Information Security and Medical Device Regulation

  • As a responsible manufacturer of medical devices, we're committed to ensuring that our AI software is safe and effective. We're deeply invested in healthcare information security.

Qure.ai and Global Medical Device Regulations

United States FDA

Qure.ai's qER product is US FDA 510(k) cleared as a radiological computer aided triage and notification software. The device is intended to assist hospital networks and trained medical specialists in workflow triage by flagging the following suspected positive findings of pathologies in head CT images: intracranial hemorrhage, mass effect, midline shift and cranial fracture.
The 510(k) summary explaining qER’s performance and clinical benefits is publicly available here in FDA’s database.

European Economic Area (CE)

Qure.ai’s qXR and qER products are Class 2A CE certified medical devices. The CE mark is a certification that indicates conformity with health, safety, and environmental protection standards for products sold within the European Economic Area.
The CE class 2A marking process includes a conformity assessment carried out by a European Notified Body (review of the technical file and clinical evidence supporting the device) and an audit of the Qure.ai’s quality management system to the ISO 1348 standard.

Other Geographies

Please contact partner@qure.ai for information on Qure.ai’s device registrations in other countries.




Information Security and Privacy at Qure.ai

This section explains the measures that Qure.ai has implemented to secure healthcare data for our customers and partners and lays out the cybersecurity protections that make our AI products are safe for use.

HIPAA compliant

Qure.ai complies with the United States Health Insurance Portability and Accountability Act by ensuring that any data is de-identified before it leaves a covered entity’s premises for cloud processing. On-premise deployments may not de-identify images, provided that data processing occurs entirely within servers that are operated and owned by the covered entity.

EU-GDPR compliant

The EU general data protection regulation addresses questions of data security and confidentiality. It introduces measures to limit the amount of data collected, the purposes for which data is used, and the duration for which it is stored. Qure.ai is GDPR-compliant with respect to healthcare data as well as other data from users of our websites and portals. Qure.ai is audited annually by 3rd-party auditors for compliance with GDPR.

ISO/IEC 27001 compliant

ISO/IEC 27001 is a global information security standard requiring that an organization systematically examine information security risks, design and implement a coherent and comprehensive suite of information security controls and adopt a process to meet these needs on an ongoing basis. Qure.ai has completed a Phase 1 ISO 27001 audit, with phase 2 underway.

Certified Software Development Processes

Qure.ai is ISO 13485 certified. ISO 13485:2016 includes protection of confidential data as well as the establishment and review of requirements for associated medical devices.
Qure.ai is IEC 62304 compliant. The IEC 62304 standard also provides IT security requirements.

Rigorous Cybersecurity Controls

Medical devices, like other computer systems, can be vulnerable to security breaches, potentially impacting the safety and effectiveness of the device. As a Medical device manufacturer Qure.ai is vigilant about identifying risks and hazards associated with our products and proactively mitigating these. Our cybersecurity team assesses vulnerabilities and threats to Qure.ai processing servers on a real-time basis and implements the appropriate control measures for both cloud servers and on-premise installations.
Cybersecurity audit reports are part of our FDA submissions and CE technical files and are evaluated by the US FDA and the European Notified Body as part of device clearance/certification.
Qure.ai also has substantial cybersecurity liability coverage, with 3rd party underwriter due diligence prior to policy issue.

Protected Data Communication

We have protect and encrypt data at every level, both at source and in transit.

  • Communication (typically transfer of DICOM files) via our API and demo portal is encrypted.
  • Communication with Qure.ai software deployed on premise servers is similarly encrypted.
  • Gateway servers are secured using the latest data protection technology.
  • Gateway servers are secured using the latest data protection technology.
  • License managers are used to authenticate user credentials .

Secure Cloud Servers

Qure.ai uses cloud servers built by cloud hosting partners with the highest standards for privacy and data security (Amazon Web Services and Azure Cloud).

Transparent User Privacy Policies

Privacy policies for users of our website, demo portal and apps are displayed to visitors who access these applications.

Please contact partner@qure.ai for information on Qure.ai’s information security measures.