teamplay Data Security and Protection Flyer 1.01MB
www.siemens.com/teamplay teamplay security statement Ensuring high-level data security and privacy. EuroPriS e2 HIPAA1 ULD3 Keeping private things private Protecting the privacy of your personal data is important to teamplay as it is in every Siemens Healthcare project. Rest assured, that teamplay works in compliance with applicable laws on data privacy protection and data security. Furthermore, since teamplay will be handling personal and sensitive information, we make sure our security measures go beyond what is required: While providing different data security levels to be compliant with local regulations, teamplay meets the US standards of HIPAA1 (Health Insurance Portability and Accountability Act) as well as the requirements of the European data protection directive. A strong security partner Employing the Microsoft Azure Cloud comes with cutting-edge security to avoid breaches and malicious attacks. Sophisticated measures like encryption, segregation and destruction safeguard all information. Restricted area Intelligent access control technologies restrict data access and use two individual login accounts and authorizations. Solely the teamplay users themselves decide about who they grant access rights or share their data with. No patient information will be sent to teamplay without customer and patient consent. Transparent data use policy A dedicated agreement (e.g. in US a Business Associate Agreement) ensures joint responsibility of all involved parties and lists all obligations of security and confidentiality elements for patient information. Join the imaging world team. Safely and trustingly. teamplay by Siemens Healthcare. 1 HIPAA certified 2 EuroPriSe – certified to European Privacy Seal standard is initiated but pending 3 ULD – is initiated but pending Answers for life. Where is the data of the “teamplay” cloud hosted? Data is hosted in Microsoft Azure Data Centers within the customer’s geographical region. How do you protect the data from getting lost? In each geographical region all data is replicated between multiple data centers so that risk of data loss is minimized. Who has access to the data? Dose & Usage: Only anonymized patient data is leaving the institution, users of the customer and Siemens Service personnel has access to this anonymized data. Will you host personalized data in the “teamplay” cloud? Only user information is hosted in teamplay. This information is stored encrypted. There is no unencrypted personal information hosted in teamplay. Advanced functionalities might need the transfer of pseudonmynized data subject to customer’s consent. Images4: Before data is leaving the institution patient information is extracted and end-to-end encrypted (zero knowledge) and image data is anonymized. Only the customer is able to access and share their patient and other sensitive information. Siemens Service personnel has access only to the anonymized images. Prominent cloud providers have only recently been hacked (Dropbox, iCould). How does Siemens ensure data security, e.g. protecting the cloud from unauthorized access or from being affected by malware? Microsoft is investing significantly in security and has declared HIPAA1 compliance, further Siemens is applying state-of-the-art encryption technology and is continuously performing extensive penetration testing for ensuring the highest possible level of data security. Do you provide regular updates for customers to make sure they’re up to date when it comes to data security? teamplay is not interfering with the existing IT workflows of the customer and Siemens provides regular security updates. Do you store patient data? Dose & Usage: No patient information is stored in teamplay. Images4: Patient information is end-to-end encrypted (zero knowledge) with strong state-of-the-art cryptographic algorithms and is only stored with customer and patient consent. Have you implemented any processes for a reliable deletion of customer/patient data? Customer will be able at any point in time to delete the account including all sensitive data. Is it possible to access imaging devices or PACS (e.g. controls, remote service lines) via connection to the cloud? No, only outbound connection from the Receiver to teamplay Cloud is possible, no inbound connections are needed or possible. The information about this product is preliminary. It is under development, not commercially available, and its future availability cannot be ensured. 4 Are there any precautionary measures to maintain thesolution’s functionality, even if security has been compromised? Data integrity is ensured by the use of cryptographic hashes. In case data should be corrupted it will be isolated. The customer will be notified and can restore the data from the original data source in the institution. teamplay is enforcing multi-factor authentication intelligently to protect the system from unauthorized access. Global Business Unit Siemens AG Medical Solutions SYNGO DE-91052 Erlangen Germany Phone: +49 9131 84-0 www.siemens.com/syngo Global Siemens Headquarters Siemens AG Wittelsbacherplatz 2 DE-80333 Munich Germany Legal Manufacturer Siemens AG Wittelsbacherplatz 2 DE-80333 Munich Germany Global Siemens Healthcare Headquarters Siemens AG Healthcare Sector Henkestrasse 127 DE-91052 Erlangen Germany Phone: +49 9131 84-0 www.siemens.com/healthcare pdf 1014 © 2014, Siemens AG www.siemens.com/teamplay
© Copyright 2024