This content is password protected. To view it please enter your password below:

Password:

The post Protected: More pertinent than ever during and post- COVID-19 pandemic: Accord Health Care launches Unify Health: privacy-by-design, seamless to use cancer patients’ app appeared first on Pryv.

Security with app hardening and privacy-by-design backend are a top priority for Digital Health Providers

Fraud, privacy violations, cyberattacks, unauthorized data collection, outlaw processing, and hacking of connected medical devices and mobile applications are just a few of the threats arising from the digitalization of the healthcare industry. A hack, that can be disastrous for individuals, is just as harmful for businesses, who will face regulatory fines and damage to their reputation. Such threats can be minimized by implementing adequate privacy and security measures right from the very start. Protecting digital channels is invaluable on many levels, saves lives and prevents significant financial losses.

“Smartphones and tablets are the primary access point for both our personal and work life, and a valuable target for attackers,” said Dr. Christian Schlaeger, Build38 CEO. “Business agility provided by mobile devices will continue to drive adoption in the mobile health sector, even more now with the announced DiGA initiative of the German government. Build38 and Pryv empower businesses to embrace the productivity benefits of mobile devices while addressing the security and privacy risks.”

“Developing the privacy and security layers of Digital Health applications is a highly demanding task, yet essential to gain users trust and achieve compliance.” said Pierre-Mikael Legris, CEO at Pryv “This partnership is a game changer for digital health innovation. It provides digital health innovators with a rigorously tested off-the-shelf solution, allowing them to easily and rapidly develop trustworthy and scalable products.”

The offering by Pryv and Build38 foster compliance with the most stringent existing and forthcoming data protection and cybersecurity regulations. No dedicated security knowledge or privacy-expertise is required by development teams. Companies can focus on their core competency, while de-risking security and privacy compliance, winning time-to-market and fostering user-engagement through trust and transparency.

About Build38:

Build38 is a global provider of mobile application protection solutions. Its Trusted Application Kit (T.A.K) solution combines AI-platform and strongest app shielding technology which protects B2B and B2C mobile channels from fraud and reduces your compliance risk exposure. It also enables new use cases and opens the market for new digital business models. Build38 protects applications across various industries including automotive, financial, public transport and health care. Build38 is headquartered in Munich with global offices in Barcelona and Singapore.

www.build38.com

About Pryv SA:

Pryv makes health personal data processing as secure and trustworthy as online banking.

Pryv.io is a solid foundation on which you build your own digital health solution, so you can collect, store, share and rightfully use personal data. It comes with must-have consent and auditing tools to keep you compliant with existing and forthcoming regulations. The software has been developed to accommodate rapid integration, allowing you to properly manage your users’ data from day one. It comes with turnkey IoT connectivity, a secure storage vault, fine-grained consent management, and comprehensive auditing capability that radically cut IT risk, development costs and accelerate time-to-benefit while addressing the GDPR and the most stringent data protection requirements.

pryv.gihub.io/www

The post Build38 and Pryv Team Up to Simplify Mobile Security and Privacy for Digital Health Companies appeared first on Pryv.

*This is a living document that will be updated on a regular basis.

GDPR: remaining within the rules.

The European Data Protection Board (EDPB) says that it is possible to adapt to the situation while remaining within the rules.

“Data protection rules (such as GDPR) do not hinder measures taken in the fight against the coronavirus pandemic,” says EDPB chair Andrea Jelinek.

“However, I would like to underline that, even in these exceptional times, the data controller must ensure the protection of the personal data of the data subjects. Therefore, a number of considerations should be taken into account to guarantee the lawful processing of personal data.”

Consent and Data Collection

Data Protection Authorities all agree: only essential information should be collected. 

So, only in case that it’s necessary for public health reasons, public health authorities and employers can process personal data without having the consent of the concerned individuals.

If the concept might be simple in theory, it leaves organisations with a lot of questions and challenges to solve. To provide guidance on the subject, International Law Firm White & Case has set out “an overview of some of the key issues for organisations to consider during this crisis, from an EU data protection compliance perspective”.

Mobile location data

« For the processing of electronic communication data, such as mobile location data, additional rules apply. The national laws implementing the ePrivacy Directive provide for the principle that the location data can only be used by the operator when they are made anonymous, or with the consent of the individuals. » 

« When it is not possible to only process anonymous data, Art. 15 of the ePrivacy Directive enables the member states to introduce legislative measures pursuing national security and public security *. This emergency legislation is possible under the condition that it constitutes a necessary, appropriate and proportionate measure within a democratic society. If such measures are introduced, a Member State is obliged to put in place adequate safeguards, such as granting individuals the right to judicial remedy. »

European Commission’s Recommendation on apps for contact tracing, published on 8 April and setting out the process towards a common EU toolbox for the use of technology and data to combat and exit from the COVID-19 crisis

Andrea Jelinek, Chair of the EDPB, said: “The EDPB welcomes the Commission’s initiative to develop a pan-European and coordinated approach as this will help to ensure the same level of data protection for every European citizen, regardless of where he or she lives.”

