Security & Compliance

How Prism protects patient data and meets regulatory requirements

Data Sovereignty

  • 100% on-premises deployment on your own VMware infrastructure
  • Offline installation via container bundles — no internet required
  • Zero telemetry, zero callbacks, zero cloud dependencies
  • All processing stays within your network

DICOM Pseudonymization

Patient data is pseudonymized before any algorithm sees it:

  • PatientName — replaced with a generated pseudonym
  • PatientID — SHA-256 hashed with operator-controlled salt
  • PatientBirthDate — randomly shifted
  • InstitutionName, StationName — removed
  • Physician names, operator names — removed
  • Free-text fields — redacted using NLP-based PHI detection

Re-identification mapping is stored in MongoDB with operator-controlled encryption keys.

Algorithm Isolation

  • Containers run with --network=none (zero network access)
  • Read-only input mount, dedicated output mount
  • Non-root execution (UID 1000)
  • Memory and CPU limits enforced per algorithm
  • Configurable execution timeout

Encryption

In transitTLS 1.2+ for all external communication
At restAES-256 disk encryption via hosting provider
Field-levelMongoDB CSFLE for sensitive fields (patient ID, clinical text)

Authentication & Access Control

  • LDAP / Active Directory / BSK integration
  • Role-based access: Admin, Editor, Reader, Auditor
  • Account lockout after 3 failed login attempts (15-minute block)
  • Configurable session idle timeout
  • JWT-based session tokens

Audit Logging

Every action is logged with:

  • User ID
  • Timestamp
  • Action type
  • Subject (what was affected)
  • IP address (last octet masked for GDPR)

Audit logs are retained for 6 months with automatic cleanup. Export available in JSON and CSV.

Data Retention

  • Studies auto-deleted after 30 days (configurable)
  • Audit logs retained 6 months
  • Full purge capability for contract termination
  • DSAR (Data Subject Access Request) export built in

GDPR

  • Pseudonymization before processing (Article 25 — Data Protection by Design)
  • Sub-processor tracking per algorithm (Article 28)
  • Data Processing Agreement management
  • Data subject access request export
  • Right to erasure (per-patient study deletion)
  • Data portability (study and result export)

EU AI Act

Per-algorithm documentation and tracking:

  • CE marking status and MDR classification
  • Risk classification (Article 6)
  • Intended purpose and intended use
  • Human oversight requirements
  • Training data governance documentation
  • Post-market surveillance reports (Article 72)