Security & Compliance

How Prism protects patient data and meets regulatory requirements

Data Sovereignty

  • 100% on-premises deployment on hospital VMware infrastructure
  • Offline installation via container bundles β€” no internet required
  • Zero telemetry, zero callbacks, zero cloud dependencies
  • All processing stays within the hospital network

DICOM Pseudonymization

Patient data is pseudonymized before any algorithm sees it:

  • PatientName β€” replaced with a generated pseudonym
  • PatientID β€” SHA-256 hashed with hospital-controlled salt
  • PatientBirthDate β€” randomly shifted
  • InstitutionName, StationName β€” removed
  • Physician names, operator names β€” removed
  • Free-text fields β€” redacted using NLP-based PHI detection

Re-identification mapping is stored in MongoDB with hospital-controlled encryption keys.

Algorithm Isolation

  • Containers run with --network=none (zero network access)
  • Read-only input mount, dedicated output mount
  • Non-root execution (UID 1000)
  • Memory and CPU limits enforced per algorithm
  • Configurable execution timeout

Encryption

In transitTLS 1.2+ for all external communication
At restAES-256 disk encryption via hosting provider
Field-levelMongoDB CSFLE for sensitive fields (patient ID, clinical text)

Authentication & Access Control

  • LDAP / Active Directory / BSK integration
  • Role-based access: Admin, Editor, Reader
  • Account lockout after 3 failed login attempts (15-minute block)
  • Configurable session idle timeout
  • JWT-based session tokens

Audit Logging

Every action is logged with:

  • User ID
  • Timestamp
  • Action type
  • Subject (what was affected)
  • IP address (last octet masked for GDPR)

Audit logs are retained for 6 months with automatic cleanup. Export available in JSON and CSV.

Data Retention

  • Studies auto-deleted after 30 days (configurable)
  • Audit logs retained 6 months
  • Full purge capability for contract termination
  • DSAR (Data Subject Access Request) export built in

GDPR Compliance

  • Pseudonymization before processing (Article 25 β€” Data Protection by Design)
  • Sub-processor tracking per algorithm (Article 28)
  • Data Processing Agreement management
  • Data subject access request export
  • Right to erasure (per-patient study deletion)
  • Data portability (study and result export)

EU AI Act Compliance

Per-algorithm compliance dashboard tracking:

  • CE marking status and MDR classification
  • Risk classification (Article 6)
  • Intended purpose and intended use
  • Human oversight requirements
  • Training data governance documentation
  • Post-market surveillance reports (Article 72)