Data Governance and Patient Information Preservation

1. Clear Separation of Roles and Clinical Responsibility

ProteusDx™ provides technical and interpretive support, not medical decision-making.

• The treating clinician retains full clinical responsibility for diagnosis, treatment, and patient communication.
• Over-read services focus on image quality review, AI-assisted pattern highlighting, and structured visualization support.
• No independent medical opinion is issued by ProteusDx™ outside the context of the ordering provider's review.

This separation protects scope of practice boundaries while enabling high-quality interpretive support.

2. Data Minimization by Design

ProteusDx™ applies data-minimization principles across all over-read workflows.

• Only the minimum necessary data required for review is made available
• Over-read personnel access pseudonymized or coded datasets whenever feasible
• Direct identifiers such as name, date of birth, and contact details are not required for image interpretation

This approach reduces exposure risk without degrading clinical utility.

3. Secure Data Transmission and Storage

All capsule data and associated metadata are handled through encrypted channels and secure storage environments.

Data is never stored on personal devices or unsecured endpoints during over-read activities.

4. Jurisdiction-Aware Compliance

ProteusDx™ aligns data handling practices with applicable regional frameworks, including:

• HIPAA for US-based clinical partners
• GDPR and UK GDPR principles for European and UK practices

Training and internal policies ensure that over-read personnel understand cross-border data handling requirements and limitations.

5. Controlled Access for Over-Read Personnel

Over-read access is:

• Time-limited
• Purpose-restricted
• Logged and auditable

Once the over-read activity is complete, access privileges automatically expire. This ensures that patient data is not retained or reused outside the approved clinical context.

6. Defined Data Retention and Preservation Policies

ProteusDx™ supports configurable data retention aligned to clinical, legal, and regulatory needs.

• Primary clinical records are preserved according to the treating practice's retention obligations
• Over-read annotations and AI-generated insights are versioned and time-stamped
• Historical data remains accessible for longitudinal comparison, audit, and quality assurance

ProteusDx™ does not independently monetize or repurpose identifiable patient data.

7. Auditability and Transparency

Every interaction with patient data within the ProteusDx™ platform is traceable.

These logs support internal audits, regulatory inspections, and clinical governance reviews.

8. AI Use Does Not Expand Data Exposure

AI analysis operates within the same protected data environment as human over-read services.

• AI models analyze images post-acquisition
• Outputs are returned only to the authorized clinical user
• No external sharing or secondary use occurs without explicit contractual and regulatory authorization

AI functions as an interpretive aid, not an independent data consumer.