Trust in Every Upload: SDSC’s Commitment to Data Privacy and Security

At Surgical Data Science Collective (SDSC), we recognize the immense responsibility that comes with handling protected health information (PHI). It is vitally important to us that you, our users, feel confident using the Surgical Video Platform (SVP), knowing that all surgical videos and data you upload remain private and securely protected.

Healthcare data is among the most sensitive information in the world, and breaches or misuse can have serious consequences, such as discrimination, reputational damage, and loss of privacy. As such, it is natural to express concerns around the security of your data. This may not be limited to: unauthorized transmission of patient information, the risk of random individuals accessing confidential data, and the vigilant protection of medical history and private notes. 

At SDSC, we are dedicated to safeguarding every piece of data that passes through our platform, whether it’s a video upload for surgical training, or a surgeon’s case notes. By applying rigorous compliance measures to our cutting-edge technology, we’ve built an SVP that puts unparalleled security, user control, and transparency at the forefront.

Our Multi-Layered Approach to Data Security 

1. Anonymization and Encryption

Every video uploaded to SDSC is anonymized and encrypted. This means that from the moment a video leaves your device, it’s encrypted during transmission and storage. Even if intercepted, the data remains indecipherable. Additionally, all full-time SDSC employees work on encrypted devices, so any communication involving PHI is safeguarded by encryption protocols.

We are also exploring advanced tools like de-identification engines to further remove any trace of sensitive data. Patient identifiers, such as names, medical numbers, and dates of birth would be stripped to ensure videos cannot be traced back to an individual. Furthermore, future confidential computing environments have the potential to allow researchers to train Artificial Intelligence (AI) models without ever seeing raw data.

2. Compliance with Data Protection regulations

We adhere to stringent privacy regulations, including:

• HIPAA (U.S.): The Health Insurance Portability and Accountability Act (HIPAA) of 1996 establishes federal standards protecting sensitive health information from disclosure without patient's consent. It governs how patient information is collected, stored, and transmitted, requiring strict access controls and encryption to ensure that all medical data is indecipherable in case of unauthorized access.

• SOC2 (Type II): Service Organization Control 2 (SOC2) is a security framework that focuses on five trust service criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy. To meet these standards, SDSC:some text
  • Has continuous monitoring of our systems by third-party vendors.
  • Undergoes regular penetration tests (hacking simulations) to ensure vulnerabilities are identified and resolved promptly.
  • Completes annual independent audits to verify that our security processes are comprehensive and up-to-date.

• Business Associate Agreement (BAA): Institutions sign BAAs to ensure privacy and legal compliance if they expect to send PHI to SDSC.

All our employees and contractors complete yearly security and HIPAA training to stay updated on data handling protocols.

3. Preparation for Incidents

No system is immune to risks, therefore SDSC has extremely robust protocols in place to handle incidents such as hacking or system downtime.

• Tabletop exercises for both our leadership team and all key employees provide the opportunity to refine our response strategies. Simulated scenarios may include breaches or even deletion of the database.
• Incident response plans ensure rapid recovery while protecting sensitive data.

Your Data, Your Control

At SDSC, we believe that your data is exactly that—yours. We empower users to retain full control of their data, and here’s how we make that happen:

• Ownership: You own your data. We’re simply the processor and tool provider.
• Customizable Sharing Options: Surgeons and researchers have the flexibility to share certain videos and notes, or keep everything private.
• Opt-In for Research and Education: Users can choose to share anonymized data for the benefit of surgical research and training within our global medical community.

The landscape of technology and security is constantly evolving, and we’re committed to staying ahead. All data uploaded to the SVP is used exclusively for its intended purposes: surgical training and skill enhancement, advancing medical research, and professional collaboration within the surgical community. With vigorous de-identification measures, secure storage, and encrypted transmission processes, we have created an environment where surgical data is used solely to deliver value to the surgical field—without compromising patient confidentiality.

Your trust is our priority. That’s why every aspect of our SVP is designed with security, privacy, and user control in mind. From encrypted uploads to annual security audits, our systems work tirelessly to keep your data safe at every step of the way. If you have any questions or concerns, our team is here to help! Get in touch today to learn more about how SDSC can support your surgical research needs!