Information Security and Medical Device Regulation

As a responsible manufacturer of medical devices, we're committed to ensuring that our AI software is safe and effective. We're deeply invested in healthcare information security.

Qure.ai and Global Medical Device Regulations 
At Qure.ai, we are committed to the highest standards of quality, safety, and regulatory compliance. Our dedication to excellence is reflected in the certifications and standards we adhere to, ensuring that our products meet the stringent requirements set by global health authorities. Here is an overview of our certifications and standards: 
United States FDA:  
Qure.ai's qXR-LN, qER (V2.0), qER-Quant, qXR-BT, qXR-PTX-PE, and qXR-CTR are US FDA 510(k) cleared. 
  • Qure.ai's qXR-LN is computer-aided detection and localization software, intended identify and mark regions in relation to suspected pulmonary nodules on Chest X-rays. It is designed to aid radiologists, pulmonologists and ER physicians to review the frontal chest radiographs of adults acquired on digital radiographic systems as a second reader. The 510(k) summary explaining qXR-LN's performance and clinical benefits is publicly available here in FDA's database.
  • Qure.ai's qER (V2.0) product is US FDA 510(k) cleared as a radiological computer aided triage and notification software. The device is intended to assist hospital networks and trained medical specialists in workflow triage by flagging the following suspected positive findings of pathologies in head CT images: intracranial hemorrhage, mass effect, midline shift and cranial fracture. The 510(k) summary explaining qER’s performance and clinical benefits is publicly available here in FDA’s database. 
  • Qure.ai's qER-Quant product is US FDA 510(k) cleared as an automated Radiological Image Processing Software. It is intended for automatic labeling, visualization and quantification of following segmentable brain structures from a set of Non-Contrast head CT (NCCT) images: Intracranial Hyperdensities, Lateral Ventricles and Midline Shift. The 510(k) summary explaining qER-Quant’s performance and clinical benefits is publicly available here in FDA’s database. 
  •  Qure.ai's qXR-BT is US FDA 510(k) cleared as an automated Radiological Image Processing Software. It is intended to facilitate confirmation of the position of a breathing tube and an anatomical landmark on adult chest X-rays. The 510(k) summary explaining qXR-BT’s performance and clinical benefits is publicly available here in FDA’s database. 
  • Qure.ai's qXR-PTX-PE is a radiological computer-assisted triage and notification software that analyzes adult chest X-ray images for the presence of pre-specified suspected critical findings (pleural effusion and/or pneumothorax).. The 510(k) summary explaining qXR-PTX-PE’s performance and clinical benefits is publicly available here in FDA’s database 
  • Qure.ai’s qXR-CTR is a deep-learning based software for use by hospitals and clinics for automated assessment of the CTR on chest X-ray (CXRs) scans. qXR-CTR is designed to measure the ratio of the maximal transverse diameter of the heart (CD) and the maximal inner transverse diameter (TD) of the thoracic cavity and calculate the CTR value on posterior-anterior view chest view using an artificial intelligence algorithm. The 510(k) summary explaining qXR-CTR’s performance and clinical benefits is publicly available here in FDA’s database 
European Economic Area (CE) 
Qure.ai has obtained Class IIa CE certification for its qXRv3.1 and qERv2.0 EU products under the European Union Medical Device Directive (EU MDD). Additionally, the company's qXRv4.0, qER-NCCT, qCT, and qMSK products have received Class IIb CE certification under the European Union Medical Device Regulation (EU MDR). The CE mark signifies compliance with health, safety, and environmental protection standards for products marketed in the European Economic Area. 
 To achieve CE certification, Qure.ai underwent a rigorous process that involved a conformity assessment conducted by a European Notified Body. This assessment included a thorough review of the technical file and clinical evidence supporting the respective devices. Furthermore, an audit of Qure.ai's quality management system was conducted, ensuring adherence to the ISO 13485 standard. 
Global Registration: 
Qure.ai's regulatory presence has extended to encompass more than 85 countries, encompassing nations such as Canada, Brazil, Australia, various countries in Latin America (LATAM), Saudi Arabia, Indian CDSCO class B approval and members of the Association of Southeast Asian Nations (ASEAN). The continuously growing roster of countries and specific product approval details can be provided upon request, please contact partner@qure.ai
Quality at Qure.ai 
MDSAP Certification  
Qure.ai holds MDSAP (Medical Device Single Audit Program) certification for ISO 13485:2016 from TUV SUD, meeting regulatory standards set by esteemed authorities, including the US FDA, Australian Therapeutic Goods Administration (TGA), Brazilian National Health Surveillance Agency ANVISA, Health Canada (HC), and Japan Ministry of Health, Labor and Welfare. 
ISO 13485:2016 Compliance 
Our software development processes are ISO 13485:2016 certified, ensuring the protection of confidential data and the establishment and review of requirements for associated medical devices. 
IEC 62304 Compliance 
Qure.ai is fully compliant with the IEC 62304 standard, which not only covers software development but also includes robust IT security requirements. 
Information Security and Privacy at Qure.ai 
This section explains the measures that Qure.ai has implemented to secure healthcare data for our customers and partners and lays out the cybersecurity protections that make our AI products are safe for use. 
HIPAA compliant 
Qure.ai complies with the United States Health Insurance Portability and Accountability Act by ensuring that any data is de-identified before it leaves a covered entity’s premises for cloud processing. On-premise deployments may not de-identify images, provided that data processing occurs entirely within servers that are operated and owned by the covered entity. 
EU-GDPR compliant 
The EU general data protection regulation addresses questions of data security and confidentiality. It introduces measures to limit the amount of data collected, the purposes for which data is used, and the duration for which it is stored. Qure.ai is GDPR-compliant with respect to healthcare data as well as other data from users of our websites and portals. Qure.ai is audited annually by 3rd party auditors for compliance with GDPR. 
ISO/IEC 27001 certified 
ISO/IEC 27001 is a global information security standard requiring that an organization systematically examine information security risks, design and implement a coherent and comprehensive suite of information security controls and adopt a process to meet these needs on an ongoing basis. Qure.ai is ISO 27001 certified. 
Rigorous Cybersecurity Controls 
Medical devices, like other computer systems, can be vulnerable to security breaches, potentially impacting the safety and effectiveness of the device. As a medical device manufacturer, Qure.ai is vigilant about identifying risks and hazards associated with our products and proactively mitigating these. Our cybersecurity team assesses vulnerabilities and threats to Qure.ai processing servers on a real-time basis and implements the appropriate control measures for both cloud servers and on-premise installations. Cybersecurity audit reports are part of our FDA submissions and CE technical files and are evaluated by the US FDA and the European Notified Body as part of device clearance/certification. Qure.ai also has substantial cybersecurity liability coverage, with 3rd party underwriters due diligence prior to policy issues. 
Protected Data Communication 
We have protected and encrypt data at every level, both at source and in transit. 
  • Communication (typical transfer of DICOM files) via our API and demo portal is encrypted. 
  • Communication with Qure.ai software deployed on-premise servers is similarly encrypted. 
  • Gateway servers are secured using the latest data protection technology. 
  • License managers are used to authenticate user credentials. 
Secure Cloud Servers 
Qure.ai uses cloud servers built by cloud hosting partners with the highest standards for privacy and data security (Amazon Web Services and Azure Cloud). 
Transparent User Privacy Policies 
Privacy policies for users of our website, demo portal, and apps are displayed to visitors who access these applications. 
Please contact partner@qure.ai for information on Qure.ai’s information security measures.