Skip to main content

How we protect your data.

Data protection, information security, and regulatory compliance — here you will find the key facts about our technical and organizational setup.

Data Protection

GDPR-compliant

Processing based on the legal basis of Art. 6 and Art. 9 GDPR. No processing of patient data without the hospital's legal basis.

Data stays in the EU

All patient data is processed and stored exclusively in data centers within the European Union.

C5-attested cloud infrastructure

Our infrastructure runs on servers attested according to the Cloud Computing Compliance Criteria Catalogue (C5) of the German Federal Office for Information Security (BSI) — one of the most rigorous cloud security standards in Europe.

No training on patient data

Patient data is not used for training AI models. Hospital data remains isolated within the respective tenant context.

How we protect your data

Your data is separated before we work with it.

01

Extraction

Data from all sources is captured — referral letters, findings, lab results, handwritten notes.

02

Three separate stores

OriginalsIdentity data + pseudonymHealth data + pseudonym

03

Only pseudonymised data

Processing exclusively with the pseudonymised health dataset — no names, no identity.

04

Traceable and auditable

Every insight remains linked to its source document. All changes are logged.

All data remains on GDPR-compliant servers within the EU — no transfer, no training.

Information Security

aiomics operates a quality management system according to ISO 27001 that documents and controls all relevant processes, risks, and measures.

TUV certification will be completed shortly and added here.

EU AI Act

aiomics meets the requirements of the European AI Act. Transparency obligations, risk classification, and documentation requirements are integrated into the product architecture.

All AI outputs of the platform are labeled as suggestions and drafts. Physician review and approval is required at every step.

Works Council

We have spoken with a number of works councils by now. Every one of them has approved the introduction without objections — because aiomics does not enable performance or behavior monitoring and does not displace jobs. On the contrary: the platform reduces pressure on staff, gives employees the opportunity to focus on value-adding work, and improves working conditions. Additionally, employees with visual impairments or language barriers benefit from automated document processing.

Independent Evaluation

The effectiveness of aiomics is currently being evaluated in an independent scientific study at the Charité Institute for Medical Informatics. Results will be published upon completion.

Technical Standards and Coding Systems

Interfaces

HL7v2 · FHIR R4 · ISiK · IHE XDS.b

Coding

ICD-10 · LOINC · SNOMED CT (in preparation)

Questions about data protection, regulation, or integration?

Get in touch

We respond personally — no call center, no automated emails.