Data security goes hand-in-hand with data control. GDPR puts security at the service of privacy. To preserve subjects’ privacy, organizations must implement:
Safeguards to keep data for additional processing
Data protection measures, by default
Security as a contractual requirement, based on risk assessment, and encryption
C19T has implemented full encryption from end to end with highest possible encryption level (256bit AES).
Right to erasure and access
Subject data cannot be kept indefinitely. GDPR requires organizations to completely erase data from all repositories when:
Data subjects revoke their consent
A partner organization requests data deletion, or
A service or agreement comes to an end
It is worth noting, however, that subjects do not enjoy a carte blanche right for their data to be erased. If there are legal reasons — specified in the regulation — an organization can retain and process a subject’s data. Exceptions are few, however.
C19T support the ability to allow any patient or user full access to all data stored in the system. All data can be exported to ensure full portability as well.
C19T support the ability to erase patient’s data if so requested and if the request is legal according to data processing location, institution and country.
Risk mitigation and due diligence
Organizations must assess the risks to privacy and security, and demonstrate that they’re mitigating them. This requires they:
Conduct a full risk assessment
Implement measures to ensure and demonstrate compliance
Proactively help third-party customers and partners to comply, and
Prove full data control
C19T platform is developed under ISO13485 which implement absolute and fully documentable risk analysis, compliance and data control. Same ISO13485 system regulates all changes and provide assistance to proactively support partners in compliance as well.
C19T has full control/track of data in an unbroken chain from user to clinician.
Due to the used ISO 13485 QMS, C19T can document all changes throughout the system, and roll back to previous versions on demand as a part of a recall or breach procedure.
Data protection is designed in to system as a default, which is documented by the ISO13485 implementaiton and can be audited by 3rd party. Default security is highest level. Any changes to data processing is likewise fully documented at any time.
When a security breach threatens the rights and privacy of a data subject or subjects, organizations must:
Notify authorities within 72 hours
Describe the consequences of the breach, and
Communicate the breach directly to all affected subjects
C19T ISO13485 QMS system implement full set of procedures for recall and data breaches, including who to notify and the relevante time limits..
Records of Activity
As an integral part of the product, OTH implement full audit logs for all activities in the system, including ID of operator and patient. Audit logs can be reviewed at will.
COVID-19 Telemedicine hereby submit full GDPR compliance.
Jesper Lodahl, CEO COVID-19 Telemedicine ApS
Deborah Cooley, Data Protection Officer COVID-19 Telemedicine ApS
Privacy & Cookies Policy
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.