Privacy Compliance

Handling Patient-Related Medical Data

Because of their special confidentiality, these data are subject to especially strict protection regulations. For example, without explicit consent from the patient, it is not permissible to convey these data to third parties in such a way that the contents of the data can be identified as pertaining to a specific individual. Conveyance to third parties is permissible only if the data are transmitted and processed in anonymous and pseudonymous form. We are acutely aware of this issue and we have integrated all necessary security mechanisms into the technical and operative concept of the e-pacs Storage Service to guarantee the protection, inalterability and long-term availability of patient-related medical data. The e-pacs concept has been repeatedly tested and proven compliant by data-protection authorities on the local and state level during past years.
 

Generic Data-Protection Concept

The e-pacs Storage Service makes the external archiving of patient-related medical data legally permissible because all necessary security measures have been taken into consideration. Patient-related data can typically be found in Dicom files in certain areas of the header. But simply enciphering this is insufficient because patient information can also be contained in the pixel information of the image (e.g. in ultrasound images). That’s why the e-pacs Storage Service begins by compressing each image without loss of quality, then assigning it a pseudonym and finally enciphering it in an entirely client-specific way. On the one hand, this assures that the patient cannot be identified by third parties during the transmission, processing and archiving in the e-pacs Storage Center; on the other hand, in the fictive event that a technical error causes the images to be delivered to the incorrect addressee, they cannot be deciphered by the “wrong” client.
 

Anonymization vs. Pseudonymization

Anonymization is not a viable solution for external archiving because the data cannot afterwards be identified as pertaining to a specific person. Anonymization is accordingly suitable only for statistical or epidemiological studies. Pseudonymization as practiced by Telepaxx enciphers all data that are transmitted and processed off the client’s premises. The enciphering assures that the contents are not recognizable and that the data cannot be identified as pertaining to a specific patient. Deciphering and personalizing the data are only possible on the client’s e-pacs Department Server and with the client’s individual certificate, which is exclusively at the client’s disposal.