Aidence develops and provides software solutions, based on Artificial Intelligence, to support healthcare providers with their diagnostic procedures, which include the automated diagnostic evaluation of medical images for identification and evaluation of abnormalities.
Aidence applies state-of-the-art technical and organisational measures to protect the data that is being processed by us. This means, amongst others, pseudonymising personal information processed, encrypting data being processed and restricting access to the data being processed. Aidence does not access the personal information that is processed without retrieving clear instructions from the customer (healthcare provider) for whom Aidence processes the personal information.
How does Aidence further protect information?
In order to further safeguard medical images processed by Aidence, Aidence has installed an Information Security Management System according to the ISO 27001 management standard (EN-ISO / IEC 27001:2013 Information technology – Information Security Management Systems – Requirements). Aidence has implemented relevant technical and organisational measures in line with the requirements of the ISO 27001 standard and as required by law to safeguard the personal information processed pertaining to the Services provided by Aidence.
Immediately after successful analysis of medical images (and all related personal information), the medical images and related personal information are permanently deleted from the Aidence servers. If medical images, for whatever reason, fail to be successfully processed, Aidence may store those on the server for error resolution for a period of 7 days by default (timelines may vary per agreement with the healthcare provider) before being permanently deleted. In some circumstances (e.g. when creating screening reports) data may be stored on the Aidence servers for a 7-day period before being permanently deleted. Due to the nature of the processing activities, which is the analysis of copies from medical images, Aidence does not back-up information that is processed. This is considered necessary to minimise the unnecessary storage of personal information.
There is one exception to the clause above, which is that Aidence stores the accession number (unique scan identification number, also considered personal information) for a period of 30 days after which its permanently deleted, to ensure that if error resolution would be required, Aidence is able, with support from the healthcare provider to retrospectively analyse a specific medical image.
Certificate ISO 27001:2013
A copy of the ISO 27001:2013 standard can be downloaded via this link.
Enquiries regarding how Aidence protects information?
Should you have any questions as to how your medical image(s) is (are) processed by Aidence? Please contact your healthcare provider directly, they should be able to answer any question you may have.
Should you have any request with regards to access, rectification, deletion, restrictions for processing, portability of your information, we ask of you to contact your healthcare provider. As Aidence immediately deletes all information (except that can identify you we are unable to link any image processed to an individual person and is therefore unable to execute such request without support of the healthcare provider.
Should you have a general enquiry as to how Aidence treats medical images, please feel free to get in touch with us via firstname.lastname@example.org.