Climedo Connect: The Digital Patient – Data Protection in the Healthcare Sector

Please note that this webinar took place in German.

This week, our event series #ClimedoConnect took place for the third time and we invited our guests to join an informal exchange, this time on the topic “The digital patient – Data protection in healthcare”. We welcomed Katharina Schreiner from Datenschutzexperte.de and our Head of Backend Engineering Benjamin Sauer as speakers. A total of around 50 guests, with a diverse background ranging from MedTech to CROs and pharmaceutical companies, took part in our online meetup and listened to the presentations.

What was it about?

The data protection of personal data in the healthcare sector is particularly important; this is made unmistakably clear by the Federal Data Protection Act and the Criminal Code. In accordance with the requirements of the General Data Protection Regulation (GDPR), the processing of this data always involves significant risks for the fundamental rights and freedoms of the persons concerned, which is why data protection and security also play an essential role in clinical trials. If, in addition, clinical trials are carried out with a cloud-based solution, further criteria apply.

Due to the numerous criteria that need to be considered when it comes to data protection in the healthcare industry, we were very pleased to welcome Katharina Schreiner, Teamlead Privacy at Datenschutzexperte.de, as a guest in our meetupand to share her interesting presentation on the 5 biggest data protection pitfalls in the digital healthcare industry with our attendees.

In the second presentation, our Head of Backend Engineering Benjamin Sauer discussed clinical trials in the cloud and highlighted the advantages and risks of cloud usage.

Who were the speakers?

Amelie Fink, Account Manager at Climedo Health, once again moderated the event and led the Q&A and discussion session. The speakers were Katharina Schreiner from Datenschutzexperte.de and Benjamin Sauer from Climedo Health.

As head of the data protection team at Datenschutzexperte.de and a lawyer specialized in data protection law, Katharina Schreiner is an expert in the field of data protection and supports her clients in enforcing the highest data protection standards. In addition, she is a certified external data protection officer (GDD cert. EU).

As Head of Backend Engineering, Benjamin Sauer is an expert in cloud infrastructures and ensuring the greatest possible data protection and data security at affordable prices. He is also intensively involved in the topics of sustainable data storage through cryptography in the context of the compliance-heavy medical industry.

Keynote speech Katharina Schreiner: “The 5 biggest data protection pitfalls in the digital health industry”

Katharina started with a short live survey to assess the current implementation status of the GDPR requirements among our participants. Fifty-four percent said they were currently working on meeting all requirements as soon as possible, 41% said they were up to date and were continuously keeping on track with the requirements of the GDPR. Only 5% had not yet dealt with the topic of data protection at all.

So what are the most important points that must be considered for data protection in the healthcare sector? To clarify this question, Katharina first went into the basics of data protection and the definition of health data. Data concerning health are data that relate to a natural person and contain information on their health status (according to Art. 4 (15) GDPR). Therefore, the reference to a person and the reference to health are important.

Information already counts as protected health information (PHI) if an indirect conclusion can be drawn about the state of health via other data (e.g. a stay in a hospital). In this case, the increased requirements for PHI with regard to the legitimacy of data processing and data security come into force.

Later on in her presentation, Katharina addressed the issues of legitimation for data processing & TOM, Privacy Impact Assessment (PIA), responsibilities (e.g. in the case of data transfer to a third country), deletion periods and retention obligations as well as documentation of data protection compliance.

Keynote speech Benjamin Sauer: “Out of the cloud – Clinical trials in the cloud”.

What proportion of our attendees’ work already takes place in the cloud? And how do they rate the benefits of greater cloud usage? In order to get a better feeling for his audience, Benjamin asked the attendees these very questions in his live surveys. Nearly half said they only conducted “0-25%” of their daily work in the cloud, followed by nearly a quarter who said “75-100%” took place in the cloud. However, attendees were relatively unanimous about the benefits of greater cloud usage, with 52% estimating moderate and 48% estimating very large benefits from increased cloud usage.

But what exactly are the benefits of cloud usage? The most important ones cover these four areas: 

• Cost savings: Reduced infrastructure costs, reduced installation effort for end users, simplified collaboration
• Increased data security: More comprehensive security portfolio from larger vendors, easier compliance work, increased availability
• Scalability: “Infinite” capacities, dynamic scaling, resource efficiency
• Innovation opportunities: Location independence, real-time networking capabilities, access to the latest technologies and systems

In addition to this multitude of advantages, there are also challenges such as the migration effort, procedural changes and organizational changes. Benjamin Sauer addressed these in the further course of his presentation and also named important legal requirements that are relevant for cloud application (Safe Harbor & Privacy Shield, CLOUD Act, GDPR). He also provided solutions on how to comply with these legal requirements and how to process data, for example from clinical trials, securely in the cloud.

Many thanks to all attendees for the great interest in our event and the numerous questions and discussion contributions! Finally, we would like to thank our speakers Katharina and Benjamin for their time and expertise!

Speakers wanted!

Would you also like to participate as a speaker at Climedo Connect? We look forward to hearing from you! Simply drop us a line at hello@climedo.de!

About Datenschutzexperte.de

Behind Datenschutzexperte.de stands the legal tech company Proliance with 60+ privacy enthusiasts. As one of the market leaders for data protection solutions for SMEs in the healthcare, nursing and medical sectors, Proliance solves the issue of data protection digitally, holistically and simply. The core of this is the SaaS solution Proliance360. The platform datenschutzexperte.de is one of the widest-reaching and most helpful websites in data protection. Learn more: www.datenschutzexperte.de.