Services | Health Data Services

Cloud-based Data Solutions

Are you a hospital, health insurer or provider of healthcare products and services considering the use of cloud services?
We provide expert legal support for health data processing in the cloud, ensuring full compliance and successful implementation.

Challenges

The complex regulatory landscape and potential obstacles of health data processing in the cloud pose many challenges, requiring a thorough understanding of the requirements and a well-planned strategy.

Are you considering moving your health data processing to the cloud?
You are not sure whether this is possible in accordance with the rules applicable to your company?
You want to know what needs to be considered during implementation in order to ensure full compliance?

Solution

The use of cloud services for processing health data is possible. The following are the most relevant topics organisations in healthcare should consider when developing and applying cloud services.

Relevant legal framework and requirements

There is often uncertainty as to which regulations must be observed at all regarding the data processed. Different rules apply to personal data than to nonpersonal data. Hospitals, health insurance companies and DiGA manufacturers must observe and fulfill different requirements.

Legal obligation of confidentiality & secrecy

One of the central professional duties of physicians is the duty of confidentiality. § Section 203 of the German Criminal Code (StGB) protects patient confidentiality under criminal law. The disclosure of secrets is therefore only permitted to members of the medical profession under special conditions.

DPA, SSC and appropriate safeguards

With whom must a processing contract be concluded in accordance with the GDPR? Data transfers to third countries without an adequacy decision are also only permitted if appropriate safeguards are in place.

Technical and organizational measures

Due to their legal assessment, health and social data are data with a high level of protection. The technical and organizational measures taken when processing this data must reflect this level of protection.

Restrictions imposed by state hospital laws

Many state hospital laws restrict the disclosure of patient data collected at the hospital. In many places, these restrictions also apply to the use of processors.

Data processing of social data

Special regulations apply to social data. One of these is § 80 SGB X. This states, among other things, that no processing may take place in a third country for which no adequacy decision exists pursuant to Art. 45 DGSVO.

Data protection and data security requirements for DiGA

Digital health applications (DiGA) are also subject to special requirements regarding the processing of personal data, which are regulated in the DiGAV. The strict interpretation of the legal requirements by the BfArM leads to uncertainty among manufacturers.

Critical infrastructure

Critical infrastructure as defined by BSIG must meet special requirements for security in information technology.

Dealings with supervisory authorities

Regulatory authorities often express skepticism and restrictiveness in connection with service providers that have group connections in a third country. This uncertainty needs to be dealt with.

Learn

Want to learn more? Take a look at the crucial questions with regard to a privacy-compliant deployment of health data in the cloud.

In the News

News
Interview: Christian Dierks steht der NJW Rede und Antwort zu den Defiziten bei der Digitalisierung im deutschen Gesundheitssystem
Interview: Christian Dierks steht der NJW Rede und Antwort zu den Defiziten bei der Digitalisierung im deutschen Gesundheitssystem
News
Data processors in the draft of the new Berlin's hospital law
News
HEALTH DATA REPORT #1
News
Contribution of Christian Dierks on Cybersecurity in hospitals
Christian Dierks‘ contribution to the volume "Cybersecurity in the hospital", the article „Legal framework for IT-security at the hospital“,
News
Covid-19: Epidemiological Apps & data protection
The digital application for the registration of corona patients was not included in the legislative package for the protection of the population after all.
News
Legal opinion for the Federal Ministry of Health: Proposed solutions for a new health research data protection law at federal and state level
Legal opinion from Dierks+Company discusses potential options for action to simplify the use of health data for research purposes.
News
Secondary use of social and health data - Legal framework - by Christian Dierks and Alexander Roßnagel
This volume offers an overview of the current legal framework to researchers and all other interested parties who wish to use social and health data.
News
Data protection for cross-national research projects
Christian Dierks discusses which legal requirements should actually be observed for research with patient data in cross-border clinical research projects.
News
We need a new data protection law for medical research
Guest article about data protection law for medical research form Christian Dierks published in the Handelsblatt Inside Digital Health newsletter.
News
Bringing new solutions to patients
Christian Dierks explains the role played by Dierks+Company in bringing new and innovative solutions faster to the market and thus to patients.
Load more

Plan

D+C helps you to come to an informed decision on the use of cloud services. The Quick Check is an initial approach to examine your challenges and develop the roadmap for your cloud transition.

