HIPAA Notice

nSight Surgical and HIPAA

nSight Surgical Inc. operates as a HIPAA-compliant business associate to its customer health systems. Where a customer organization is a covered entity under HIPAA, nSight enters into a Business Associate Agreement (BAA) with that organization before any protected health information (PHI) is processed.

What we do with PHI

The platform captures and analyzes operative-record data (multi-camera surgical video, supply consumption, phase events) for the customer’s quality-improvement and operational purposes. Where this data may incidentally include PHI:

• Face and voice anonymization happens on-premise, before any frame leaves the hospital network.
• PHI access is restricted to authorized personnel, with facility-scoped authorization on every API call and per-OR access grants for video streams.
• All data in transit is protected with TLS 1.3; at rest with AES-256.
• An append-only audit log records access and use of PHI by every authenticated user.
• PHI is retained per the customer contract and applicable state law (peer-review-statute retention windows are typical defaults).

What we do NOT do

• We do not use PHI for marketing or advertising under any circumstance.
• We do not sell PHI.
• We do not use PHI to train machine-learning models without explicit, documented consent and contractual permission.

The corporate website

This website (nsightsurgical.ai) does not process PHI. Demo requests, investor portal accounts, and contact-form submissions are administrative records, not clinical data. They’re governed by our Privacy Policy, not by HIPAA.

Reporting concerns

If you believe your PHI has been misused or improperly disclosed, contact us at security@nsightsurgical.ai. You also have the right to file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights.

BAA requests

Hospital customers can request our standard BAA from sales@nsightsurgical.ai during procurement.