For you as a patient, what does „high-security patient service“ by samedi mean?
The personal and medical information saved on samedi is highly sensitive. Thus, the protection of patient data has first priority at samedi GmbH. We strictly hold to the guidelines of German privacy laws as well as of the ones on the European Union (EU) level. The samedi GmbH assures 1) that the right of self-determination is always given when handling user data of samedi and 2) that the privacy of each samedi user is given. Therefore, samedi has implemented the following measures:
- Data transfer from user computers to the samedi servers as well as the download of data from the samedi server to a user computer is undertaken in an encrypted way. samedi GmbH uses therefore the up-to-date encryption standard SSL (Secure Socket layer) in version 3.0. This established cryptographic method is used worldwide for highly sensitive online transactions like online banking or sensitive online- applications in the health care sector.
- Moreover, the patient data of the Personal Health Record is on top of that locally encrypted on the patient computer. Only after this has happened, the information is transmitted to the samedi servers. Due to the multi-level system of symmetric and asymmetric encryption algorithms, neither samedi administrators nor employees nor third parties can read the clear text – only if the user authorize it in her/his trust list. All cryptography- algorithms correspond to the technical guidelines TR – 02102 (“Cryptographic applications, recommendations and key sizes”) by the Federal Office for Security in Information Technology. In addition, the user data is saved on encrypted hard disks. Based on these measures, third parties cannot directly access user data.
- samedi cooperates with a big external internet provider in order to store user data in a physically secure and reliable way (currently at: filoo GmbH, Moltkestraße 25a, D-33330 Gütersloh).The servers of this provider are located in a data center in Germany which was built and maintained according to “Tier-3” standard. The data center is certified by the Technical Inspection Agency (German: TÜV). Neither employees of samed GmbH nor third parties have access to the data saved on the samedi server except if the user has given the explicit approval.
- Because of the used encryption method, samedi complies with the strong requirements of the medical confidentiality (in Germany “Ärztliche Schweigepflicht” according to § 203 StGB). Also, the protection against seizure is, according to German law, is applied at samedi because of the processing of sensitive data.
- samedi GmbH regularly checks its compliance with privacy guidelines. Additionally, samedi is annually audited and certified concerning its compliance with privacy guidelines by an independent external firm (currently: legitimis GmbH).