OurMind privacy and security simple overview
Security and Compliance at OurMind
“How secure is OurMind?” is, unsurprisingly, one of the most frequently asked questions. At OurMind, privacy and security are paramount because they are crucial to our users' experience with our products. We prioritize the protection of customer data, the prevention of system vulnerabilities, and ensuring continuous access. In this article, we explain the data flow, storage, processing, and information handling processes.
About OurMind
OurMind is a digital AI colleague that generates high-quality, confidential medical conversation summaries, allowing doctors to focus on patient care. It listens in during regular consultations, teleconsultations, MDOs, and other meetings, transcribes these conversations, and summarizes them in the style of the healthcare provider while offering suggestions from its knowledge library.
Data Flow Overview
Here’s how data flows through OurMind:
Starting the Session: A doctor starts the recording by clicking "Start Consultation," capturing the audio conversation.
Transcription: The audio is transcribed using a custom version of whisper speech-to-text external API.
Ending the Session: The recording stops when the doctor clicks "Finish Consultation." This deletes the audio of the consultation permanently.
Summary Generation: The transcript is then processed to create a structured medical report. We use a combination of the best available Large Language Models adjusted to achieve the best results for healthcare use cases.
Data Storage, Processing and Security measures
Due to the sensitive nature of healthcare data:
Data Retention Policy: Audio Recordings are deleted immediately. Transcripts and notes are made available for up to 72 hours*, allowing physicians time to review and export them to their EHR software. (*Users can opt-out individually from this option in their settings.) Reason: Limiting data retention to 72 hours reduces the risk of data breaches and ensures compliance with privacy regulations. It also minimizes the amount of sensitive data stored, thereby reducing the attack surface.
Infrastructure: Data processing occurs within OurMind's infrastructure on Microsoft Azure, in Sweden and at our data center in the Netherlands in a ISO and NEN certified facility maintaining compliance with GDPR. We ensure data is never stored outside our control through strict data retention agreements with all service providers.
Disk Encryption: Utilize AES-256 for encrypting data at rest.
Reason: AES-256 is a symmetric encryption algorithm known for its high security and efficiency. It ensures that data stored on disk is protected from unauthorized access.SSL/TLS Encryption: Implement SSL/TLS for securing data while in transit.
Reason: SSL/TLS protocols provide end-to-end encryption for data sent over the network, protecting against eavesdropping and man-in-the-middle attacks.Wireguard Encryption: Use Wireguard for encrypting internal network traffic.
Reason: Wireguard is a modern VPN protocol that provides a high level of security with better performance compared to traditional VPN protocols. It ensures that internal communications are secure.
Information Security
OurMind is committed to maintaining the highest standards of information security and compliance, including adherence to ISO 27001 and NEN standards. We are currently working towards ISO 27001 and NEN certification, with certification expected by Q1 2025.
Third-Party Audits
OurMind DPIA and Pen-test.
In connection with the pilot at the St Jansdal Hospital in Harderwijk, a DPIA was conducted, and the Nij Smellinghe Hospital in Drachten performed a pen-test; both were successfully passed and can be requested from OurMind.