Data minimization
We look at the scenario and remove fields that do not affect the meaning of the report, the working route or the pilot's quality check.
Clinics, labs and healthtech teams need to understand which data a pilot requires, who gets access to results and which questions are settled before launch. This page gives an open overview without publishing our closed technical and information-security documentation.
We start not with a technical diagram but with the partner's goals: who will use the result, which text-based medical data is required, where the report appears and which constraints matter for the team. The service complies with HIPAA and GDPR requirements. General processing principles are described in the privacy policy and the data processing agreement.
For a B2B project we separate, in advance, the data that is genuinely needed for the result from information that can be left out or replaced with test values.
We look at the scenario and remove fields that do not affect the meaning of the report, the working route or the pilot's quality check.
The work is built around lab results, discharge summaries, prescriptions, visit notes and text-based study conclusions in an agreed form.
For the initial check, de-identified test samples, synthetic records or prepared partner cases are suitable.
The patient, doctor, operator, administrator and product team can each see a different level of detail.
The storage and deletion environment is agreed within the project, accounting for the scenario, the arrangements and the partner's internal rules. Baseline principles are in the privacy policy.
The final report adapts to the channel: a patient account, a specialist's workstation, an internal service or a white-label interface.
Before the pilot it is important to agree not only on the product scenario but also on the responsible people on both sides. This reduces the risk of unnecessary data, blurred access rights and disputed expectations of the result.
We define who sends data, who receives the result, who validates the samples and who decides on further rollout. Different roles can get a different report format. Scenarios for clinics, labs and patient journeys are gathered in the B2B use-case overview.
Teams agree in advance on the set of materials, the pilot procedure, data requirements, the support format and the rules for exchanging information between the responsible participants. Pilot launch terms are described in Pricing and Pilot.
For demos and tests we use de-identified test samples or specially prepared sets. Real cases are discussed separately and only within an agreed process. Our approach to quality checks is on the Quality Proof page.
The open page does not publish access parameters, internal schemes, working regulations or detailed information-security materials. This protects partners and the integration process itself. The general integration approach is on the Integration and API page.
The public page helps you understand the approach. Anything that could reveal the working environment is shared only directly and only after discussing the project.
Specific connection settings, operating limits, exchange formats and instructions for the partner's team.
Detailed descriptions of protective controls, internal procedures, lists of responsible people and additional answers for the security team.
The data scope, roles, retention timelines, deletion procedure, support and scaling terms are fixed for the specific pilot.
After a short meeting and an agreed scenario we prepare a package of materials for the security team. Its contents adapt to the maturity of the process and the project task.
The scheme of how data enters processing, who receives the result and where each side's responsibility ends. The public integration overview is on the Integration and API page.
A description of roles, timelines, deletion rules and sample-handling scenarios within the specific pilot.
A baseline edition of the documents for review by your legal and security teams, with room for adaptation.
Prepared answers to the recurring items in security questionnaires: processing purposes, data scope, environment and responsible parties.
Tell us about the scenario, the roles and the data types. We will propose a pilot format and the list of materials for your team.