// Trust & Security Report
Aidoc Medical Ltd.
Clinical AI platform (aiOS) for medical imaging analysis; FDA-cleared and CE-marked algorithms for radiology, neurovascular, cardiology, and vascular triage; CARE foundation model; care coordination and patient management modules
Certifications held
9
Maturity
Enterprise
Trains on your data
Unknown
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on aidoc.com“patient privacy is protected as our solutions are HIPAA and GDPR compliant; AI processing is performed on de-identified studies, and no patient health information leaves your facility at any time”
Verify on aidoc.com“patient privacy is protected as our solutions are HIPAA and GDPR compliant”
Verify on aidoc.com“Adheres to the strictest global security and privacy standards and regulations (SOC2, GDPR, HIPAA compliant)”
Verify on aidoc.com“adopted the NIST Cybersecurity Framework (CSF) to provide maximum protection”
Verify on aidoc.com“Aidoc Inc. has certified with the EU-U.S. Data Privacy Framework (DPF), the UK-DPF Extension, and the Swiss-U.S. DPF. The company states it adheres to the DPF Principles regarding personal data received from customers or Aidoc Medical Ltd.”
Verify on aidoc.com“Certified to ISO 13485:2016, the global standard for medical device quality systems”
Verify on aidoc.com“Certified to MDSAP, Medical Device Single Audit Program”
Verify on aidoc.com“Compliant with FDA's Quality System Regulation (21 CFR Part 820)”
> Show 12 unconfirmed / not-held certifications
source: aidoc.safebase.usNo publicly verifiable evidence. The only source is the Aidoc SafeBase trust center (aidoc.safebase.us), which is registration-gated and returns HTTP 403 to the public; no public Aidoc page lists this certification in text (the Security & Privacy page shows only a logos image). Likely held but could not be independently confirmed.
source: aidoc.safebase.usNo publicly verifiable evidence. The only source is the Aidoc SafeBase trust center (aidoc.safebase.us), which is registration-gated and returns HTTP 403 to the public; no public Aidoc page lists this certification in text. Likely held but could not be independently confirmed.
source: aidoc.safebase.usNo publicly verifiable evidence. The only source is the Aidoc SafeBase trust center (aidoc.safebase.us), which is registration-gated and returns HTTP 403 to the public; no public Aidoc page lists this certification in text. Likely held but could not be independently confirmed.
source: aidoc.safebase.usNo publicly verifiable evidence. The only source is the Aidoc SafeBase trust center (aidoc.safebase.us), which is registration-gated and returns HTTP 403 to the public; no public Aidoc page lists this certification in text. Could not be independently confirmed.
source: aidoc.safebase.usNo publicly verifiable evidence. The only source is the Aidoc SafeBase trust center (aidoc.safebase.us), which is registration-gated and returns HTTP 403 to the public; no public Aidoc page lists this certification in text. Could not be independently confirmed.
source: aidoc.safebase.usNo publicly verifiable evidence. The only source is the Aidoc SafeBase trust center (aidoc.safebase.us), which is registration-gated and returns HTTP 403 to the public; no public Aidoc page lists this certification in text. Could not be independently confirmed.
source: aidoc.safebase.usNo publicly verifiable evidence. NIS2 is an EU directive, not a certification. The only source is the Aidoc SafeBase trust center (aidoc.safebase.us), which is registration-gated and returns HTTP 403 to the public; no public Aidoc page references NIS2 in text. Could not be independently confirmed.
source: aidoc.safebase.usNo publicly verifiable evidence. The only source is the Aidoc SafeBase trust center (aidoc.safebase.us), which is registration-gated and returns HTTP 403 to the public; no public Aidoc page lists this certification in text. Could not be independently confirmed.
source: aidoc.comNo public evidence of ISO/IEC 42001 certification found on vendor pages or trust center summary
source: aidoc.comNo public evidence of FedRAMP authorization found on vendor pages or trust center summary
source: aidoc.comNot applicable; no mention on vendor pages (healthcare AI, not payment processing)
source: aidoc.safebase.usSOC 2 compliance confirmed but specific Type (1 or 2) not stated on any directly accessible public vendor page; trust center (aidoc.safebase.us) requires registration to view details
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Offered
Data region
Clinical imaging data processed within customer facility (not transmitted outside per FAQ). Administrative/website data stored in New York (CloudWays/Digital Ocean per privacy policy). Production platform infrastructure on AWS and Azure.
FAQ states 'AI processing is performed on de-identified studies, and no patient health information leaves your facility at any time,' suggesting clinical imaging data is processed locally within the hospital environment. CARE foundation model was 'trained on real-world, multimodal data' but no explicit public policy on whether de-identified customer data is used for ongoing model training or improvement. No opt-out mechanism mentioned publicly.
// Security controls
Encryption in transit
End-to-end encryption stated: 'data remains protected from the moment it leaves the healthcare provider's facility'
aidoc.comEncryption at rest
Encryption mentioned as part of optimal data protection stack; specific at-rest standard not publicly stated
aidoc.comSecurity governance
Dedicated CISO (Yuval Segev) and Information Security Team; NIST CSF adopted
aidoc.comMonitoring
24/7 automated monitoring and threat detection with predefined incident response
aidoc.comData minimization
Only information strictly necessary for analysis collected; anonymization at source emphasized
aidoc.com// Products & data scope
data: DICOM imaging studies, HL7/FHIR clinical data, de-identified radiology scans and reports; PHI handled under HIPAA BAA
Proprietary enterprise AI operating system; integrates with PACS, EHR, RIS; runs FDA-cleared and CE-marked algorithms
data: CT and X-ray imaging data, de-identified per FAQ
Multiple FDA 510(k) cleared algorithms; largest portfolio of FDA-cleared algorithms on a single platform
data: CT neuro imaging data
FDA cleared; CE marked; covers LVO, MeVO, intracranial hemorrhage, brain aneurysm, ASPECTS scoring
data: Cardiac CT and echocardiography imaging data
Coronary artery disease, echocardiography analysis
data: CT vascular imaging data
FDA cleared for PE detection; includes RV/LV analysis
data: Patient metadata, clinical notifications; HIPAA-compliant chat
Real-time mobile alerts; HIPAA-compliant communication; integrates with EHR and scheduling systems
data: Multimodal clinical data; training data from real-world hospital partnerships
Clinical AI Reasoning Engine; trained on real-world multimodal data; powers First Read (AI-drafted radiology reports, FDA Breakthrough Device Designation 2026)
// What to watch
- Trust center at aidoc.safebase.us requires registration/authentication; ISO/IEC 27001:2022, ISO/IEC 27017, ISO/IEC 27018, C5, CSA STAR, Cyber Essentials, NIS2 compliance, and TX-RAMP certifications are listed in the indexed content of the trust center but could not be directly verified from a public URL without login.
- SOC 2 compliance is confirmed on vendor pages but the type (Type 1 vs Type 2) is not stated on any directly accessible public page.
- AI training on customer data policy is ambiguous: FAQ says no PHI leaves the facility, but no explicit public statement on whether de-identified imaging data is used for ongoing CARE foundation model training or improvement.
- No public standalone DPA document found. Data processing agreements are presumably in the form of HIPAA Business Associate Agreements for US healthcare customers and DPF Standard Contractual Clauses for EU data; a prospective customer should request a DPA/BAA directly.
// At a glance
Pricing model
Enterprise contract; no public pricing; sold to hospital systems and imaging centers
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Aidoc Medical Ltd.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-29. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
aidoc.safebase.us