Privacy policy

Patient Data

NICO.LAB is a processor of data and not a controller. The algorithms in StrokeViewer’s AI technology only process the patient data, and communicate it to other hospitals/physicians, being compliant to the AI Code of Conduct.

 

The data that StrokeViewer processes is subject to medical confidentiality. General Data Protection Regulation (GDPR) has been in force in the European Union as of May 25th 2018 and NICO.LAB as a processor, is obliged to comply with these rules. By implementing an Information Security Management System (ISMS) and working according to ISO 27001, NICO.LAB meets the required standards for data security and audit trail. All data is encrypted “in transit” (TLS) as well as in storage “at rest” (AES 256/128). Furthermore, in the event of a data leak, the data protection officer is warned and necessary steps are taken as required by ISMS, ISO 27001 and local laws. Access by third parties is always impossible.

 

In addition, StrokeViewer will not store any other patient data apart from the necessary radiological images and the corresponding DICOM information. This data will be automatically deleted at the time specified in the processing agreement. By means of high-quality information security, NICO.LAB complies with the legally required protection of patient data. Limitations of the data lie in the fact that StrokeViewer will be adopted in a clinical workflow setting, and therefore the processed data can and shall not be used for further analysis. NICO.LAB will set up separate contracts regarding this issue with every hospital. All employees involved must sign a confidentiality agreement at NICO.LAB and at its sub-processors to ensure confidentiality.

 

In order to access the Patient Data, authentication provided by the hospital is implemented. As per regulations, we require 2 factor authentication in order for users to access this data. All access is kept in an audit trail. It is possible for the hospital employees to access the data in our viewer via their PC or mobile devices. To reduce information security risks NICO.LAB only processes the minimum required patient data as agreed with the hospital. NICO.LAB is open to cooperation with (independent) audits and relevant requests from the Data Protection Authorities. By implementing an Information Security Management System (ISMS), conducting regular internal and external audits and periodic penetration tests NICO.LAB meets the highest standards of data security.