Letter concerning the European Commission’s draft Guidance on apps supporting the fight against the COVID-19 pandemic

In its letter, the EDPB specifically addresses the use of apps for the contact tracing and warning functionality, because this is where increased attention must be paid in order to minimise interferences with private life while still allowing data processing with the goal of preserving public health.

MDR: Postponed. 

Parliament adopted the European Commission proposal, allowing the application of the Medical Devices Regulation to be postponed by one year until 26 May 2021.

«This postponement will take the pressure off national authorities, notified bodies, manufacturers and other actors so they can focus fully on urgent priorities related to the coronavirus crisis.

Vice-President for Promoting our European Way of Life, Margaritis Schinas, said: “Shortages or delays in getting key medical devices certified and on the market are not an option right now. The Commission is therefore taking a pragmatic approach and delaying the entry into application of new EU rules on medical devices, so we can have our medical industries pouring all their energy into what we need them to be doing: helping fight the pandemic. This shows once again that the European Union is leaving no stone unturned in our support to national public health systems in their hour of need.”

Sources: https://www.europarl.europa.eu/news/en/press-room/20200415IPR77113/parliament-decides-to-postpone-new-requirements-for-medical-devices

Switzerland: The principles of the Federal Act on Data Protection, must be respected.

The authorities, in cooperation with health institutions, are doing everything possible to stem the rapid spread of the coronavirus. Insofar as private individuals (in particular employers) process personal data to combat the pandemic, the principles set out in Article 4 of the Federal Act on Data Protection must be respected.

Source:

https://www.edoeb.admin.ch/edoeb/en/home/latest-news/aktuell_news.html

France: CNIL Recalls Data Protection Rules in the Context of the COVID-19 Outbreak

The French Data Protection Authority (the “CNIL”) issued guidance which outlines some of the principles relating to personal data processing. 

The Guidance stresses that employers may not implement measures to fight against the coronavirus pandemic that would infringe on employees’ or visitors’ right to privacy, especially by collecting personal health data that would go beyond what is necessary to determine potential exposure to the virus. 

Source: https://www.huntonprivacyblog.com/2020/03/20/cnil-recalls-data-protection-rules-in-the-context-of-the-covid-19-outbreak/

Germany: A solid framework for privacy and health innovation

German Authorities Issue Guidance Related to Coronavirus.

Germany is among a few countries that have already set-up the scene for effective promotion of remote patient monitoring and digital health adoption. Digital Health Innovators can apply for the DiGA “Fast Track” and have their solutions reimbursed and prescribed by physicians. 

« The Health Innovation Hub, established by Germany’s Ministry of Health, published a list of trusted telemedicine services. Most of these are available for free, towards which citizens can turn during the pandemic. » 

Sources:

https://hih-2025.de/here-to-stay-digital-health-in-times-of-covid-19-a-german-deep-dive/

https://www.datenschutz-mv.de/datenschutz/publikationen/Corona/

https://www.insideprivacy.com/covid-19/german-authorities-issue-guidance-related-to-coronavirus/

https://www.bfdi.bund.de/DE/Datenschutz/Themen/Gesundheit_Soziales/GesundheitSozialesArtikel/Datenschutz-in-Corona-Pandemie.html?nn=5217154

https://medicalfuturist.com/how-germany-leveraged-digital-health-to-combat-covid-19/

UK: marks a shift in its privacy policy on patient data collection and usage 

The National Health Service in England has sent out a document that marks a shift in its policy on patient data. It mentions the use of data to understand trends in the spread and impact of the virus and “and the management of patients with or at risk of Covid-19 including: locating, contacting, screening, flagging and monitoring such patients”.

In this regard, the UK Information Commissioner’s Office (ICO) also published “a handy guide to what you need to know about data protection during the pandemic” that specifically addresses the concerns of healthcare organisations and professionals.

Sources: https://www.gov.uk/government/publications/coronavirus-covid-19-notification-of-data-controllers-to-share-information

https://www.bbc.com/news/technology-52135916

Globally: A closer look at privacy updates during pandemic, at a glance

The latest guidance and information from The Global Privacy Assembly (GPA members) and observers on data protection and COVID-19 can be find in the source below:

Source: https://globalprivacyassembly.org/covid19/

The post Privacy and Health Regulation updates during Covid-19: Must-know updates appeared first on Pryv.