Security | Vesalius.ai

Security & privacy

At Vesalius.ai, we are deeply committed to your privacy, a dedication reflected in our three key values that ensure the protection and responsible handling of patient data. To build trust with our users, we continuously improve our security and privacy measures, adapting to evolving threats and regulatory landscapes while prioritizing data security and privacy.

Data Protection

Our commitment to data protection is unwavering. We implement industry-standard encryption
for all data transmissions, ensuring that sensitive patient information remains confidential and secure
during transfer. Strict access controls limit data access to authorized personnel only, preventing
unauthorized access and ensuring responsible handling of patient data. Regular security audits and
vulnerability assessments proactively identify and mitigate potential risks, maintaining a secure
environment for our users.

Compliance

Compliance with regulatory standards is at the core of our operations. We adhere to the General Data Protection Regulation (GDPR) to protect the personal data of EU citizens, emphasizing transparency in data usage and the right to data erasure. Our platform is also designed to meet the Health Insurance Portability and Accountability Act (HIPAA) standards, implementing safeguards to protect electronic health information and ensure compliance with HIPAA regulations

Transparency

We value transparency in our data practices. Our privacy policy outlines how we collect,
use, and store data, ensuring users are informed about their data rights. We provide
easy-to-use tools for users to control their data, allowing them to request access, corrections,
or deletion of their personal information. Our dedication to transparency builds trust with our
users, emphasizing their control over their data.

Security & privacy FAQ's

For patients

How does Vesalius.ai protect my personal health data?

Vesalius.ai uses industry-standard encryption to protect all data transmissions, ensuring that your personal health information remains confidential and secure. We also implement strict access controls to limit data access to authorized healthcare providers only.

Who owns the data collected by Vesalius.ai?

As a patient, you own your personal health data. Vesalius.ai acts as a data processor, handling your data on behalf of your healthcare provider, who is the data controller. We do not claim ownership of your data.

Can I request a copy of my health data or have it deleted?

Yes, you can request access to your health data, corrections, or deletion at any time. We provide easy-to-use tools and support to facilitate these requests, ensuring you have control over your personal information.

How does Vesalius.ai ensure transparency in data practices?

Our privacy policy outlines how we collect, use, and store your health data, ensuring you are informed about your data rights. We are committed to transparency and provide clear information about our data practices.

What happens if there is a data breach involving my health information?

In the unlikely event of a data breach, Vesalius.ai has protocols in place to promptly notify affected patients and regulatory authorities, as required by law. We will take immediate action to mitigate the impact and strengthen our security measures.

For healthcare providers

Is Vesalius.ai compliant with GDPR and HIPAA?

Yes, Vesalius.ai adheres to both GDPR and HIPAA regulations. We prioritize transparency in data usage and provide patients with control over their personal information, including the right to data erasure.

What is Vesalius.ai's role from a GDPR perspective?

From a GDPR perspective, Vesalius.ai acts as a data processor. This means we process personal data on behalf of healthcare providers, who are the data controllers. We are committed to processing data in compliance with GDPR requirements, ensuring data protection, transparency, and patient control over personal information.

How often are security measures reviewed and updated?

Vesalius.ai conducts regular security audits and vulnerability assessments to proactively identify and mitigate potential risks. We continuously review and update our security measures to adapt to evolving threats and regulatory landscapes.

How does Vesalius.ai ensure data minimization?

Vesalius.ai adheres to the principle of data minimization by only collecting and processing data that is necessary for the intended purpose. We avoid collecting excessive or irrelevant data to minimize risks and maintain patient privacy.

Does Vesalius.ai share patient data with third parties?

Vesalius.ai does not share patient data with third parties unless it is necessary for providing our services, complying with legal obligations, or with explicit patient consent. We ensure that any third-party data processors comply with our data protection standards.

How long does Vesalius.ai retain patient data?

Vesalius.ai retains patient data only as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. Once the data is no longer needed, it is securely deleted or anonymized.