With the increased use of smartphones by doctors in their day-to-day practice, it is no surprise that many of these medical professionals are snapping photos with their high-resolution smartphone cameras and using these images as references when considering a diagnosis. However, this process gives rise to several questions regarding efficient workflow and confidentiality of patient data with photos stored directly on doctors’ phones and the need to be able to share these photos with other healthcare providers. In response to these challenges comes Papyrus Health, a secure photo-sharing system for clinicians, co-founded by MIT graduates Gordon Wintrob and Ted Tomlinson. We had a chance to hear from the San Francisco-based duo about the Papyrus Health story and where they see their start-up going next.
Michael Batista, Medgadget: Let’s start with some background on each of you. Is this your first time working on a start-up?
Gordon Wintrob and Ted Tomlinson: We met each other while studying at MIT and lived together for a few years. Gordon graduated with a 5.0/5.0 GPA, studying Electrical Engineering and Computer Science. Ted received both a masters and bachelors in Computer Science and Economics.
Regulatory compliance is growing in importance across many industries and can’t be overlooked. We’ve both worked in 
payments where PCI-DSS (payment card industry data security standard) regulates the technology decisions around systems handling sensitive data, so we’ve seen how compliance can slow down tech innovation in some cases.
After graduation, Ted worked at Google on the Business Intelligence and Google Wallet teams. Ted left Google with two of the Wallet co-founders to start a new commerce and analytics company called Index. Gordon was an early engineer at CardSpring, an enterprise payments API backed by Accel and Greylock.
Medgadget: Where did the concept for Papyrus originate?
Wintrob and Tomlinson: Two plastic surgeons complained to us that they didn’t have a way to easily capture and share medical photos. Their workflow involved taking photos on their phone and jotting down notes in unrelated email drafts. They were concerned about losing sensitive patient information and found it cumbersome to show other physicians the photos intermixed with all of their personal photos.
In interviews across the country, we found many examples where healthcare practitioners had difficulty collaborating via their smartphones. Doctors in hospitals currently use their smartphone camera apps during emergency inpatient care (e.g. post-trauma stitches, EKGs for heart attacks), non-emergency inpatient care (e.g. tracking chronic wounds), outpatient care (e.g. identifying skin lesions to remove, monitoring cellulitis), and patient referrals (e.g. a PCP to a specialist), as well as for sharing interesting cases. This data is often sent to other physicians through emails or text messages.
As we learned more about these workflows, we realized that this was a great opportunity to apply our software engineering and data security backgrounds to help physicians.
Medgadget: Can you describe in more detail how Papyrus works and who is the target user?
Wintrob and Tomlinson: Papyrus is a secure smartphone app that lets physicians capture clinical photos, notes, and other information for a patient. Any photo or patient information can then be shared with other physicians.
We’re building a tool that lets doctors continue to use their smartphones without risking a HIPAA data breach. Previously, patient information was not only disorganized throughout the camera roll, but also created a potential multi-million dollar liability (in legal fees and HIPAA enforcement fines) for a doctor and his or her organization. With Papyrus, all of the patient data is encrypted in the cloud.
Our target users are physicians in visually oriented specialties such as dermatology, plastic surgery, and wound
care.
Medgadget: How do you address concerns with managing private patient data, in your case images?
Wintrob and Tomlinson: Unfortunately, many healthcare providers have faced multi-million dollar fines due to inadvertent or malicious data loss. Alleviating concerns around securely managing and sharing patient information from the smartphone is one of our greatest challenges.
From our experience in mobile payments at Google Wallet and previous startups, we’re both experts in data security. In particular, the payments industry follows a standard for credit card and banking data known as PCI-DSS, which has many parallels to HIPAA in the world of patient privacy.
One of the key advantages of Papyrus over sharing pictures via insecure text messages is that no photos or patient data is saved on the phone. We use industry-standard encryption to back up this information to the cloud and the app is both password and PIN code protected. We maintain a complete audit log every time a photo is accessed and, in the event that a phone is lost, we can revoke credentials for a device or user.
Medgadget: What is unique about Papyrus compared to other solutions for medical image management?
Wintrob and Tomlinson: Papyrus gives medical practitioners a secure way to capture and share photos with the smartphone they already have in their pocket. Many apps are tackling the hassles of hospital pagers, but we’re particularly interested in helping visually oriented workflows that benefit most from capturing and sharing photos.
Although some physicians have used Papyrus to take photos of X-rays and CT scans, the app isn’t a traditional radiographic PACS (picture archiving and communication systems). Papyrus lets doctors keep images of burns and rashes separate from their smartphone camera roll and securely share this crucial patient information with other physicians. The app also assists doctors who want to snap a photo of a patient’s chart and can integrate into electronic medical record systems.
Medgadget: What are the next steps for Papyrus?
Wintrob and Tomlinson: We’ve been partnering with a small group of interested and passionate physicians to identify key workflow pains and ways our software can help. Over the next few months, we’re excited to work with more physicians and healthcare institutions on their clinical photo-sharing needs. If any Medgadget readers are interested, they can learn more on our website at https://papyrushealth.com and feel free to send us a note at team@papyrushealth.com.
Medgadget: Where do you see Papyrus in five years?
Wintrob and Tomlinson: We are building a collaboration platform to help physicians achieve better outcomes for their patients, greater convenience and simplicity for themselves, and confidence that they will not run afoul of HIPAA compliance regulations. Photos of chronic wounds, stitches, and other skin conditions are the right place to start because they can capture medical information much more easily than logging detailed notes in an electronic medical record. A large database of medical photos (both of patients and charts) contains a lot more information for hospital administrators or pharmaceutical companies to consider than only diligent note taking.
Medgadget: Finally, is the product available now? How can doctors and others interested in your work use the product or get involved?
Wintrob and Tomlinson: Yes, physicians who are looking for a secure way to organize and share clinical photos, notes, and other information in a fully HIPAA-compliant manner can download the iPhone app at https://papyrushealth.com/download. Please reach out at team@papyrushealth.com with any questions, comments, or ideas.
Link: Papyrus…
Your information will never be shared with any third party.