nSight SurgicalBook a demo

Trust

Built for hospital IT — not around it.

On-premise capture and anonymization. AWS-managed cloud analytics. HIPAA-compliant data handling. SOC 2 Type I in progress.

Regulatory posture

nSight Surgical is decision-support and quality-improvement software for surgical teams. The platform is designed to align with hospital quality-improvement and peer-review pathways. It is not marketed for diagnosis or treatment.

The captured operative record is intended to support continuous improvement of OR processes, surgical quality, supply-chain accuracy, and case documentation — work that clinical teams already do with manual methods, now done automatically and consistently.

HIPAA

nSight is HIPAA-compliant. A Business Associate Agreement (BAA) is available to every customer organization. Face and voice anonymization happens on-premise, before any frame leaves the hospital network.

SOC 2 / HITRUST

SOC 2 Type I — in progress, target Q4 2026.

HITRUST CSF — roadmap 2027.

We don’t claim certifications we don’t hold. As each milestone is earned, this page updates with the report date and an access path for procurement reviewers.

Security architecture

The platform stack at a glance:

  • On-premise capture + anonymization. The Truss System ingests RTSP feeds locally; face and voice detection redact identifiable content before any frame uploads.
  • TLS 1.3 in transit; AES-256 at rest. Encryption everywhere a byte sits or moves.
  • JWT-signed stream tokens for every WebRTC / HLS stream. Per-OR access grants — a credential issued for OR 4 cannot read OR 7.
  • RS384-signed JWT client assertions for EHR integrations (Oracle Health Millennium and Epic). JWKS endpoint published for the customer EHR side.
  • Facility-scoped authorization on every API call. Fail-closed: unmapped routes return 403.
  • CSRF protection on every state-changing request.

Video data handling

Surgical video is the heart of the platform, and it carries the most sensitive handling rules.

  • Consent. Explicit, written consent workflow before any case is captured. Patient-identifying content is anonymized on-premise before upload.
  • Retention. Per the customer contract; default policies align with peer-review-statute retention windows.
  • Deletion on request. Honored within the contracted SLA window.
  • Per-OR access controls. Operating-room access is granted explicitly per user, not inherited.
  • No PHI in cloud-side storage beyond what’s required for analytics. The surgical-video bytes that do leave the hospital are anonymized first.

Integration security

EHR integrations use FHIR R4 over OAuth2 with RS384 JWT client assertions. We publish a JWKS endpoint at /.well-known/jwks.json for customer EHR validation. Sub-processor list is available on request via security@nsightsurgical.ai.

Reporting a security issue

Email security@nsightsurgical.ai. We acknowledge security reports within one business day. Responsible-disclosure policy on request.

Need our complete security posture for procurement?

Email securityBook a demo →