IDiagnose

Data Strategy and AI Policy

Effective Date: March 20, 2025

Introduction

This document outlines the comprehensive data strategy and Artificial Intelligence (AI) policy for the IDiagnose platform. The aim is to provide clarity on how data is collected, used, stored, and managed, as well as to detail the ethical and responsible use of AI within the platform.

Additionally, IDiagnose has undergone a conformity assessment to ensure our AI is ethically designed, transparent, and adheres to responsible AI principles.

1. Data Strategy

1.1 Data Collection

Types of Data Collected

  1. Personal Identification Information:
    • Names, email addresses, usernames, and passwords.
    • University affiliation and role (e.g., student, administrator).
  2. Interaction Data:
    • User interactions with the platform, including OSCE simulations.
    • Audio recordings and transcripts of conversations during simulations.
    • Responses, inputs, and feedback provided by users.
  3. Usage Data:
    • Log files, IP addresses, device information.
    • Browser type, operating system, and usage patterns.
  4. Performance Data:
    • Scores, results, and performance metrics from assessments.
    • Progress tracking and historical performance data.
  5. Technical Data:
    • Error reports, system logs, and debugging information.

Methods of Data Collection

  • User-Provided Data:
    • Collected during account creation, profile updates, and direct inputs during platform use.
  • Automated Data Collection:
    • Cookies and similar technologies for tracking usage patterns.
    • System logs and analytics tools for technical and performance data.
  • Third-Party Integrations:
    • Data from integrated services (e.g., payment gateways, AI services) collected as necessary.

1.2 Data Usage

Primary Purposes

  1. Platform Functionality:
    • Facilitate user authentication, authorization, and personalized experiences.
    • Enable interactive OSCE simulations and provide instant feedback.
  2. Educational Outcomes:
    • Track student progress and performance.
    • Provide analytics to universities for curriculum improvements.
  3. AI Model Improvement:
    • Use anonymized interaction data to enhance AI accuracy and responsiveness.
    • Continuous learning from user interactions to improve simulation realism.
  4. Service Enhancement:
    • Analyze usage patterns to improve platform features and user experience.
    • Debugging and resolving technical issues.
  5. Compliance and Legal Obligations:
    • Ensure adherence to legal and regulatory requirements.
    • Prevent fraudulent or unauthorized activities.

Providing Data to the NHS

  • Purpose: Collaborate with the NHS to develop future health products and improve healthcare services.
  • Data Shared: Only anonymized and aggregated data sets.
  • Conditions: Data sharing agreements established with clear terms, user consent obtained where required, and full compliance with all relevant data protection regulations.

1.3 Data Storage

Storage Locations

  • Primary Storage: IDiagnose uses secure cloud infrastructure through AWS (Amazon Web Services) within the European Economic Area (EEA) to store and manage data.
  • Backup Storage: Regular backups are encrypted and stored in geographically separate locations to ensure data availability and integrity.

Data Categorization

  • Structured Data: Stored in MySQL databases for user profiles, performance data, and platform configurations.
  • Unstructured Data: Stored in AWS S3 for audio recordings, transcripts, and logs.

1.4 Data Security

Security Measures

  1. Encryption:
    • Data in Transit: Encrypted using SSL/TLS protocols.
    • Data at Rest: Encrypted using AES-256 encryption.
  2. Access Control:
    • Role-Based Access Control (RBAC): Permissions assigned based on user roles (e.g., student, university admin).
    • Multi-Factor Authentication (MFA): Required for administrative and sensitive access.
  3. Network Security:
    • Firewalls, intrusion detection/prevention systems, and network vulnerability assessments.
  4. Monitoring and Logging:
    • Continuous monitoring of system activity and detailed audit logs.
  5. Physical Security:
    • Data centers with strict physical access controls.

1.5 Data Retention and Disposal

Retention Periods

  • User Accounts and Profiles: Retained for the duration of the user's relationship with IDiagnose. Data may be retained for up to one year after account closure for potential reactivation unless deletion is requested.
  • Interaction and Performance Data: Retained as long as necessary for educational tracking and AI improvement.
  • Anonymized Data: May be retained indefinitely for research, statistical analysis, and AI model training.

Data Disposal

  • Secure Deletion: Data is permanently deleted using secure methods to prevent recovery.
  • User-Initiated Deletion: Users may request data deletion, and requests are processed in compliance with legal obligations.

2. AI Policy

2.1 Purpose and Scope

This AI Policy outlines the ethical and responsible use of AI within the IDiagnose platform. We have undergone a conformity assessment to ensure that our AI systems adhere to the highest standards of ethics, transparency, and fairness.

2.2 Ethical Use of AI

  • Beneficence: AI is designed to improve educational outcomes and enhance learning experiences.
  • Non-Maleficence: AI models are structured to avoid harm or biased decision-making.
  • Autonomy: Users maintain control over their interactions and data.

2.3 Transparency and Explainability

  • Users are informed when interacting with AI-driven simulations.
  • AI decision-making processes are structured to provide clear and interpretable feedback.

2.4 Data Privacy in AI Models

  • Personal data is anonymized before being used for AI training.
  • AI models use data minimization techniques to ensure only necessary data is processed.
  • User consent is obtained for AI data usage where required.

2.5 Bias Mitigation

  • AI models are regularly assessed for bias using diverse training data.
  • Corrective actions are implemented when potential biases are identified.

2.6 Compliance with Regulations

  • IDiagnose's AI practices comply with GDPR and UK Data Protection laws.
  • Adheres to EU Ethics Guidelines for Trustworthy AI.

2.7 Continuous Improvement and Monitoring

  • AI systems are continuously monitored for performance, fairness, and reliability.
  • User feedback mechanisms allow for reporting of any AI concerns or errors.
  • AI models undergo frequent updates to incorporate improvements and maintain compliance.

3. Conclusion

IDiagnose is committed to ensuring data security, ethical AI practices, and regulatory compliance while providing an innovative digital platform for OSCE training. By undergoing conformity assessments, we uphold industry-leading AI transparency, fairness, and reliability.

Contact Information

For any questions or concerns regarding this data strategy or AI policy, please contact:

  • Email: idiagnose@outlook.com
  • Address: 98 Finkle Lane, Gildersome, Leeds, LS27 7DU