MVision AI: your data is protected!

MVision AI not only provides unique AI-powered solutions for Radiotherapy treatment planning but also follows the highest standards of data protection for clinics and their patients. This is of utmost importance to us so we are very excited to celebrate Data Privacy Week and explain how we protect your data and respect patient privacy!

From the very outset, MVision AI has followed the GDPR and HIPAA requirements for data security and privacy. What are these requirements and how does MVision fulfill them? Let us explain.

What is HIPAA?

The HIPAA – Health Insurance Portability and Accountability – Act is a federal law issued in 1996 in the USA. In the earliest form, it had dual goals: to make healthcare delivery more efficient and increase the number of Americans with health insurance coverage.

After computers became an integral part of life and patient data migrated from hospital archives to online storage, the issue of data safety and protection became acute.

The HIPAA Privacy and Security rules 

On April 14, 2003, the Privacy Rule came into effect. Since then the HIPAA establishes national standards to protect individuals’ medical records and other individually identifiable health information (collectively defined as “protected health information” or PHI) and applies to health plans, healthcare clearinghouses, and those healthcare providers that conduct certain healthcare transactions electronically.

What is GDPR?

The GDPR – General Data Protection Regulation – came into effect on 25th May 2018. It provides a legal framework to keep everyone’s personal data safe by requiring every company to have robust processes in place for handling and storing personal information.

The key principles of GDPR

Lawfulness, fairness and transparency.

Whenever you are processing personal data, you should have a good reason for doing so. The concept of fairness means you shouldn’t purposely withhold information about what or why you’re collecting data. By following transparency, you act fairly towards your data subjects.

Purpose limitation

It sets boundaries around using data only for specific activities. Your purposes for processing data must be clearly established and you must follow them closely, limiting the processing of data to only the purposes you’ve stated.

Integrity and security

A company must protect data from unauthorized or unlawful processing and accidental loss, destruction, or damage from both internal and external threats.

Accountability

A company must have appropriate measures and records in place as proof of its compliance with the data processing principles. Supervisory authorities can ask for this evidence at any time. Documentation is the main key.

So how does MVision AI protect your information and safeguard patient privacy?

Before a patient CT or MRI scan is sent to our Cloud AI for processing, it is first handled by the MVision Daemon server. This daemon is installed within the clinic’s network and has the task of de-identifying and encrypting the scans before they are sent to our service. Only the clinic has control over this tool! MVision has no access except when it is temporarily granted by the user for technical support or software updates. Personal data is always retained locally and temporarily in “working memory” (RAM)  by the daemon and is never saved or stored anywhere e.g. on the hard drive, thus it is not accessible to anyone, including MVision AI.

As illustrated in the figure above, only anonymised data is sent to the MVision AI cloud service where it is automatically processed (segmented) by our deep learning (DL) algorithm to create a 3D model of the anatomical structures. After the segmentation process is complete, the resulting structure set is sent back to the local MVision Daemon which restores the patient details so that the final results can be imported into the treatment planning system (TPS). In this fully GDPR and HIPAA compliant workflow, no personal data (PHI) ever leaves the hospital’s IT systems and the clinic remains in full control of their data with MVision’s role being purely that of data processor.

After the segmentation service is completed, scans are deleted from the cloud within 24 hours – even less if desired by the user. In the unlikely case of inadvertent/accidental submission of a patient’s personal data with the uploaded scans, the MVision Cloud will automatically reject and delete this data. Safeguards such as these and the workflow described above are in keeping with our philosophy of Safety by Design.

MVision AI is proud to be in the forefront of providing high-quality and ground-breaking AI solutions for advancing clinical care while ensuring patient privacy and data are fully protected.

Sources

The HIPAA Journal. “HIPAA History”, https://www.hipaajournal.com/hipaa-history/

Total HIPAA. “GDPR and HIPAA Compliance – Do They Overlap?”, https://www.totalhipaa.com/gdpr-and-hipaa/

Council of the European Union. “The general data protection regulation”, https://www.consilium.europa.eu/en/policies/data-protection/data-protection-regulation/

Our Newsletter

Subscribe to get information, latest news and other interesting offers about MVision AI

Related Posts

19.2.2024

MVision AI is delighted to announce that we have received our 2nd order for the Republic of Ireland from St. Luke’s Radiation Oncology Network (SLRON)

Finland, Helsinki, February 19, 2024 The contract for installing Contour+ Guideline Based AI Segmentation tool has been won through the public tender process and implies a three-year agreement for 5,000 scans per year. This order comes in quick succession following MVision AI's successful award of the tender from the Republic…

Press Releases

14.2.2024

New proofs supporting the efficacy of radiation therapy for kidney cancer 

February is the month when Cancer research UK raises awareness about kidney cancer. In 2020 over 400 000 people were diagnosed with this disease, and almost 180 000 died, worldwide. In the UK, there are over 13 000 new cases each year, on average, and almost 5000 lost lives. The…

Articles

2.2.2024

World Cancer Day – Joining efforts for a better cancer care

World cancer day, celebrated on the 4th of February, was established more than 20 years ago. It represents an initiative of the Union for International Cancer Control (UICC) , the oldest and largest global membership organization dedicated to taking action on cancer. UICC has over 1150 member organizations in 172…

News