Skip to Main Content products in the cloud – secure, HIPAA compliant and always on


2 mins

When considering whether or not to allow data to leave their networks, patient data security and the exposure of protected health information (PHI) are the most critical concerns of healthcare IT departments and security administrators worldwide. leaves nothing to chance with protection for secure, end-to-end medical image exchange when using NeuroQuant, LesionQuant, and PETQuant. All data transfer between customer sites and the online systems takes place over TLS v1.2 connections, the industry-leading standard for high-security encryption.

Maximal Protection of PHI
Our processing systems are hosted at highly secure SSAE 16-compliant/SOC 1, 2 and 3-audited, ISO 27001 certified facilities in the US and UK. The US systems are also HITRUST CSF certified and HIPAA compliant. All facilities, networks, and systems are tightly access-controlled and are monitored 24/7 by network and security operations personnel.

Data Security and Integrity
Password authentication is used alongside other security measures to restrict access to authorized users. Our processing systems enforce password complexity rules, as well as password recycling prevention.

Additional security options can be set for customer accounts by security administrators include:

  • Remote password reset
  • Require password change at first login
  • Password aging – password change required within a configured time period
  • IP Address restrictions – limit IP addresses that can access account

Diminished Exposure Risk
Once uploaded, data are stored in isolated partitions, fully encrypted and accessible only by authenticated, authorized client systems. This technology ensures that PHI is kept separate and secure, providing our customers with both security and peace-of-mind.

Configurable Data Retention and Deletion
To further limit exposure, the account administrator can choose to have data automatically deleted from the NeuroQuant systems immediately after processing or can select the number of days the data will be kept on the system. For maximum data security, it is recommended that this retention period is set as low as practicable. The system user interface provides a mechanism for automatic or manual deletion of data according to individual client security policies.

Full HIPAA Compliance fully complies with the Health Insurance Portability and Accountability Act (HIPAA), which governs how our company can use and share personal health information. is committed to providing always up-to-date infrastructure, privacy, security and compliance for our cloud processing systems. For more information about cloud security or for the full security statement contact support.