Intheris Health AG | Federated Healthcare Data Mining

At Intheris Health AG, we are committed to protecting the privacy and security of health data. This policy outlines our practices in accordance with the Swiss Federal Act on Data Protection (nFADP) and the General Data Protection Regulation (GDPR).

1. Introduction

Intheris Health AG operates as a neutral infrastructure provider for federated health data mining. We do not own the data processed through our platform; data sovereignty remains with the source institutions.

2. Data Sovereignty & Residency

Our platform architecture is designed on "Privacy by Design" principles. Raw patient data never leaves the local institution's firewall. Only aggregated statistics and machine learning model weights are transmitted through the FUSE network. All central infrastructure is hosted exclusively within the European Community and in Switzerland.

3. Compliance & Standards (HIPAA, GDPR, LPD)

Strata is designed to be "Privacy-First" and natively compliant with major data protection regulations. Our Federated Learning architecture ensures that patient data never leaves the hospital's secure environment. While compliance is a shared responsibility between the software provider and the deploying institution, Intheris provides all necessary technical safeguards (Encryption, Audit Trails, RBAC) to support a fully compliant deployment under HIPAA, GDPR, and Swiss nFADP.

3. Data Collection

For the operation of the platform, we may collect technical metadata (logs, audit trails) to ensure security and traceability. This data is strictly separated from clinical data.

4. User Rights

Under Swiss LPD and GDPR, you have the right to access, rectify, or delete your personal data. As we do not hold patient data directly, requests regarding clinical information should be directed to the respective healthcare institution.

5. Contact

For any privacy-related inquiries, please contact our Data Protection Officer: