NICO.LAB is a processor of data and not a controller. The algorithms in StrokeViewer’s AI technology only process the patient data, and communicate it to other hospitals/physicians, being compliant to the AI Code of Conduct.
The data that StrokeViewer processes is subject to medical confidentiality. General Data Protection Regulation (GDPR) has been in force in the European Union as of May 25th 2018 and NICO.LAB as a processor, is obliged to comply with these rules. By implementing an Information Security Management System (ISMS) and working according to ISO 27001, NICO.LAB meets the required standards for data security and audit trail. All data is encrypted “in transit” (TLS) as well as in storage “at rest” (AES 256/128). Furthermore, in the event of a data leak, the data protection officer is warned and necessary steps are taken as required by ISMS, ISO 27001 and local laws. Access by third parties is always impossible.
In addition, StrokeViewer will not store any other patient data apart from the necessary radiological images and the corresponding DICOM information. This data will be automatically deleted at the time specified in the processing agreement. By means of high-quality information security, NICO.LAB complies with the legally required protection of patient data. Limitations of the data lie in the fact that StrokeViewer will be adopted in a clinical workflow setting, and therefore the processed data can and shall not be used for further analysis. NICO.LAB will set up separate contracts regarding this issue with every hospital. All employees involved must sign a confidentiality agreement at NICO.LAB and at its sub-processors to ensure confidentiality.