ý 
because of regulatory restrictions, FOX is no longer supported


The intended audience for this information are ICT or regulatory persons who are responsible for hospital privacy and data protection policy.


[Introduction

FOX is an AI application (artificial intelligence) to assist the audiologist in finding the optimal MAP for a CI processor. A MAP is what an audiologist typically creates or modifies during a CI fitting session. Every CI (Cochlear Implant) user receives regular fitting sessions to get his device optimized. His/her MAP is a set of parameters that defines how sound is converted to code for the CI. Our system sends the current MAP and the measured audiological test results to the FOX web service. The information is encrypted and anonymous. The web service hosts the 'intelligent agent' FOX, which is the AI application. It analyses the received data and generates a new MAP which is likely to be better than the previous one. This new MAP is returned to the audiologist as recommendation and it is up to the audiologist to decide whether or not to put this MAP into the CI processor.


Why are data uploaded to the cloud?

The data need to be sent to the cloud because that’s where they are processed by the AI engine. Our web service saves the data because they are required for learning purposes. Learning is an inherent feature of AI and it makes the algorithms stronger with increasing data sets. By saving all data from all clinical FOX centres into the cloud, the dataset that is available for learning is significantly larger than when FOX would learn from only one centre.


Which data are uploaded to the cloud?

Only FOX sends data to the cloud, ]

Audiqueen does not send data to the cloud (except a few technical data for user licence activation). 

[FOX only transfers data to the cloud from the patient whose MAP is being optimized (hereafter called the Transferred Data, see details below). The Transferred Data are pseudonymized, which means that they do not contain Patient Names, DOB, Address, or any other data which would allow identification. Within the local centre (hospital, clinic, CI centre, ...) each patient receives a random serial number (GUID) in order to ensure coherence and to avoid confusion with information on different patients. The names and other identifiers of patients stay exclusively in possession of the local centre bound by medical secrecy. Only the GUID is transferred to the cloud. Hence, according to the GDPR definitions, since identification of the Transferred Data is not possible with all the means likely reasonably to be used, no identifiable personal data are transferred to the FOX or Audiqueen web servers[i]. Following the same reasoning, according to the HIPAA definitions, since there is no reasonable basis to believe that the Transferred Data can be used to identify an individual, it is concluded that no individually identifiable health information is transferred to the FOX or Audiqueen web servers[ii].]


Encryption

All data are encrypted by means of Symmetric cryptography using TLS 1.2 before being transferred to our webservers.


Regulatory

Audiqueen is compliant with GDPR, HIPAA and the Privacy Rule. Otoconsult is registered at the Belgian Board for the protection of the privacy.


Transferred Data (2018)

This is the content of the data packaged transferred to the cloud (for dates, only years are transferred, not days and months):

  • Advice and version of the advice requested

  • Patient data

    • FOX Patient Guid

    • FOX Centre Guid

    • Sex

    • DOB

    • InitialFitDate

    • Remarks

  • Implant data

    • Electrode insertion depth

    • FOX Implant GUID

    • Side

    • InitialFitDate

    • SurgeryDate

    • Explantation date *

    • Implant type

  • Speech processor data *

    • Processor Status

    • Processor Type

  • Map of which the advise was requested

  • Outcomes requested to be used

  • The FOX session (switch on, session B, C to X)


[i]  Article 29 Data Protection Working Party’s Opinion 4/2007 on the concept of personal data (WP 136)

[ii] Section 164.514(a) of the Privacy Rule