Patient-Centric Privacy

Your data privacy is of the highest importance to Array Insights. Because it’s yours.

No data brokerage. No data profiteering. It’s cures, without compromise.

As an agnostic software and service provider, Array Insights uses a pioneering form of patient-centric AI technology — machine learning and analytics on federated data — to ensure that the security and privacy of patient data stay at the forefront of research.

So how do we do it?

Our next-generation Data Federation Platform enables secure access to traditionally disparate and siloed data for data sharing. Leveraging machine learning and analytics on federated data, Array Insights helps patient advocacy organizations gather, manage and permission their patient data for more representative, secure and collaborative healthcare research — without engaging with data brokers that might make patient data available to third parties for profit.

Accelerate your research goals with technology that puts patient privacy first.

Here’s how it works:

  • Clinical researchers can run queries on patient datasets with the confidence that this data can’t be copied and pasted, emailed, forwarded, downloaded or end up on unauthorized servers.
  • Patient data stays in an auditable and cryptographically-contained enclave; a researcher enters a query, and the machine learning models come back with insights.
  • Data isn’t moved, and there’s no room for human error.
  • All data uses on our platform are logged and auditable 


Data can be in one of three states and needs to be secured in each of these states:
In-storage or at-rest, In-transit, In-use (computation)

Stored data is encrypted

Data in transit is encrypted using TLS

Data is encrypted in RAM and only decrypted in CPU

Data Security during storage

The Array Insights platform uses AES GCM 256 Keys to encrypt every dataset and assigns a unique set of keys to secure the contributed data. One RSA 4096 key is allocated for each data submitter, such as hospitals, for each federation. This RSA key encrypts the AES keys generated for each dataset. If the data submitter decides, they can revoke the RSA keys, which will render all the datasets locked permanently and unusable by the platform. All the keys used remain within the platform and never leave its boundary.

Data Security in transit

As it transports over the network, data is encrypted using TLS. TLS is a well-known cryptographic protocol that provides end-to-end security of data sent between applications over the Internet. The platform uses digital signatures to ensure the identity and integrity of data throughout the platform.

Data Security in-use 

The data is decrypted only during analysis. The data and code (computation) live in an Azure Confidential Compute machine (AMD processors with SEV-SNP enabled). These machines offer protection of data in use by performing computations in a hardware-based Trusted Execution Environment (TEE).

A TEE environment enforces the execution of only authorized code and any data in the TEE can’t be read or tampered with by any code outside that environment, reducing the ability for a cloud provider operator and other actors to access code and data while being executed.

In addition, Azure offers an attestation solution for remotely verifying the trustworthiness of a platform and integrity of the binaries running inside it. Attestation is a critical component of confidential computing as it ensures that only trusted components can access sensitive data or perform sensitive operations in a secure computing environment.


Achieved Compliance August, 2022

Our team has partnered with Layer 8 Security to complete the HIPAA Security Rule Assessment.


GDPR documentation and technical information for UK and EU customers can be found here.

Risk Management

Our risk management policy covers the administrative, physical, and technical processes that enable and govern any PHI and PII that is created, maintained, received, or transmitted by Array Insights.

Incident Response, Disaster Recovery and Business Continuity Plans

IR, DR, and BC plans are in implemented at Array Insights. These plans are tested and reviewed at least annually in compliance with industry best practices.

Information Security Management Program

We have documented and implemented an ISMP following HIPAA, GDPR and HITECH control framework.

Product Security

The Data Federation Platform is built to grow and further expand your mission of research and discoveries.

Privacy and Security Training

All employees are required to undergo security and privacy training through a designated third-party. Training initially takes place as part of the onboarding process and all employees receive annual training.

Employee Background Checks

Background checks are performed on all Array Insights employees during the hiring process.

For questions about Array Insights’ privacy and security policies, please contact

GDPR Data Subject Requests