Hospital AI - Clinical Governance Infrastructure

At Hospital AI ("we," "our," or "us"), we are committed to protecting the privacy and security of the data entrusted to us by healthcare providers. This Privacy Policy outlines how we handle information within our AI governance infrastructure.

1. Information Collection

We collect information necessary to provide our governance and monitoring services. This includes:

Account Information: Name, email address, hospital affiliation, and role.
Usage Data: Logs, interaction metrics, and performance data related to AI model deployment.
Governance Artifacts: Documentation, model cards, and validation reports uploaded to the platform.

Note on PHI: We do not collect or store Protected Health Information (PHI) unless explicitly covered under a separate Business Associate Agreement (BAA). Our standard deployment model processes patient data locally within your secure environment.

2. How We Use Information

We use the collected data to:

Authenticate users and manage access controls.
Monitor the performance and safety of deployed AI models.
Generate audit trails for regulatory compliance (FDA, NIST, ISO).
Improve the accuracy of our drift detection algorithms.

3. Data Security

We implement defense-in-depth security measures, including:

Encryption: AES-256 encryption for data at rest and TLS 1.3 for data in transit.
Access Control: Role-Based Access Control (RBAC) and Multi-Factor Authentication (MFA).
Audit Logging: Immutable logs of all system interactions.

4. Contact Us

If you have questions about this policy or our data practices, please contact our Data Protection Officer.