Since Mental Health Scales keeps personal information and test results on a portable device, security is a prime consideration. There are two different levels of security.
On iPhone 3GS, iPhone 4 and 5, iPod Touch (3rd generation and up), and iPad (any model), Mental Health Scales uses Apple’s Data Protection feature to secure the database containing all of its confidential information. Data Protection uses a user’s device passcode to generate a strong encryption key. This key prevents data from being accessed when the device is locked, ensuring that the database is secured even if the device is compromised. (NOTE: These devices must be running iOS 4 or later to take advantage of this feature. Refer to the above link for further details. iOS 4.3 is the minimum version for Mental Health Scales 2.0.)
To turn on the data protection feature for Mental Health Scales (or any application employing it for that matter) you must be using a passcode to control access to your device.
To configure a passcode for your device:
- Tap Settings > General > Passcode Lock.
- Tap Turn Passcode On.
- Follow the prompts to create a passcode.
- After the passcode is set, scroll down to the bottom of the screen and verify that the text "Data protection is enabled" is visible.
We strongly recommend that you maximize your security by following these Apple-recommended tips:
- Set Require Passcode to “Immediately”.
- Disable Simple Passcode to allow the use of longer, alphanumeric passcodes.
- Enable Erase Data to automatically erase the device after ten failed passcode attempts.
Your passcode is combined with an on-device key to produce a cryptographic key that is used to encrypt the database file using AES 256-bit encoding. When your device is locked (i.e has “gone to sleep” or you have pressed the Sleep/Wake button on the top of the device), this key is erased, rendering the file unreadable until the passcode is re-entered by the user and the key is reconstructed.
The Mental Health Scales application itself has two security modes built in - Secure Mode and Client Mode. These are secured by a user-specified password.
When Secure Mode is turned on, the password is required to access any part of the application. This is meant to prevent an unauthorized person from starting the application or bringing it to the foreground.
Client Mode allows a client or test subject to be given the device to use the application to perform a self reporting scale or test without being able to access anything in the application other than the rating scale or test selected by the clinician. The clinician can quickly activate Client Mode by tapping on the Lock button on the Test List screen before selecting the scale. The password is required to deactivate Client Mode.
Because loss of the password would render the application inoperable, the password is supplemented by a security question. The user can choose one of three questions and supply an answer to it. Should the password be lost, the correct answer to the security question will give access to the application. If both the password and the answer to the security question are lost there is no legitimate way to retrieve the data stored in the application.