customer Support. If the student contacts Support via phone and requires a call back, the incoming phone number will be recorded with the issue ticket.
• In our product development processes
• Student performance data (assignment scores) and data generated by student use of the product (e.g. as listed above: transcripts, documentation, machine specifications) are analyzed in order to better understand how cohorts of users use the product. In this use case, student directory information is not associated with any records analyzed.
• In publications
• Shadow Health publishes white-papers and academic articles from time to time. Only aggregate data, de-identified on a student and institution level, is used in these reports.

Who has access to collected PII of the students at my institution?

Employees of Shadow Health may access student PII based on their job function and following the principle of least privilege

• Finance department employees may access student name and email when a student submits a request for a refund e.g. in the case the student is withdrawing from a course before the course withdrawal deadline.
• Customer Support employees will access student name, email, and data generated from student assignment attempts when a student contacts support in order to assist the student with their technical issue(s).
• Faculty Training and Customer Support employees will access student name, email, and data generated from student assignment attempts when a student’s course faculty emails Faculty Training or Customer Support for the purpose of (a) resolving a complaint a student has filed with the faculty related to the use of the product(s), (b) resolving a grade related dispute with a student related to the use of the product(s), (c) resolving potential cases of cheating or academic dishonesty related to the student’s use of the product(s).
• Product Owners will access de-identified data generated from student assignment attempts for purposes of identifying areas of product improvement and for purposes of writing white-papers and academic publications in service of the academic fields of our customers.

A student’s course faculty can

• View the names and email addresses of students enrolled in their courses.
• View the data created by assignment attempts, which are submitted for credit, of students enrolled in their courses.

What are your data access policies?

Shadow Health employee access to administration functions within Shadow Health applications and services which access or store user data are governed by the following controls

• Access to administration features is limited by job function, i.e. policy of least privilege is followed.
• Administration credentials have unique usernames and strong passwords, with passwords changed on a periodic basis. Within the administration functions, granular user controls are in place to protect Shadow Health assets and user data.
• Modifying or removing user data (e.g. modifying in the case of a user having associated their product license with the incorrect section of their faculty’s course; removing in the the case of a product license being revoked when a user requests a full refund) requires the user to submit a request for modification or removal, this request to be approved by the user’s institution’s course instructor or course administrator, and the approval of the relevant management-level Shadow Health employee.
• No Shadow Health employees, nor faculty or student users, are able to modify student assignment scores or other data associated with student performance (e.g. documentation, transcript).
• Employees separating from Shadow Health lose all access to Shadow Health applications and services on day of termination under the direction of Shadow Health’s Human Resources department.

What is your data retention policy?

1. Shadow Health does not delete data, except upon request. We retain a daily snapshot of our data stores for 7 days and a weekly snapshot for 30 days. Snapshots are stored on AWS S3, with 11 9s of durability. We maintain one or more hot backups (replicas) of each data store. Student data will be kept until an authenticated request is received to remove data. Shadow Health will respect institution-specific data retention policies when said policies are expressed to us in writing or in contracts.
2. No student directory information is kept in paper form.
3. No student payment information is retained in electronic or paper form.

Support questions

Do you provide customer support to students?

Shadow Health provides support to students or faculty via http://support.shadowhealth.com

Do you provide support to faculty?

Our Faculty Training team will contact faculty to discuss course integration strategies. Faculty can contact either Faculty Training or Customer Support with issues arising during the use of the product. Additional resources faculty are available at https://frc.shadowhealth.com once the faculty is logged in to https://app.shadowhealth.com.