Privacy Compliance –
Regulatory Conformity with
Seal and Certificate.

Privacy Compliance Certifications 

The "Unabhängige Landeszentrum für Datenschutz" (ULD) in Kiel, Germany

The ULD [independent state center for data protection] was the first official authority in Germany which certified products within the context of the data-protection audit. The ULD’s certification procedure consists of two steps: manufacturing or distributing firms can commission experts or a testing authority of their choice, but these experts or other authorities must be accredited by the Unabhängiges Landeszentrum für Datenschutz; these experts or other authorities then test the product with regard to legal and technical aspects and finally send the written documentation of the test to the ULD. If a subsequent test by the ULD reveals no reasons to the contrary, the seal of quality is granted.
 

The First Archive with Data-Protection Certification

The e-pacs Storage Service is the first medical archive to receive the data-protection seal of the independent state center for data protection in Kiel. For obvious reasons, patient-related medical data are subject to the strictest data-protection requirements. In addition to the prevention of unauthorized viewing and guarding against the loss of the data, it is also necessary to guarantee the completeness, authenticity, long-term availability and inalterability of the data. Lengthy obligatory storage intervals for medical data on the one hand, and the speedy pace of technological development on the other hand, are two diverging factors which are difficult to reconcile.

Alongside the abovementioned requirements, current developments in the healthcare field also cause enormous budgetary pressure. Mass-data storage is strongly subject to economy of scale, so what could be more reasonable than to make mutual use of costly storage technologies, thereby realizing enormous potentials for savings without having to scrimp on performance. 
 

Regular Re-certifications

With more than 500 million images, e-pacs is not only Europe’s largest image archive, but also the first such archive whose security and data-protection compliance have been confirmed by an official and independent auditing procedure. The conferral of the data-protection seal by the ULD took place on the basis of a legal and technical appraisal in which detailed tests of the data-protection aspects were conducted; specialists employed by datenschutz nord in Bremen conducted these tests.
Not unlike the well-known ISO9001 certification, certified products must submit to a re-certification procedure every two years. After the initial certification in 2003, re-certifications were conducted in 2005 and 2007. Within the context of these re-certifications, specialists checked to assure that the certified products were still in compliance with current legal requirements. Key lengths and enciphering processes were also checked to assure their usability within the planned usage interval.
 

Here are a few excerpts from the appraisal:

“The e-pacs product wholly complies with the requirements, especially because the implemented technical solutions innovatively facilitate the realization of legal stipulations.”

“The archiving of medical data by an external service provider is permitted by data-protection legislation within the context of data-processing by commission.”


“The e-pacs product is characterized by the fact that the medical data remain completely enciphered, in a manner which is not decipherable by the archivist, throughout the entire archiving process.”

“Pseudonymous header information guarantees the confidentiality of all secondary data.”


“Confidentiality of the data stored on the storage server is achieved in an exemplary manner.”


“Protection against confiscation is exemplarily achieved.”


“Pseudonymous archiving embodies an exemplary implementation of the principle of data economizing.”
 

EuroPriSe – The European Privacy Seal

The speedy evolution of new and innovative IT technologies is changing our world. New products and services help to improve people’s living conditions. At the same time, it is becoming increasing difficult for clients to decide which IT product is the right one for them. As a provider of services, we’re confronted by the legal framework conditions, by evolving standards, by economic forces within the healthcare industry, and by the expectations of our clients. Compliance with data-protection regulations is a tremendous challenge for modern IT management. On the European level, this is especially true for the various and not yet completely harmonized data-protection regulations of the several European nations. The EuroPriSe (European Privacy Seal) tests to assure that the e-pacs Storage Service can be operated in conformity with the European regulations for data protection and data security.

The following short film compactly explains EuroPriSe:

The e-pacs Storage Service has received the EuroPriSe certification:

In 2003 the e-pacs Storage Service became the first medical archive in Germany to earn the data-protection seal of the Unabhängiges Landeszentrum für Datenschutz. The EuroPriSe certification, which it earned in 2008, reconfirmed the service’s pioneering role in data-protection conformity. This certificate bears test number DE-080003p and remains valid until the next regularly conducted re-certification, which is scheduled to take place in September 2010.
 

The EuroPriSe Consortium:

 
Data-protection specialists and regulatory authorities from numerous European countries are represented in the EurPriSe Consortium:

 
ULD - Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein
  Agencia de Protección de Datos de la Communidad de Madrid
  Institute of Technology Assessment of the Austrian Academy of Sciences
  Ernst & Young AB
  London Metropolitan University
  TÜV Informationstechnik GmbH
  Borking Consultancy
  Commission Nationale de l'Informatique et des Libertés
  VaF s.r.o.