Quick Check

Book a meeting
Workshop

Your roadmap to the Cloud

The Quick Check will build on the documents you provide to analyze which data protection framework conditions you must observe when processing your data. Furthermore, it will outline the regulations relevant to attendees, the restrictions they impose, and how cloud providers can be used considering the applicable requirements.

Target
One client
Setting
2 weeks
Output
Roadmap
Fixed price
12.500€ (plus tax)
Briefing Call
We hold a 30-minute meeting with you to clarify the relevant topics and expectations and agree on the necessary documents
Engagement
You receive an offer from us and commission us accordingly.
Analysis
You provide us with the necessary information via a questionnaire. We analyze the topics and prepare the session
Session
We examine together the challenges relevant for you in a 3-hour session (video conference or face-to-face event at HELIX HUB, Berlin)
Result
You will receive a result documentation in the form of a PowerPoint presentation

Implement

We enable you to implement your roadmap and support you to take all the necessary measures to efficiently move your health data to the cloud.

Deep Dive Workshop

Book a meeting
Workshop

Empower Your Business with our “Deep Dive”

Starting with the roadmap, we guide you through the requirements of implementing a cloud solution for health data in a 2 day workshop. Knowing your specific needs and challenges, we check off all the boxes on your roadmap and define the necessary checklists and templates together with you.

The workshop includes the following modules:

  • Detailed checklists for the implementation of individual roadmap blocks
  • Contract Templates
  • Templates for data privacy documentation (e.g. for requests from data subjects, data breaches or transfer impact assessments)
  • Samples and checklists for organizational implementation measures (e.g. access rights, personal training) or technical implementation measures (e.g. encryption)

Target
One client
Setting
2 day workshop
Output
Customized documentation

Evaluate

Let us evaluate your organization and receive a report from us on your fully compliant health data processing implementation in the cloud. Our expertise and reputation can help you in the dialogue with authorities and customers.

Evaluation

Book a meeting
Consulting

D+C Evaluation for Compliance

Our confirmation process

  • We evaluate all your documentation
  • We identify necessary improvements
  • We confirm your data privacy conformity

What can you use it for?

  • Show customers that you have taken every measure to ensure privacy compliance
  • Be ready to prove to authorities that you have carefully and extensively assessed the applicable legal framework when setting up your cloud services

Target
One client
Setting
Tailored
Output
Evaluation report

On-Demand Support

Do you need specific on-demand advisory? Let us accompany you in the transition to cloud with confidence.

Individual Consulting

Book a meeting
Consulting

Secure Your Health Data with our on-demand Consulting Solutions

We provide answers to your specific legal questions that arise during the implementation of cloud services. Our consulting services are tailored to you – be it the preparation of presentations, legal memos or legal opinions. We are solution-oriented and work closely with you – always ensuring full compliance for your results.

Target
One client
Setting
Tailored
Output
Demand-specific

Why D+C

With our deep understanding of relevant regulations and industry standards, we empower our clients to make informed decisions and ensure smooth implementation in the cloud.

Attorney-at-law | Managing Partner
M.D., J.D., General Practitioner, one of the leading lawyers for social and medical law in Germany.
Attorney-at-law | Senior Associate
Expert in IT- and data protection law, providing advice to stakeholders on the legally compliant design of data processing procedures and contract drafting.
Strategy Consultant
Health economist with focus on the digital transformation of providers and payers in the German healthcare and social security sector.

Legal + Strategy + Communications

We combine legal consulting with strategic thinking and political communication

Extensive network

We are well connected with decision makers and stakeholders of the German healthcare system.

Interested? Let us guide you safely into the cloud.

Contact us and we will get back to you.

Dominik Humm
Strategy Consultant
Book a meeting

Contact

    You can find information on the processing of your personal data in our privacy policy.