Loading...
Preparing your medical report analysis
Preparing your medical report analysis
We understand that medical reports contain your most sensitive information. Here's exactly how we protect your data and respect your privacy.
Files deleted within 24 hours of upload
All data encrypted in transit and at rest
No human staff can access your medical data
Medical Report Files
PDF, image, text, or Word documents you upload for analysis
Language Preference
Your selected language for report explanation
Payment Information
Processed securely by Stripe (we never store card details)
We believe in complete transparency. Here's the actual code that handles your medical data at each stage:
When you upload a file, our backend validates file type and size, then stores it temporarily with a unique session ID.
# Current Backend: File Upload Handler (Python FastAPI)
@app.post("/api/upload")
async def upload_file(file: UploadFile = File(...)):
try:
# Validate file type and size with enhanced security
if not validate_file_type(file.content_type):
raise HTTPException(400, "Unsupported file type")
if file.size > settings.max_file_size: # 10MB limit from settings
raise HTTPException(400, "File too large (max 10MB)")
# Generate cryptographically secure session ID
# ... (code continues)Privacy Features: Each file gets a cryptographically secure UUID session ID. Files are stored in isolated temporary directories with sanitized filenames. Automatic cleanup is scheduled immediately upon upload, and all operations are logged for security auditing.
We use specialized medical document processing libraries to extract text from various file formats. All processing happens locally on our secure servers using industry-standard parsing technologies.
# Current Medical Document Processing - Production Implementation
# PDF Processing: PyMuPDF (medical-grade, used by healthcare institutions)
def extract_text_from_pdf(file_path: str) -> str:
"""Extract text from PDF with enhanced error handling"""
try:
doc = fitz.open(file_path) # PyMuPDF - industry standard
text = ""
for page_num, page in enumerate(doc):
page_text = page.get_text()
text += page_text
logger.debug(f"Extracted {len(page_text)} chars from page {page_num + 1}")
doc.close()
# ... (code continues)Current Technology: We use PyMuPDF (medical-grade PDF processing), enhanced multi-strategy Tesseract OCR optimized for medical documents, and python-docx with table extraction for lab reports. All processing includes comprehensive error handling and logging for reliability and debugging.
For medical analysis, we use OpenAI's GPT-4 model via their Enterprise API, which provides the highest privacy standards. Only the extracted text (not your files) is processed, and OpenAI doesn't use Enterprise API data for training.
# Current Medical Analysis Engine - Production Implementation
async def analyze_with_openai(text: str, language: str) -> str:
"""Analyze medical text with OpenAI Enterprise API"""
if not openai_client:
raise HTTPException(status_code=503, detail="AI service not available")
try:
logger.info(f"Starting OpenAI analysis for {len(text)} chars in {language}")
# Use OpenAI Enterprise API with medical-specific prompt
response = openai_client.chat.completions.create(
model=settings.openai_model, # GPT-4 for medical accuracy
# ... (code continues)Privacy & Quality: We use OpenAI's Enterprise API, which guarantees: • No data used for model training • Data deleted within 30 days • SOC 2 Type 2 compliance • Enterprise-grade security
Learn more about OpenAI Enterprise privacy →
After analysis, your files are immediately deleted from our servers. Here's the actual cleanup code:
# Current Implementation: Dual Cleanup System for Maximum Privacy
@app.post("/api/analyze")
async def analyze_report(request: AnalysisRequest):
try:
# ... file loading and analysis code ...
# Extract text and analyze with AI
text_content = await extract_text_from_file(file_path, content_type)
analysis = await analyze_with_openai(text_content, request.language)
# IMMEDIATE CLEANUP #1: Delete files right after analysis
try:
# ... (code continues)Dual Privacy Protection: We implement TWO cleanup systems for maximum security:
1. Immediate cleanup - Files deleted right after analysis completion
2. Scheduled cleanup - Automatic background tasks ensure no files remain beyond 24 hours
Files are permanently removed using shutil.rmtree()which completely deletes from the filesystem (not just marked for deletion).
