What patient information does Aidence process?
Aidence develops and provides software solutions, with some of these based on Artificial Intelligence, to support healthcare providers in the provision of care in the lung cancer pathway. These software solutions process personal data (mostly patient data), such as:
- Medical images (CT-scans)
- Patient ID number
- Accession number
- Patient name
- Patient age
- Patient sex
European Union (EU) / United Kingdom (UK)
Within the EU and UK GDPR, Aidence processes personal data under the GDPR (2016/679) and UK GDPR. To make sure that patient data is processed securely and in line with the regulations, each customer (as a data controller) of Aidence agrees on a Data Processing Agreement with Aidence (as data processor) which defines how patient data is processed securely.
United States of America (USA)
To ensure secure data processing of US citizens, Aidence complies with the Health Insurance Portability and Accountability Act (HIPAA). Additionally, a written contract (Business Associate Agreement; BAA) is always established between Aidence and the healthcare provider. Such BAA defines how Aidence is allowed to process personal health information on behalf of the healthcare provider.
How does Aidence protect Information?
Aidence applies state-of-the-art technical and organisational measures to protect the data that is being processed. This means, amongst others:
- Pseudonymising personal information where possible, meaning that patient data processed by Aidence cannot be directly linked to individuals;
- Application of state-of-the-art encryption techniques, meaning that if data was accessed, the data is illegible;
- Application of access control and restrictions, meaning that access to data is controlled and limited to authorized users only;
- Implementation of additional organisational controls such as security training programs, confidentiality agreements, logging of user activities;
- And many more.
At Aidence, all patient data is processed in a fully automated manner, and manual access to such data is only permitted when specifically requested by customers of Aidence. To ensure that our technical and organisational measures are adequate and address the risks associated, Aidence has installed an Information Security Management System according to the ISO 27001 management standard (EN-ISO / IEC 27001:2013 Information technology – Information Security Management Systems – Requirements).
Personal data is not stored longer than necessary and as requested by customers.
Certificate ISO 27001:2013
A copy of our ISO 27001:2013 certificate can be downloaded from the following link.
Enquiries regarding how Aidence protects information?
Where patient data is processed on behalf of customers of Aidence, Aidence conducts a Data Privacy Impact Assessment (ISO/IEC 29134). A summary of the data protection impact assessment can be requested from Aidence via [email protected].
Should you have any questions as to how your personal data is processed by Aidence? Please contact your healthcare provider directly, they should be able to answer any question you may have.
Should you have any request with regards to access, rectification, deletion, restrictions for processing, portability of your information, we ask you to contact your healthcare provider. Should you have a general enquiry as to how Aidence treats personal data, please feel free to get in touch with us via [email protected].