Particular security measures for medical data: The data privacy concept
Because of W.H.A.T.’s web-based architecture all data processed within the platform are stored in a centralized database operated by a single server, nevertheless the installation of an autonomous instance only within an organization’s intranet is also possible. Due to the processed data’s characteristic as medical data, special data security measures have been taken, in order to ensure data confidentiality and integrity. The greatest focus during the design and the development of the platform was set on a secure implementation according to the current status of software engineering, taking into account the Austrian as well as the European data protection regulations.
The following data security measures have been taken:
- Securely encrypted data transmission via the internet
- Permanent integrity checks after data transmissions
- Encrypted storage of the databases
- Access is only permitted to data the user has entered himself
- Data transfers between different organizations or users is only permitted if explicitly granted
- Treatment data will only be used for research purposes after they are made anonymous
- Separated storage of medical treatment data and personal data in two independent databases
The data stock separation in detail
According to the data privacy concept, the whole medical data pool is divided in two parts: personal data and pseudonymous treatment data. Each of these data pools is stored in a technically, organizationally and personnelly completely independent data center. One of those service providers only stores the pseudonymous medical treatment data, whereby each patient just can be identified by an assigned pseudonym. The other data center provides the so called service „patient register“, which enables the assignment of a pseudonym to the appropriate person. Only within the browser of an authenticated user, the pseudonym will be replaced by the corresponding personal data provided by the patient register.
Therefore this concept guarantees the confidentiality of the whole data pool, because its betrayal required the compromising of two completely independent data centers.