Our current production system implements comprehensive privacy protection with multiple safeguards:
# Current Production Privacy Implementation
class Settings(BaseSettings):
cleanup_delay_hours: int = 24 # Maximum file retention
max_file_size: int = 10_485_760 # 10MB security limit
environment: str = "production"
@property
def allowed_origins(self) -> List[str]:
"""Secure CORS origins for production"""
return [
"https://medgpt.me",
"https://www.medgpt.me",
# ... (code continues)Production Ready: Our current implementation includes filename sanitization, file type validation, secure CORS origins, comprehensive logging, and dual cleanup systems. All privacy features are actively deployed and monitored in production.
Want to verify this code yourself? Our entire codebase is open source and available on GitHub.
View Source Code on GitHub →End-to-End Encryption
Your files are encrypted during upload, processing, and storage
Secure Infrastructure
Hosted on enterprise-grade cloud platforms with SOC 2 compliance
HTTPS Only
All communications use SSL/TLS encryption
Automated Processing
No human staff can access your medical data during processing
Temporary Storage
Files exist only during processing, then automatically deleted
Secure Deletion
Files are permanently deleted, not just marked for deletion
File Upload
Your medical report is securely uploaded and encrypted
AI Analysis
OpenAI processes your report to generate explanations
Results Delivered
You receive your analysis and can download reports
Automatic Deletion
All files and data permanently deleted from our servers
✅ Immediate cleanup after analysis completion
Files are deleted right after processing using shutil.rmtree()
✅ Scheduled 24-hour cleanup system
Automatic background tasks ensure no files remain beyond 24 hours
✅ Enhanced security and validation
Filename sanitization, file type validation, and comprehensive error handling
✅ Production-grade privacy implementation
All privacy features are actively deployed and monitored
🤖 OpenAI GPT-4 (Medical Analysis Engine)
We use OpenAI's most advanced language model for medical analysis via their Enterprise API, which provides the highest privacy and security standards available.
✅ Privacy Guarantees:
🏆 Why OpenAI Enterprise:
💳 Stripe (Payment Processing)
All payments are processed by Stripe, the world's most trusted payment platform. We never see or store your card details - they go directly to Stripe's secure servers.
View Stripe Privacy Policy →We take healthcare data protection seriously and are committed to meeting the highest privacy standards. Here's our current compliance status and roadmap:
✅ Technical Safeguards in Place
Encryption, secure deletion, access controls, and audit logging
✅ Data Minimization
We only process what's necessary and delete everything after analysis
🚧 Formal Compliance Certification (In Progress)
We're working toward formal HIPAA and GDPR compliance certification
Important Disclosure: MedGPT is currently designed for educational use and personal health information understanding. We are not yet a HIPAA-covered entity, but we follow HIPAA-inspired privacy practices.
✅ HIPAA-Inspired Practices We Follow:
🎯 Future HIPAA Goals:
For EU Users: We respect your data protection rights under GDPR and implement privacy-by-design principles throughout our platform.
✅ GDPR Principles We Follow:
🔒 Your GDPR Rights:
🇨🇦 Canada (PIPEDA)
We follow privacy principles consistent with Canada's Personal Information Protection Act
🇦🇺 Australia (Privacy Act)
Our practices align with Australian Privacy Principles for health information
🌏 Other Jurisdictions
We aim to meet or exceed privacy standards worldwide and welcome feedback from international users
Educational Use: MedGPT is designed for educational purposes to help you understand your medical reports. It is not a substitute for professional medical advice, diagnosis, or treatment.
Compliance Status: We are actively working toward formal HIPAA and GDPR compliance certification. Current practices follow these standards but formal certification is in progress.
Healthcare Integration: For healthcare providers seeking HIPAA-compliant integration, please contact us to discuss Business Associate Agreements and enterprise solutions.
Have questions about our privacy practices or compliance status? We're committed to transparency and happy to discuss:
🗑️ Immediate Deletion
Your files are automatically deleted after analysis
📧 Contact Us
Email us for any privacy concerns or questions
🔒 Data Minimization
We only process data necessary for analysis
📱 Download Reports
Download and save your analysis results locally