Pictograms
Article: Johner Institut on meeting German DIGA requirements
https://www.johner-institut.de/blog/regulatory-affairs/datensicherheit-und-datenschutz-fuer-diga/
includes overview on regulatory requirements:
- MDR
- DVG
- DIGAV
- BSI 200-1 BSI-Standard 200-1, Managementsysteme für die Informationssicherheit
- BSI 200-2 BSI-Standard 200-2, IT-Grundschutz-Methodik
- BSI TR03161 Sicherheitsanforderungen an digitale Gesundheitsanwendungen
- ISO 27001:2017
- ISO/IEC 82304-1 Gesundheitssoftware – Teil 1: Allgemeine Anforderungen für die Produktsicherheit
- ISO/IEC 82304-2 Health Software – Part 2: Health and wellness apps – Quality and reliability [future – includes a “seal”]
- IEC 8001-5-1 Safety, security and effectiveness in the implementation and use of connected medical devices or connected health software – Part 5-1: Security – Activities in the product lifecycle
Germany: Referentenentwurf DVMPG
Draft for new German law to modernize health care
(Digitale Versorgung und Pflege – Modernisierungs-Gesetz – DVPMG)
This includes important changes to DIGAV!
(See “Artikel 8”, page 44ff)
- From 1.Jan 2023 DIGA (digital health applications) would need to be able to export data into a the electronic patient file (elektronische Patientenakte)
- Also new requirements on certified information security management (from no later than 1 Jan 2022) and a BSI certificate on data security (from 1 Jan 2023). This also applies to digital health applications which are already registered.
- Also new requirements on integrating with the electronic patient card for authentication (elektronische Gesundheitskarte) – unless the DIGA is purely web-based. (31 Dec 2020)
- Also the vendor needs to ensure that the provided health information is kept up-to-date.
Germany: DPAs (DSK) Paper on Microsoft Windows 10 Telemetry Functions (with BSI input)
Telemetriefunktionen und Datenschutz beim Einsatz von Windows 10 Enterprise
https://www.datenschutzkonferenz-online.de/media/dskb/TOP_30_Beschluss_Windows_10_mit_Anlagen.pdf
German initiative for third country assessments
https://essentialguarantees.com
(private initiative? no authorities involved?)
#SchremsII
Germany: BDI paper: Anonymization of personal data
Anonymisierung personenbezogener Daten
Ein branchenübergreifender Praxisleitfaden für Industrieunternehmen
https://bdi.eu/publikation/news/anonymisierung-personenbezogener-daten/
David Rosenthal: Kommentierung des revidierten Schweizer Datenschutzgesetzes
David Rosenthal, Das neue Datenschutzgesetz, in: Jusletter 16. November 2020
https://www.rosenthal.ch/downloads/Rosenthal-revidiertesDSG.pdf
DSGrev
DPA: Germany/Bavaria: BayLDA Schrems II slides, IAPP 17-Nov-2020
UKANON: second edition of the Anonymisation Decision-making Framework
The Framework has been given a significant overhaul and for the first time there is a systematic method for evaluating your data environment.
EDPB and SchremsII
Final version at https://edpb.europa.eu/system/files/2021-06/edpb_recommendations_202001vo.2.0_supplementarymeasurestransferstools_en.pdf
—
https://edpb.europa.eu/sites/edpb/files/consultation/edpb_recommendations_202001_supplementarymeasurestransferstools_en.pdf
https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_recommendations_202002_europeanessentialguaranteessurveillance_en.pdf
https://iapp.org/news/a/a-break-down-of-edpbs-recommendations-for-data-transfers-post-schrems-ii/
https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_plenaryminutes_38_20200914_public.pdf