This document is intended for future and existing clients (practitioners) and Gateway partners. It describes where, why and how Doctena S.A. and its subsidiaries implement Security and Compliance for the services they offer.
The document begins with the compliance section, outlining the various roles and responsibilities that patients, practitioners, gateway partners, and Doctena have under the GDPR. This section also highlights some important elements of how we enforce compliance through data processing agreements.
The General Data Protection Regulation (GDPR) sets a high bar for protecting the integrity of the individual in the EU. The GDPR is the European Regulation for the protection of personal data, which applies to all organizations (including medical practices) operating within the EU, but also to all non-EU organizations that process data of people in the EU. The definition of personal data under the GDPR has been reduced to “any information that identifies an individual.” The goal of RGPD is to harmonize data protection laws in all EU member countries to enhance the integrity of the individual. The law has been in effect since May 25, 2018.
GDPR applies to both data controllers and data processors. The data controller is the party that determines the purposes and manner in which the personal data collected is processed. Whereas a controller is a third party who processes personal data on behalf of the controller. Doctena is very clear and transparent on this point: The practitioner is the controller and owner of his patient or appointment data
Roles and responsibilities
Doctena is both a data controller and a data processor but for different parts of the data.
As an online calendar company providing a service to practitioners, Doctena acts primarily as a data processor. We process the data on behalf of the practitioner who defines what happens to the data (modification, deletion, transfer, RGPD rights?) and the practitioner remains the owner of the data. This data includes patient profile, appointment data, and optional physician/patient notes related to appointments. This also applies when the practitioner sets up a synchronization with our services using a gateway provider.
For patients with a Doctena account, Doctena acts as the controller only for account data (preferences, name, address, phone, email, address, ratings, etc.) that are there only to facilitate the management of the patient’s appointments using our online services. With each booking, we essentially copy the data from the Doctena account into the patient’s profile and the physician’s appointment, from which this copy becomes controlled by the practitioner. As part of the Doctena account, we also control a logical link to the doctor’s appointments, which allows us to show the practitioners and the patient’s appointments.
Different flows of information
In the diagram below, you can see the three ways personal information can move from the patient to our systems.
The patient is the person who uses the services of Doctena directly or indirectly via the practitioner to find and manage his medical appointment. In terms of RGPD, the patient is always the Data Subject (final owner of the personal data) and always has the right to define what happens to his or her data, unless there are legal obligations to do so (e.g. a court order, a criminal investigation, …)
The practitioner is the natural or legal person who subcontracts Doctena to provide an online agenda and to collect patient data. The practitioner is the final recipient of the patient’s data (PATIENT PHYSICIAN) and defines the purpose of the data processing and collection. It is the responsibility of the patient to ensure that patient data is processed securely and in accordance with regulations when selecting subcontractors such as Doctena or a portal partner connected to Doctena. This securing is done in confidence and through the use of data processing agreements provided by Doctena that clearly define what Doctena is allowed to do with the data on behalf of the practitioner, and what level of security Doctena implements to protect that data.
In terms of GDPR, the practitioner is always the controller (primary controller) of patient data and appointment data (PATIENT PHYSICIAN).
Many medical software programs exist and are used by medical practices in-house. Gateway partners are legal entities (sometimes the same as the medical software provider) that specialize in linking certain medical software data with Doctena services. For integrations with Doctena, only the practitioner’s data (PHYSICIAN-PATIENT) are concerned. This can be done from the medical software to Doctena, from Doctena to the medical software, or in both directions depending on the practitioner’s needs. Doctena also provides external plugins like calendar synchronizers (e.g. Cronofy) that synchronize Doctena calendars for Exchange, Gsuite, outlook, … which are also considered as gateway partners.
In terms of GDPR, Gateway partners are always subcontractors of the practitioner. The practitioner must have a data processing agreement with the gateway partner that clearly defines what can be done with their data, for what purpose and how it is secured. Gateway Partners are considered by Doctena to be a subcontractor of the Practitioner who has been granted secrecy or authorization to act on their behalf. Therefore, no special data processing agreement is required between Doctena and the Gateway Partner, unless a particular processing of additional personal data is involved and requires an additional arrangement.
The Doctena Group refers to Doctena S.A. and its subsidiaries in the various countries:
Doctena SA – 42, Rue de la Vallée, L-2661 Luxembourg (Luxembourg)
Doctena Austria (formally a3L e-solutions) – Simmeringer Hauptstraße 24, A-1110 Wien (Austria)
Doctena Belgium Sprl – Square de Meeus 37, B-1000 Brussels (Belgium)
Doctena Switzerland GmbH – Hagenholzstrasse 81a, 8050 Zürich (Switzerland)
Doctena Germany GmbH – Kurfürstendamm 14, 10719 Berlin (Germany)
Doctena Afspraken Sprl – Square de Meeus 37, B-1000 Brussels (Belgium)
Agreement on data processing
We have prepared a Data Processing Agreement (DPA) that is the same for all our clients, which you as a practitioner (data controller) can sign with Doctena (data processor) to define how Doctena is allowed to use your data. Under GDPR, practitioners are required to have such an agreement with all of their subcontractors to comply with the regulation, and you should add it to your own GDPR documentation. The DPA describes the terms of the GDPR, the roles and obligations of data processing for both the processor and the controller. It includes most of the information we describe in this article.
