Hyper Insight-ICH™ e-Label (EN)

Disclaimer: Identification of suspected intracranial hemorrhage is for notification purposes only, not diagnostic purposes.

Device Identification

  • Product Name: Hyper Insight-ICH™
  • Device Type: Radiological Computer-Assisted Triage and Notification Software
  • Regulation Number: 21 CFR 892.2080
  • FDA Product Code: QAS
  • 510(k) Number: K240353, cleared July 1, 2024
  • Version: v1.0.0
  • Software release date (company): 2023-06-30 (informational; not FDA-related).

Intended Use / Indications for Use

  • Hyper Insight-ICH™ is a software-only device intended to aid in the prioritization and triage of non-contrast head CT images for patients suspected of intracranial hemorrhage (ICH).
  • The device analyzes images and notifies qualified clinicians of suspected ICH findings to assist in workflow prioritization.
  • It is not intended to replace the interpretation of a qualified medical professional nor to provide a diagnosis.

Warnings and Precautions

  • For use by qualified radiologists and clinicians only.
  • Do not use the notification results as the sole basis for diagnosis or treatment.
  • Ensure image quality and patient metadata accuracy before processing.
  • Performance may be affected by atypical anatomy or non-standard scanning protocols.

Performance Summary (Clinical Validation)

  • Trial Design: multicenter retrospective study (13 U.S. sites)
  • AUC: 0.9864
  • Sensitivity: 95.45% (95% CI 91.55–97.90)
  • Specificity: 98.47% (95% CI 95.59 – 99.68)
  • Average Notification Time: 16.4 ± 5.5 s

Version Control and Updates

  • Each software release includes a revision history and update log.
  • To ensure continued compliance, verify that your installation matches the current FDA-cleared version listed at www.purpleai.com/e-label/ICH.

Regulatory and Legal Information

  • FDA Clearance: 510(k) K240353 – Cleared July 1, 2024
  • Device Classification: Class II
  • U.S. Distribution: Prescription Use Only (21 CFR 801.109)
  • Liability Statement: Clinical responsibility rests with the treating physician.

Company Info

System Requirements

  • Operating System: Windows 10 (64-bit) or later / Linux (Ubuntu 20.04 or later)
  • Hardware: ≥ 16 vCPU, ≥ 64 GB RAM, SSD: ≥ 1TB, No GPU Required
  • Integration: Supports PACS/RIS via DICOM C-STORE and C-ECHO protocols

Installation and Activation

  • Download via the secure customer portal.
  • Installation by authorized hospital IT.
  • Activate with organization-issued credentials (SSO/SAML/MFA) and an authorization code provided by PurpleAI.

Terms, Privacy & Security

1. General Overview

This document outlines the Terms of Use (EULA), Privacy Policy, Security Standards, and HIPAA Business Associate Agreement (BAA) for PurpleAI’s Hyper Insight™ – ICH software (Web and Mobile versions). It integrates clinical, operational, and legal requirements in a concise, FDA- and HIPAA-compliant format.

2. End-User License Agreement (EULA)

Scope & License

PurpleAI grants a non-exclusive, non-transferable, site-limited license to use Hyper Insight – ICH solely according to its Instructions for Use (IFU) and applicable law. Title remains with PurpleAI.

Clinical & Regulatory Scope

Hyper Insight – ICH is classified as a Radiological Computer-Assisted Triage and Notification Device (21 CFR 892.2080, product code QAS). It supports triage and notification of suspected intracranial hemorrhage on non-contrast head CT. The software is not diagnostic and must be used by qualified medical professionals within validated clinical workflows.

Acceptable Use & Restrictions

Users may not reverse-engineer, resell, modify, or use the software outside cleared indications. Comparative benchmarking or publication of results without written consent is prohibited.

Shared Responsibilities

  • Customer: Responsible for DICOM routing, compatible PACS integration, access management (SSO/SAML, MFA), user training, retention settings, and lawful PHI handling.
  • Vendor: Responsible for secure operation, vulnerability management, regulatory compliance, and notification of material updates that could impact labeling or validated workflows.

