• How Nitid Builds Decision-Support Tools with Data Security in Mind

    By Chi Jen Lu

    3 min read | Posted August 7, 2025

    At Nitid, we partner with non-profits and university research teams to build decision-support tools (DST) that help people make informed choices about their health. These web applications present users with accurate medical information and statistics in a clear, easily digestible format focused on specific health topics.

    Most DSTs include an interactive questionnaire that asks users about their health conditions, medical history, and medical preferences (e.g., possible treatment side effects). Based on these inputs, the tool generates tailored recommendations for users to consider and to support conversations with their healthcare providers.

    Because DSTs often handle sensitive health information, Nitid takes great care to ensure data security. Below are two key approaches we use at Nitid to keep user data safe in DST web apps:

    No Backend Data Storage

    User health-related data is never stored in an external database. Nitid often uses this approach in the following scenarios:

    • Clinical settings: A clinician may offer an iPad with the DST loaded during a patient’s appointment. Nitid implements both automated and manual methods to wipe a patient’s health-related data between sessions, ensuring the iPad is in a clean state before it’s handed to the next patient.

    • Research settings: When a research team is studying participants’ existing knowledge and biases on a specific health topic or evaluating how well they absorb medical knowledge through various formats (e.g., infographics, interactive interfaces, audio transcribing, etc.), the DST collects data only during the session but discards it when the session ends. Researchers often conduct exit interviews after the DST session to gather insights.

    When a user wants a record of their answers and recommendations, Nitid can implement an API that allows them to send themselves a PDF summary via email.

    Secure Backend Data Storage

    When data storage is required, Nitid ensures that all sensitive information—especially health-related data—is stored securely and anonymously in an external database. Personal identifying information (PII), such as names or email addresses, is never stored alongside user inputs. Instead, a unique identifier—like a combination of color, animal, and number (e.g., green-otter-52)—may be used to tag a user session while maintaining anonymity. Nitid uses this approach when a research team client wants insight into aggregate health-related data or user behavior analytics—for example, measuring how much time a user spends on the DST.

    We also follow standard data security practices:

    • Using cloud service providers with strong security track records

    • Conducting automated security audits of third-party packages in the tech stack

    • Ensuring all data is transmitted over HTTPS

    • Regularly reviewing internal protocols for handling sensitive data

    Ultimately, strong security practices help medical professionals build trust with their clients, and trust leads to informed, confident, and often better health outcomes. While it’s satisfying to identify vulnerabilities and strengthen security practices across our systems, it’s even more rewarding to hear from our clients how the DSTs we’ve built have made a real difference in someone’s life.