What's New In Digital Health

Europe’s pass of the General Data Protection Regulation (GDPR) last May brought many changes to the way information privacy is to be handled, with a particular focus in the handling of healthcare data.¹ This article will discuss how the features and tools available in the dermatology software DermEngine are compliant with GDPR for maximized security and privacy.

1. How does GDPR affect data handling?
The purpose of the GDPR is to give an unified approach to the data privacy regulation across all countries within the European Union. This new law is a replacement to the former EU Data Protection Directive, and is intended to establish a common group of regulations that govern personal data handling and processing across the block of countries.

GDPR is based upon the pivotal principle of data protection, which involves implementing the appropriate technical and organizational measures to comply with the mechanisms through which such data privacy is ensured. In this regard, processes that handle personal data must be built with consideration to the GDPR principles and provide safeguards to protect data at all times. Even more so, the use of high-level privacy settings must be prioritized in every occasion to guarantee that no personal data is publicly accessible without explicit and informed consent.

Protecting patient data is not simply a discussion of data accessibility, it also has deep implications in the preservation of individual identity, and the fight against private information smuggling and illegal commercialization. In this matter, the Security Council of the European Union works to ensure that all data processors comply by fully disclosing the purpose behind data collection, the length data will remain in their access and if third party sharing will occur. The respect and adherence to these principles must be observed by all medical record handling systems, including software such as DermEngine.

 
2. What features make DermEngine GDPR-compliant?
From its inception, DermEngine has been a platform built around compliance with the most strict data privacy and security rules and regulations of international standards. Indeed, DermEngine offers 6 dedicated areas that work in synergy to ensure data handling according to what is established by GDPR:

• Lawfulness, fairness and transparency

• Purpose limitations

• Data minimization

• Accuracy

• Storage limitations

• Integrity and confidentiality

Each one of these areas represent the formal application of the rules that define data collection, processing, sharing and disposal as established by GDPR-based protocols. DermEngine strives to assure patient data is treated with maximum confidentiality as outlined with more detail in the software’s Privacy Policy.

Beyond the technical complexity inherent to this matter, DermEngine guarantees the fair treatment of collected information plus the assurance of purpose limitations and data minimization. This ensures that only the amount of data required to operatively provide adequate healthcare ever comes in contact with the authorized parties. Similarly, integrity is observed to prevent accidental loss, destruction or damage of personal data.

DermEngine’s proprietor developer, MetaOptima Technology Inc., is fully compliant with GDPR’s new regulations and allows customers to leverage its power under the following principles:

• Request access to their personal information

• Update their own personal information to keep it accurate

• Delete data that is of no longer value to their activities

• Request deletion of their personal data

• Have data processing stopped

• Ask their data to be delivered to themselves or a third party

• Object to profiling or automated decision making that could impact them