Security Baseline

PurpleAI maintains an ISO/IEC 27001-aligned security program within its ISO 13485-compliant Quality Management System. Security-by-design principles are applied through RBAC, encryption, centralized logging, and periodic third-party testing.

Data, Privacy & Roles

Customer retains ownership of PHI. PurpleAI processes PHI only to deliver services under the HIPAA BAA. De-identified data may be used for safety, reliability, and quality improvement. PHI is stored in US regions. For website and analytics data, PurpleAI acts as a data controller in accordance with CCPA/CPRA.

Updates & Material Changes

Routine updates, recalibrations, and minor improvements are provided regularly. Material changes that affect labeling or validated workflows will include prior notice, updated documentation, and, when feasible, deferral options for customers.

Support & Service Levels

PurpleAI provides 24×7 support for critical incidents and commercially reasonable uptime and response targets consistent with industry standards.

SLA > 99.9%

Software Bill of Materials (SBOM)

A current SBOM is available upon request for major releases or material changes.

Warranties & Disclaimers

PurpleAI warrants that its software conforms to published documentation and IFU. All other warranties, express or implied, are disclaimed. The device is for triage and notification only.

Indemnity & Liability

PurpleAI defends against third-party IP infringement claims (excluding misuse, combinations, or modifications). Customer indemnifies PurpleAI for off-label use or legal violations. Aggregate liability is limited to fees paid in the preceding 12 months.

Termination & Data Handling

Upon termination, customers have 30 days to export data, if any. PHI will be deleted according to BAA timelines. Obligations regarding confidentiality, IP, and liability survive termination.

Compliance & Governing Law

Governed by Delaware law with venue in New York County, NY. Order of precedence: BAA → EULA → IFU → Order Form.

3. Privacy Summary

Roles

PurpleAI acts as a HIPAA Business Associate for PHI and as a data controller for website interactions.

Data Types

  • Operational and account data
  • Device and network metadata
  • DICOM images and derived artifacts
  • De-identified telemetry for reliability and safety

Use & Sharing

Data is used solely for service delivery, compliance, and improvement. Subprocessors are bound by equivalent security standards. No PHI is sold or shared for marketing purposes.

Data Residency

All PHI is processed and stored within US regions.

Retention & Deletion

Image data is retained minimally. Operational logs ≤ 12 months; support records ≤ 24 months. Deletion requests are honored within 30 days unless legal retention is required.

User Rights

Website users may request access, correction, or deletion per CCPA/CPRA. PHI-related rights are exercised through the Covered Entity.

Breach Notification

HITECH-compliant breach notifications will be made without unreasonable delay and no later than 3 to 5 business days.

4. Security & Trust Center

PurpleAI’s Security Program adheres to ISO 27001 and FDA cybersecurity guidance. Key elements include:

  • Encryption (TLS 1.2+, AES-256)
  • Role-based access control and MFA
  • Immutable logging and centralized monitoring
  • Vulnerability management and coordinated disclosure
  • Business continuity and disaster recovery testing

5. HIPAA Business Associate Agreement (BAA)

Permitted Uses & Disclosures

PurpleAI may use or disclose PHI only to perform contracted services, using the minimum necessary standard. De-identification is performed per 45 CFR §164.514.

Safeguards

Administrative, physical, and technical safeguards are maintained per the HIPAA Security Rule. Workforce training and risk management are ongoing.

Incident Reporting

Any incident involving unsecured PHI will be reported promptly, no later than 3 to 5 business days after discovery.

Subcontractors

All subcontractors handling PHI are bound by equivalent contractual obligations.

Access, Amendment, and Accounting

PurpleAI supports Covered Entities in meeting patient access and accounting requests.

Return or Destruction of PHI

Upon termination, PHI will be returned or destroyed if feasible; otherwise, protections continue indefinitely.

Survival

All confidentiality and PHI-related obligations survive termination. In case of conflict, the BAA prevails.

6. Mobile Addendum (US)

The mobile version adheres to all EULA, BAA, and security provisions. Access is restricted to authenticated, role-based users on secure devices. No PHI is permanently stored on the mobile device itself.