// Trust & Security Report

    Nano-X Imaging Ltd. logo

    Nano-X Imaging Ltd.

    Medical imaging devices (Nanox.ARC, Nanox.ARC X — FDA-cleared digital tomosynthesis systems) and AI-powered diagnostic software (Nanox.AI with HealthCCS cardiac, HealthFLD liver, HealthOST bone solutions; Nanox.MARKETPLACE teleradiology; Nanox.Health IT infrastructure services)

    Certifications held

    4

    Maturity

    Growth

    Trains on your data

    No

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    HIPAA (Healthcare data privacy/security)
    HELD

    Nanox publishes a Notice of Privacy Practices Under HIPAA stating that, although it operates as a service provider rather than a covered entity under HIPAA, it has chosen to adopt HIPAA Rules in maintaining Protected Health Information (PHI); the Nanox Health IT page separately states "HIPAA-aligned security controls" and "Incident response planning & readiness." No public evidence found of a specific breach-notification timeline or of AWS infrastructure being independently HIPAA-certified.

    Verify on nanox.vision
    GDPR (General Data Protection Regulation)
    HELD

    Privacy policy (April 2024) states GDPR adherence with lawful processing basis, data subject rights, Standard Contractual Clauses for international transfers, and DPA framework for processor obligations

    Verify on nanox.vision
    FDA 510(k) Clearance
    HELD

    Nanox.ARC received FDA 510(k) clearance as digital multi-source 3D tomosynthesis imaging system; Nanox.AI solutions are FDA-cleared for diagnostic highlighting and disease detection; Nanox.ARC X received FDA clearance for general use including musculoskeletal, pulmonary, intra-abdominal indications

    Verify on nanox.vision
    CE Mark (EU MDR)
    HELD

    HealthOST (bone solution) received EU MDR CE mark certification enabling commercialization across Europe per highest regulatory standards for medical software; Nanox.ARC received CE mark in February 2025

    Verify on investors.nanox.vision
    > Show 6 unconfirmed / not-held certifications
    ISO 27001
    NOT CONFIRMED

    No public evidence of ISO 27001 certification; the term does not appear anywhere in Nanox's published Privacy Policy or other public disclosures reviewed.

    source: nanox.vision
    SOC 2 (Type 1 or 2 unspecified)
    NOT CONFIRMED

    No public evidence of SOC 2 certification; the term does not appear anywhere in Nanox's published Privacy Policy or other public disclosures reviewed.

    source: nanox.vision
    PCI-DSS
    NOT CONFIRMED

    No public evidence of PCI-DSS certification found in vendor documentation or public disclosures

    ISO 27017 / 27018 / 27701
    NOT CONFIRMED

    No public evidence found in vendor documentation; company emphasizes HIPAA and GDPR compliance but does not reference these additional ISO standards

    ISO/IEC 42001 (AI governance)
    NOT CONFIRMED

    No public evidence of AI-governance-specific certification found; company focuses on medical device regulatory compliance (FDA, CE) and healthcare data security standards

    CSA STAR (Cloud Security Alliance)
    NOT CONFIRMED

    No public evidence found in vendor documentation or independent sources

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    United States and other countries; international transfers use Standard Contractual Clauses

    Nanox.AI uses a proprietary data lake of millions of anonymized HIPAA-compliant medical images and 500+ million imaging scans from its own Nanox.ARC devices and healthcare partnerships. These are anonymized for AI model development. No evidence found of training on customer-provided data without appropriate anonymization or consent. Medical imaging data is inherently sensitive and appropriately handled under HIPAA-compliant processes.

    // Security controls

    Encryption in transit and at rest

    Implemented; technical safeguards include encryption, access controls, and monitoring per privacy policy

    nanox.vision

    Access controls and authentication

    Implemented; administrative controls include policies, training, and incident response procedures

    nanox.vision

    HIPAA-aligned security controls

    Yes; Nanox Health IT page states "HIPAA-aligned security controls," "Integrated cybersecurity monitoring & threat mitigation," and "Incident response planning & readiness." No public evidence found that underlying AWS infrastructure itself carries an independent HIPAA certification.

    nanox.vision

    Data Protection Officer

    Yes; designated DPO at dpo@nanox.vision

    nanox.vision

    Breach notification

    Procedures established; 60-day notification timeline per HIPAA requirements

    nanox.vision

    // Products & data scope

    Nanox.ARCMedical Device - Imaging

    data: Patient medical images; FDA-cleared, CE-marked; stationary multi-source 3D tomosynthesis system

    Primary imaging device; core regulatory approval achieved; generates large imaging datasets used for AI training

    Nanox.ARC XMedical Device - Imaging

    data: Patient medical images; FDA-cleared general use (April 2025); next-generation compact tomosynthesis system

    Latest generation device; broader indication set than ARC

    Nanox.AI (HealthCCS, HealthFLD, HealthOST, Real+)Software as Medical Device - AI Diagnostic

    data: Patient imaging data from CT/radiography; FDA-cleared solutions for disease detection (cardiac, liver, bone); trained on 500M+ anonymized images

    AI solutions for early disease detection; uses anonymized data for model training; HealthOST received CE Mark MDR in 2024

    Nanox.MARKETPLACESoftware Platform - Teleradiology

    data: Patient medical images and diagnostic reports; connects imaging providers globally

    Platform for secure imaging sharing and remote diagnostics

    Nanox.Health ITIT Services - Healthcare Infrastructure

    data: Healthcare provider IT systems and operations; HIPAA-compliant infrastructure

    Healthcare IT services, infrastructure support, cybersecurity and compliance solutions

    // What to watch

    • FINANCIAL RISK: SEC filings (2025) note 'substantial doubt about the company's ability to continue as a going concern' without additional funding. Accumulated deficit ~$448.8M; net loss ~$75M in 2025. This impacts vendor stability.
    • COMPLIANCE CERT UNCERTAINTY: No public evidence of ISO 27001 or SOC 2 certification was found anywhere in Nanox's published Privacy Policy or other public disclosures reviewed; these terms do not appear in the documentation. Direct vendor verification recommended before assuming either certification is held.
    • NO TRUST CENTER: Unlike comparable enterprise healthcare SaaS vendors, Nanox does not maintain a centralized security/trust center page. Compliance docs are scattered across Privacy Policy, HIPAA Notice, and Health IT pages.
    • AI-TRAINING POSTURE IMPLICIT: Nanox.AI trains on millions of anonymized medical images, but there is no explicit customer opt-out policy documented for AI training. However, training appears limited to anonymized data and internal/partnership datasets, not customer-specific patient data.
    • HIPAA POSTURE ROLE AMBIGUITY: Nanox operates as a service provider (not a covered entity) under HIPAA. Company elects to adopt HIPAA Rules. BAA (Business Associate Agreement) availability not explicitly stated in public documentation; likely available but requires inquiry.

    // At a glance

    Pricing model

    Device + SaaS (Nanox.ARC hardware + cloud software subscriptions; AI solutions as SaaS; Health IT as managed services)

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Nano-X Imaging Ltd.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    nanox.vision

    > Browse all vendor trust reports