Security

At Attendi we do not work together with third parties in creating and maintaining our speech technology. This makes us unique. We have full control over the technology, allowing us to meet the requirements of our clients at all times.

Our data is stored with Azure, data is encrypted both at rest and in transit. Which means that no third party has access to this content. We ensure transparency at all times regarding who has access to which data and for what period.

Our technology and processes are set up in such a way that an employee of Attendi has access only to the data for a pre-defined period of time for which explicit agreements have been made with the health care organisation. By logging user data, we can always provide transparency regarding whether the agreed-upon arrangements have been properly followed. Our employees who have access to data have signed a confidentiality agreement and code of conduct, provided a Certificate of Good Conduct (VOG), and are thoroughly informed about and understand the necessary security measures.

All the spoken reports are transmitted fully encrypted. This means that we don’t have access to the audio or the derived data. Only with explicit consent, do designated screened and trained Attendi employees gain access to the data for a specified period of time.

Attendi’s solution and company are directly aligned with the BOZ (Healthcare Industry Organisations) model for data processing and meet at least all the specified requirements.

We are certified with the ISO 27001 and NEN 7510 information security standards.

To ensure the quality of our AI models, it is important that the data used to train the models closely resembles data the models will work with in the future. This means that the models need to be familiar with words that frequently occur in the same context and with terms used in a specific healthcare domain. 

Therefore, the models are continuously improved by annotating incoming data. In this process, the transcript generated by our model is reviewed and corrected by a person if necessary. We use this enhanced data to train and evaluate our models, ultimately resulting in more accurate models.  

When we request data for training purposes, healthcare organisations have to explicitly grant us their permission. In this case, we agree with the healthcare organisation on who can access the data and how long the data may be stored.

We store the data from each healthcare organisation in a separate database.

All agreements we make with a healthcare organisation are documented in a data processing agreement. This agreement aligns with the standard model data processing agreement developed by the Healthcare Industry Organisations (BoZ) for the healthcare sector, in collaboration with healthcare organisations, suppliers, and experts.

We employ annotators and do so only when they share a valid Certificate of Good Conduct (VOG) that demonstrates a clean history for working with sensitive information.

We have set up our own environment where our annotators can perform annotation tasks. This allows us to maintain full control over who has access to the data. This annotation environment and our databases are hosted by Microsoft Azure in Europe and are therefore subject to European data processing laws and regulations. Each annotator receives their own account within our Azure Active Directory. When their employment ends, the account is deleted, automatically revoking their access to the data. The annotation environment is only accessible from our own network via a VPN. All data is fully encrypted with the latest encryption technologies during both transit and storage.

Yes, our processing of personal data complies with the relevant laws and regulations of the General Data Protection Regulation (GDPR).

We exclusively store data in centres located in Europe, once permission of the healthcare organisation is obtained. European data protection laws and regulations apply to this.