At Inato, we prioritize the security and privacy of patient data in all our processes. Our approach to HIPAA and ISO 27001 compliance is built on robust systems and procedures that safeguard personal health information (PHI) while supporting the needs of clinical research sites.

We follow strict protocols to ensure that patient data is de-identified in compliance with HIPAA's Safe Harbor guidelines:

• Medical Record Processing: CRCs upload patient medical records to Inato's platform. These records are de-identified using the Google Cloud Platform's Data Loss Prevention (GCP DLP)API.
• De-identification Standards: Identifying information such as names, addresses, and contact details are removed. We retain minimal necessary data (e.g., month/year of relevant dates and patients' exact ages) to ensure accurate trial eligibility assessments.
• Data Minimization: Only the data necessary for evaluating trial eligibility is processed. No identifying information is stored by Inato after processing.

• Data Encryption: All data is encrypted both at rest and in transit using AES-256 encryption.
• Logical Access Control: Access to patient data is restricted to authorized personnel at clinical research sites. Inato employees do not have access to identifying information.
• Network Security: We utilize Google Cloud's security features, such as Cloud Armor, to defend against external threats like DDoS attacks.

No, it does not replace what you do. Think about the pre-screening tool as your recruitment assistant. She'll skim through piles of medical records and let you make the clinical decisions, giving you more time with patients.

1. First, AI securely redacts personal health information-like names, birthdays, and addresses-to de-identify the records before they are reviewed for trial opportunities.
2. AI then evaluates whether a patient is relevant at all for the trial by checking whether the main condition targeted by the trial appears in the record, or is suggested by the patient's symptoms. For example, the AI will quickly rule out asthma patients for an arthritis trial.
3. Last, AI automatically assess the de-identified records for eligibility against the IE criteria for all your trials. You make the final call — you review the AI assessment for each IE criteria to make the final call on whether to move the patient to screening.

We constantly monitor the accuracy of our AI Assessment. In a paper our team published on our AI model, we achieved a new state-of-the-art in terms of eligibility assessment accuracy. Ultimately, the accuracy is checked by you — you make the final call. You can edit the results of the AI assessment if you disagree — in fact, we encourage this so our model learns from you.

Yes, today, this is free for all sites! There's no catch.

Yes! You can easily create a trial from outside Inato within the tool. If you have the NCT ID number of the trial, we'll auto-pull the IE criteria for you. You can make any necessary edits/additions from the protocol as needed.

You can! In fact, Inato will help you access those records. We offer a Premium Support feature (currently free for a limited time!) in which Inato will request records from the patient's healthcare organization on your behalf. We will also assist with extracting patient records from your EHR or CTMS. This is all done after signing a BAA which ensures safe and secure handling of patient data. For more information on this, you can schedule a call with our team here.