Committed to Privacy & security

Our objective is to increase patients' and other subjects' safety, privacy, dignity and independence.


The optical sensors we use are also purchased by others for use as conventional cameras so it's understandable we often get asked questions about privacy and data security. 

We have designed our system in careful consultation with patients and clinical, carer and custodial users.  We're proud of how we go about our business and this page explains our approach.  

We think that the following aspects are particularly important: 


Data encrypted at source


The data generated by our optical sensors and algorithms are all encrypted immediately.


Alerts, not video streaming


Our system displays room statuses, alerts and data reports. Users may choose briefly to view a video feed if they decide they need to see into the room.  Staff managers choose whether this temporary video feed is displayed to staff as a blurred image or needs to be an identifiable one. 


The vast majority of the data our system generates are not personally identifiable

We generate mathematical data and irreversibly blurred images which do not identify a person.  


Identifiable data Are always under customer control


We use identifiable data to develop and improve our algorithms. These data are usually recorded within formal research studies. We sometimes take custody of small amounts of identifiable data from customer sites fully to debug the system in a specific room or to improve functionality required to deliver their services to patients or other subjects. These data are only released to us with specific authorisation from a designated customer representative for a specified purpose for a defined period with ongoing review of that data's use and retention.  We are not given a subject's name or other identifiers.


Data are held securely


Encrypted identifiable data are held securely on the customer site or transported securely to Oxehealth's servers and held securely there. Encrypted, non personally identifiable data are held securely in the OxeCloud. Data are held with restricted, auditable access permissions. Our systems are regularly penetration tested by third party experts and several of our government customers have completed their own security reviews.


Fully informed authorisation


Our customers review and formally adopt a detailed Data Privacy Impact Assessment which lays out how we will process data on their behalf in compliance with the General Data Protection Regulation, as part of signing a contract with us.


We don't sell data


We make solutions to help clinicians, carers and custodians look after those entrusted to them. We use certain data to improve our algorithms so that they are even more helpful to our customers. We never sell these data to third parties.


The following diagram lays out the data paths in our secure system and illustrates how we carefully create, separate, encrypt and control identifiable data and anonymised data.

  


If you would like to understand more about our data and privacy regime, please do get in touch.