Data Management & Compliance

Trusted, secure, and compliant by design

At Amiko, we prioritize data security, regulatory compliance, and patient privacy. The Respiro platform is built to meet the highest industry standards, ensuring safety, integrity, and compliance in inhalation medicine. Our robust cloud infrastructure and ISO-certified quality systems provide a secure foundation for healthcare providers, pharma companies, and patients worldwide.

Quality & safety

ISO 13485:2016 QMS

Certified Quality Management System governing product design, manufacturing, and post-market activities.

Risk-based development

Lifecycle processes driven by risk management, verification, and documented traceability.

Change control & continuous improvement

Structured change control, supplier oversight, and ongoing process optimization to maintain product quality.

GDPR & HIPAA compliance

Deployments aligned with international privacy regulations to ensure lawful and secure data handling.

Data minimization by design

System architecture supports operation without PHI, reducing exposure and safeguarding user privacy.

Data Processing & Business Agreements

Formal DPAs and BAAs available to define responsibilities and ensure compliance with legal frameworks.

Data-subject rights & consent management

Established procedures for user consent, access, correction, and retention of personal data.

Privacy & data protection

Security controls

Encryption in transit and at rest

Comprehensive data encryption applied across storage, transmission, and backup systems.

Access management

Role-based permissions, least-privilege principles, and secure SSO authentication.

Monitoring & incident response

Continuous monitoring with audit trails, alerting, and documented incident response workflows.

Secure development lifecycle

Integrated SDLC security controls, vulnerability management, and periodic third-party assessments.

EU & US medical cloud options

Choice of GDPR-compliant EU Cloud or HIPAA-compliant US Cloud for medical data hosting.

Regional data residency

Segregated environments ensuring compliance with regional data-sovereignty and residency laws.

High availability & disaster recovery

Resilient infrastructure with redundancy, backup, and disaster-recovery capabilities.

Medical clouds & data residency

Interoperability & integrations

Secure APIs & SDKs

Standards-based APIs, Webhooks, and mobile SDKs enabling secure data exchange and integration.

Audit trails & event logging

Comprehensive logs providing clinical and operational traceability across systems.

Technical documentation

Detailed technical and security documentation supporting partner submissions (e.g., EU MDR, US FDA).

Regulatory framework alignment

Platform controls mapped to applicable privacy, quality, and medical device regulations.

Regulatory support​

Certifications & Regulations 

CE Mark

Selected Respiro components are CE-marked medical devices under the EU Medical Device Regulation. Technical documentation available on request.

EU MDR

Design, manufacturing, and post-market surveillance for CE‑marked devices follow EU Medical Device Regulation requirements.

ISO 13485

Amiko operates a certified Quality Management System for medical devices covering design, production, and servicing.

HIPAA

US deployments are designed to support HIPAA requirements. Business Associate Agreements and administrative/technical safeguards are available.

GDPR

We act as a data processor and provide GDPR‑aligned processing, data‑residency options, and Data Processing Agreements.