Q1: How does MPAssist ensure the security of medical reports generated through its software?
MPAssist operates on AWS in Switzerland with unique keys for data decryption, ensuring only authorized access. Sensitive and non-sensitive data are strictly separated, with sensitive data never interacting with LLMs. This strict protocol ensures high security standards and prevents data leaks.
Q2: What measures does MPAssist take to protect patient data?
Sensitive data like patient and doctor names are only entered through the front-end application and never shared with third parties. Non-sensitive, anonymized medical reports go through the machine learning pipeline and are securely merged with sensitive data on our servers. This approach ensures maximum data protection and confidentiality.
Q3: Is patient data stored on OpenAI servers?
No, patient data is not stored on OpenAI servers or any other third-party provider. Sensitive data is strictly kept within our secure AWS environment in Switzerland.
Q4: How does MPAssist comply with GDPR regulations?
MPAssist is fully GDPR compliant, having undergone rigorous procedures with specialized entities. Our data flow setup is compliant with GDPR regulations across Germany, Austria, Switzerland, and Europe, ensuring the highest standards of data privacy.
Q5: What steps are taken to prevent unauthorized access to medical reports?
We utilize a KMS service on AWS, ensuring that only we and the clients hold the decryption keys. Our strict policies prevent unauthorized access, with developers only working on test data and no client seeing another client’s data.
Q6: Can doctors include sensitive patient information in the audio recordings?
No, doctors are advised against including sensitive information in audio recordings. Recordings are treated as non-sensitive data, and we encourage referring to patients without using specific names.
Q7: What happens to the data once the medical report is generated?
The data is stored temporarily to allow clients to manage and integrate it into their systems. Upon request, we can delete the data, ensuring flexibility and control for our clients.
Q8: Are there any additional security measures in place?
Yes, additional measures include hosting on AWS in Switzerland with exclusive KMS keys, strict developer policies, and ensuring no client can access another client’s data. These measures uphold our commitment to GDPR compliance and data privacy.