IOLDx Clinical is architected with a privacy-first model โ using Supabase (PostgreSQL) with Row Level Security for authenticated cloud storage, with a clear roadmap to HIPAA-compliant enterprise deployment.
IOLDx Clinical is deployed as a web application with cloud-backed storage hosted on AWS CloudFront/S3. This is an intentional architectural decision for the early-access phase.
A surgeon entering AL=24.2mm and K=44.5D generates no identifiable health information. IOLDx Clinical requires a free account for access. Accounts store only email address and de-identified session data (initials, IOL name, predicted VA). No names, DOB, MRN, or PHI as defined under HIPAA.
IOLDx Clinical is a clinical decision support (CDS) tool intended for use by licensed ophthalmic surgeons. Under the 21st Century Cures Act and FDA's 2019 CDS guidance, software that meets the following criteria is classified as non-device CDS and does not require 510(k) clearance:
Current intended use: IOLDx Clinical assists qualified ophthalmic surgeons in reviewing published defocus curve data and calculating estimated IOL power targets. All outputs must be independently verified by the treating surgeon before clinical use.
| Regulation | Applicability | Status |
|---|---|---|
| FDA 510(k) Medical Device | Non-device CDS โ does not replace clinical judgment | Exempt |
| FDA CDS Guidance (2019) | Displays basis for recommendations; used by qualified professionals | Compliant |
| FDA 21 CFR Part 11 | Applies to records submitted to FDA. IOLDx does not submit records. | N/A |
| HIPAA Privacy Rule | No PHI collected or transmitted in current deployment | N/A (v1) |
| HIPAA Security Rule | Required for enterprise cloud deployment with stored PHI | Roadmap |
| SOC 2 Type II | Required for enterprise SaaS with institutional contracts | Roadmap |
| GDPR (EU) | No personal data collected from EU users in current deployment | Compliant (v1) |
The current deployment is intentionally lightweight for early validation. The enterprise architecture roadmap is designed to support acquisition-level scale.
For Alcon enterprise integration: IOLDx Clinical's Flutter Web architecture supports direct embedding into existing web portals. The API layer is designed for ARGOS/Lenstar CSV import and could be extended to support SMARTCataract or NGENUITY data export. Timeline: 60โ90 days for enterprise API integration post-agreement.
All defocus curve data used in IOLDx Clinical is sourced from publicly available regulatory submissions and peer-reviewed literature. No proprietary or confidential manufacturer data is used.
| IOL | Data Source | Type |
|---|---|---|
| Clareon PanOptix (TFNT00) | FDA SSED PMA P930014/S131 | FDA SSED |
| Clareon Vivity (DFT015/DFW015) | FDA SSED PMA P930014/S152 | FDA SSED |
| AcrySof IQ Monofocal | FDA SSED PMA P930014 | FDA SSED |
| Clareon Monofocal | FDA SSED PMA P930014/S148 | FDA SSED |
| TECNIS Symfony (ZXR00) | FDA SSED PMA P060040/S050 | FDA SSED |
| TECNIS Synergy (DFR00V) | FDA SSED PMA P060040/S079 | FDA SSED |
| IC-8 Apthera | FDA SSED PMA P200037 | FDA SSED |
| Additional IOLs (6) | Peer-reviewed literature + manufacturer data | Generated |
For IOLs without publicly available FDA SSED defocus curve data, curves are generated using published clinical study mean logMAR values at standard defocus steps. These are clearly labeled "Generated" in the interface.
For enterprise deployment, institutional licensing, HIPAA Business Associate Agreement (BAA), or Alcon integration discussions:
Available documentation includes Intended Use Statement, Data Flow Diagram, source code (on request), BAA template, and SOC 2 readiness assessment.