data ethics & clinical governance

Built for clinical trust.

How data is collected

  • Structured check-in responses captured by clinicians during existing postpartum appointments.
  • Patients are informed their responses contribute to anonymised population health insights.
  • Full verbal and written consent process included in the Peek Health clinical onboarding documentation.

What is shared

  • Aggregated, anonymised, population-level insights only. No individual patient records are ever surfaced in the dashboard.
  • Minimum cohort size of 20 patients before any insights are displayed — shown clearly as a data-protection threshold in the platform.
  • All data aggregated to weekly resolution — never to individual appointment level.

How data is stored

  • All data stored in US data centres (HIPAA-eligible AWS us-east-1 and us-west-2).
  • HIPAA-compliant infrastructure with signed Business Associate Agreements (BAAs) with all subprocessors.
  • Aligned with HITRUST CSF controls and state health privacy laws (including CCPA/CPRA and Texas HB 300).
  • Annual third-party privacy and security audit (SOC 2 Type II in progress).
  • Data retention: aggregated insights retained indefinitely; raw check-in responses retained for 24 months then deleted.

US data retention & deletion

  • Retention windows are set per environment and documented in the Business Associate Agreement (BAA) signed with each covered entity.
  • Demo environment: synthetic data only, no PHI. Check-in responses retained 30 days; aggregated demo insights retained 90 days; full environment reset quarterly.
  • Production environment: raw check-in responses retained 24 months from capture, then permanently deleted from primary storage within 30 days and from encrypted backups within 90 days.
  • Aggregated, de-identified population insights (per HIPAA Safe Harbor, 45 CFR 164.514(b)) retained indefinitely for longitudinal maternal health research.
  • Audit logs retained 6 years to meet HIPAA §164.316(b)(2) record retention requirements.
  • Patient-initiated deletion: covered entities can submit a verified deletion request on behalf of a patient; Peek Health removes data from primary storage within 30 days and from backups within 90 days, consistent with HIPAA, CCPA/CPRA, and Texas HB 300.
  • Contract termination: all customer PHI is deleted or returned within 60 days of BAA termination, with a signed certificate of destruction provided on request.

Clinical governance

  • Peek Health operates under a clinical governance framework overseen by an independent advisory panel.
  • The advisory panel is currently being formed — expressions of interest are open.

Independent advisory panel

Composition currently being finalised. Placeholder profiles shown below.

Advisory panel

Clinical Psychologist

Placeholder — advisory panel being formed.

Advisory panel

Maternal Health Nurse Practitioner

Placeholder — advisory panel being formed.

Advisory panel

General Practitioner with Obstetric Interest

Placeholder — advisory panel being formed.

Advisory panel

Health Data Ethicist

Placeholder — advisory panel being formed.

Advisory panel

Consumer Advocate

Placeholder — advisory panel being formed.