The intended audience for this information are ICT or regulatory persons who are responsible for hospital privacy and data protection policy.
FOX is an AI application (artificial intelligence) to assist the audiologist in finding the optimal MAP for a CI processor. A MAP is what an audiologist typically creates or modifies during a CI fitting session. Every CI (Cochlear Implant) user receives regular fitting sessions to get his device optimized. His/her MAP is a set of parameters that defines how sound is converted to code for the CI. Our system sends the current MAP and the measured audiological test results to the FOX web service. The information is encrypted and anonymous. The web service hosts the 'intelligent agent' FOX, which is the AI application. It analyses the received data and generates a new MAP which is likely to be better than the previous one. This new MAP is returned to the audiologist as recommendation and it is up to the audiologist to decide whether or not to put this MAP into the CI processor.
Why are data uploaded to the cloud?
The data need to be sent to the cloud because that’s where they are processed by the AI engine. Our web service saves the data because they are required for learning purposes. Learning is an inherent feature of AI and it makes the algorithms stronger with increasing data sets. By saving all data from all clinical FOX centres into the cloud, the dataset that is available for learning is significantly larger than when FOX would learn from only one centre.
Which data are uploaded to the cloud?
Only data from the patient whose MAP is being optimized, are transferred to the cloud (hereafter called the Transferred Data). The Transferred Data are pseudonymized, which means that they do not contain Patient Names, DOB, Address, or any other data which would allow identification. Within the local centre (hospital, clinic, CI centre, ...) each patient receives a random serial number (GUID) in order to ensure coherence and to avoid confusion with information on different patients. The names and other identifiers of patients stay exclusively in possession of the local centre bound by medical secrecy. Only the GUID is transferred to the cloud. Hence, according to the GDPR definitions, since identification of the Transferred Data is not possible with all the means likely reasonably to be used, no identifiable personal data are transferred to the FOX or Audiqueen web severs[i]. Following the same reasoning, according to the HIPAA definitions, since there is no reasonable basis to believe that the Transferred Data can be used to identify an individual, it is concluded that no individually identifiable health information is transferred to the FOX or Audiqueen web servers[ii].
All data are encrypted by means of Symmetric cryptography using TLS 1.2 before being transferred to our webservers.
Audiqueen comes with an opt-in/opt-out feature for having data transferred to the cloud. By default this is set to opt-in (unless otherwise decided by the administrator). Patients can choose to opt-out. The consequence of this is that no Audiqueen or FOX data pertaining to this patient, even pseudonymized, will be transferred to the cloud. A trivial consequence is also that the FOX decision support application will not be available for this patient.
FOX and Audiqueen have a CE mark as class I medical device and are compliant with GDPR, HIPAA and the Privacy Rule. FOX is a decision support system. Otoconsult is registered at the Belgian Board for the protection of the privacy.
Transferred Data (2018)
This is the content of the data packaged transferred to the cloud (for dates, only years are transferred, not days and months):
Advice and version of the advice requested
FOX Patient Guid
FOX Centre Guid
Electrode insertion depth
FOX Implant GUID
Explantation date *
Speech processor data *
Map of which the advise was requested
Outcomes requested to be used
The FOX session (switch on, session B, C to X)
[i] Article 29 Data Protection Working Party’s Opinion 4/2007 on the concept of personal data (WP 136)
[ii] Section 164.514(a) of the Privacy Rule