MVision AI: your data is protected!

MVision AI not only provides unique AI-powered solutions for Radiotherapy treatment planning but also follows the highest standards of data protection for clinics and their patients. This is of utmost importance to us so we are very excited to celebrate Data Privacy Week and explain how we protect your data and respect patient privacy!

From the very outset, MVision AI has followed the GDPR and HIPAA requirements for data security and privacy. What are these requirements and how does MVision fulfill them? Let us explain.

What is HIPAA?

The HIPAA – Health Insurance Portability and Accountability – Act is a federal law issued in 1996 in the USA. In the earliest form, it had dual goals: to make healthcare delivery more efficient and increase the number of Americans with health insurance coverage.

After computers became an integral part of life and patient data migrated from hospital archives to online storage, the issue of data safety and protection became acute.

The HIPAA Privacy and Security rules 

On April 14, 2003, the Privacy Rule came into effect. Since then the HIPAA establishes national standards to protect individuals’ medical records and other individually identifiable health information (collectively defined as “protected health information” or PHI) and applies to health plans, healthcare clearinghouses, and those healthcare providers that conduct certain healthcare transactions electronically.

What is GDPR?

The GDPR – General Data Protection Regulation – came into effect on 25th May 2018. It provides a legal framework to keep everyone’s personal data safe by requiring every company to have robust processes in place for handling and storing personal information.

The key principles of GDPR

Lawfulness, fairness and transparency.

Whenever you are processing personal data, you should have a good reason for doing so. The concept of fairness means you shouldn’t purposely withhold information about what or why you’re collecting data. By following transparency, you act fairly towards your data subjects.

Purpose limitation

It sets boundaries around using data only for specific activities. Your purposes for processing data must be clearly established and you must follow them closely, limiting the processing of data to only the purposes you’ve stated.

Integrity and security

A company must protect data from unauthorized or unlawful processing and accidental loss, destruction, or damage from both internal and external threats.

Accountability

A company must have appropriate measures and records in place as proof of its compliance with the data processing principles. Supervisory authorities can ask for this evidence at any time. Documentation is the main key.

So how does MVision AI protect your information and safeguard patient privacy?

Before a patient CT or MRI scan is sent to our Cloud AI for processing, it is first handled by the MVision Daemon server. This daemon is installed within the clinic’s network and has the task of de-identifying and encrypting the scans before they are sent to our service. Only the clinic has control over this tool! MVision has no access except when it is temporarily granted by the user for technical support or software updates. Personal data is always retained locally and temporarily in “working memory” (RAM)  by the daemon and is never saved or stored anywhere e.g. on the hard drive, thus it is not accessible to anyone, including MVision AI.

As illustrated in the figure above, only anonymised data is sent to the MVision AI cloud service where it is automatically processed (segmented) by our deep learning (DL) algorithm to create a 3D model of the anatomical structures. After the segmentation process is complete, the resulting structure set is sent back to the local MVision Daemon which restores the patient details so that the final results can be imported into the treatment planning system (TPS). In this fully GDPR and HIPAA compliant workflow, no personal data (PHI) ever leaves the hospital’s IT systems and the clinic remains in full control of their data with MVision’s role being purely that of data processor.

After the segmentation service is completed, scans are deleted from the cloud within 24 hours – even less if desired by the user. In the unlikely case of inadvertent/accidental submission of a patient’s personal data with the uploaded scans, the MVision Cloud will automatically reject and delete this data. Safeguards such as these and the workflow described above are in keeping with our philosophy of Safety by Design.

MVision AI is proud to be in the forefront of providing high-quality and ground-breaking AI solutions for advancing clinical care while ensuring patient privacy and data are fully protected.

Sources

The HIPAA Journal. “HIPAA History”, https://www.hipaajournal.com/hipaa-history/

Total HIPAA. “GDPR and HIPAA Compliance – Do They Overlap?”, https://www.totalhipaa.com/gdpr-and-hipaa/

Council of the European Union. “The general data protection regulation”, https://www.consilium.europa.eu/en/policies/data-protection/data-protection-regulation/

Our Newsletter

Subscribe to get information, latest news and other interesting offers about MVision AI

Related Posts

13.12.2024

Saad Ullah Akram Appointed as CEO of MVision AI

Helsinki, Finland – MVision AI, a leading provider of AI-powered solutions for radiation therapy treatment planning, announces the appointment of Saad Ullah Akram as its new Chief Executive Officer. Known for its commitment to streamlining workflows and enhancing treatment quality in cancer care, MVision AI is embarking on an exciting…

Press Releases

20.11.2024

MVision AI Ranked Among the Top 10 in Deloitte Technology Fast 50 Finland for 2024

Helsinki, Finland, 20 November 2024 – MVision AI, a leading innovator in AI-driven solutions for oncology, is proud to announce its recognition among the top ten companies in the Deloitte Technology Fast 50 Finland 2024 ranking. This prestigious award acknowledges MVision AI's rapid growth and its mission-driven advancements in making…

Press Releases

7.11.2024

Safe and Ethical AI in Radiation Oncology: Regulations and MVision’s Compliance

Technology is evolving, and the same applies to Radiation Oncology. New ways and new tools require new rules. Artificial intelligence (AI)  brings tremendous potential, so the world has to learn how to get the best of it, safely.  Al systems identified as high-risk have to comply with strict requirements, including…

Articles