Data Privacy & Security
Compliance and Certifications
All of the work we do at AiCure is built upon a foundation of information security and data privacy best practices. In order to maintain the highest industry standards, AiCure’s long-term secure storage of protected health information (PHI) complies with HIPAA, GDPR, and 21CFR11 or for de-identified PHI. AiCure has also received ISO 27001 and SOC2 certifications. These certifications show we have the training, people, processes, controls, and technologies needed to protect the data of both our organization and our customers.
Data Privacy & Security Practices
All data is encrypted when collected and maintained in the encrypted state at all times, in motion, and at rest. AiCure analyzes any country in which the platform is to be deployed and either makes all required filings in those countries or assists the CRO/Sponsor in making these filings. When stored, the full facial images are retained only on our secure servers, encrypted at all times. No access is provided to these images outside of a small group of trained and certified video reviewers at AiCure.
SOC 2 for Service Organizations
These reports address controls relevant to security, availability and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information these systems process. They provide a level of detail sufficient to address the user’s vendor risk management needs and are restricted to specified parties with sufficient knowledge and understanding of the service organization’s system and the nature of services it provides.
ISO/IEC 27001 is widely known, providing requirements for an information security management system (ISMS), though there are more than a dozen standards in the ISO/IEC 27000 family. Using them enables organizations of any kind to manage the security of assets such as financial information, intellectual property, employee details or information entrusted by third parties.