If you use a gateway integration in our system, you must ensure that you have a data processing agreement in place with that integrator in which you clearly mandate to the integrator that you as the data controller allow the integrator to act on your behalf on your Doctena resources
Doctena defines the following services as part of the outsourced processing activities that must always be taken together:
(i) Management of patient data regarding their medical appointment and follow-up services
(ii) Management of the physician’s agenda/calendar
(iii) Management of the IT infrastructure, software, maintenance and administration related to the services covered by the Master Agreement.
The nature of the operations performed on the data for the purposes of the points (i), (ii) and (iii) is as follows:
Collection, storage and modification of personal patient information required by the physician in order to arrange the appointment
Searching for a patient’s account using any of its stored personal data
Communications with the Person concerned about his/her appointment using the e-mail address or (mobile) telephone number
Data imports into Doctena services using structured data transmitted by the physician (e.g. Onboarding)
Automatic data backup
The category of Persons concerned is: Patients.
In order to provide the services mentioned in (i), (ii) and (iii) the Processor is authorized to process, on behalf of the Controller, the following categories of necessary personal data, based on the data transmitted by the Controller and/or the Data Subject:
Personal identification data: name, title, e-mail address, address (private and professional), former addresses, telephone number (mobile) (private and professional), identifiers assigned by the Data Controller
Personal information: age, gender, date of birth, place of birth, registration office and nationality
Electronic identification data: IP addresses, cookies, connection times, electronic signature
Care data: data on resources and procedures used for medical and paramedical care of patients (e.g. doctor/patient notes, reason for visit)
Information about other family or household members: children, dependents, other household members, information about parents and relatives
Pseudonymization: controls to protect the confidentiality, integrity and availability of data (e.g. hashed password)
(only if the option is activated) Identification data: issued by public services, e.g. national identification number, social security number, identity card number, passport
When we work with external partners or subcontractors, we require that they apply at least the same security standards as we do. We don’t want to have any weak links in our production and operating chains when it comes to safety. Doctena publishes a list of its own subcontractors (cloud, sms, messaging…) as part of its data processing contract. These subcontractors have been selected on the basis of their compliance with security and confidentiality rules. We maintain our own data processing contracts with each of these processors, in which we define the purpose of the processing and apply at least the same level of security and confidentiality as promised to practitioners in the main data processing contract. Doctena’s subcontractors shall not process or transfer data to a third country (countries outside the EU/EEA, unless they have a valid adequacy decision from the European Commission on the protection of personal data). Any change in Doctena’s data controller (processor) will be communicated to all data controllers (practitioners) who have 14 days to object to the change before it is implemented.
Due to the legal obligations to keep medical data in the different countries where Doctena is active, we have decided that all data is kept for 10 years and then automatically anonymized. The data can also be anonymized at any time by the practitioner using the online diary.
Rights of data subjects
To make it easier for patients and practitioners to answer frequently asked questions about the GDPR and to enable them to exercise their rights, we have set up our own Doctena Privacy Center. Our privacy center will ask you a few questions to help you quickly find the information you are looking for.
When we receive requests to enforce RGPD rights (right of rectification, right of deletion, …), these requests are processed and validated internally by the Information Security Manager (ISSM) or a specially trained support manager. If the request is valid, two types of actions can take place depending on the type.
For requests relating to MEDICINE-PATENTS, the request is always forwarded to the controller (practitioner). Doctena will only execute the request if the client gives his explicit consent to the action.
For requests linked to the DOCTENA-COUNT, the request is executed without the intervention of the practitioner
Doctena will notify the controller (practitioner) by email of any personal data breach no later than 48 hours after becoming aware of it. The notification will be sent with all the necessary documentation to enable the controller (practitioner), if any, to notify the relevant supervisory authority of the breach.
Location of data processing and storage
Doctena’s server infrastructure is hosted on Amazon Web Services and uses only data centers located in the Frankfurt area (eu-central-1) to ensure that data never leaves the EU. Amazon Web Services is fully compliant with the GDPR for which you can get more information at the link below.
We could have chosen to assign an internal DPO, but because we wanted to be very transparent with patients, practitioners and authorities, we chose to assign this role to an impartial external company that specializes in data protection and regulatory developments. This company acts as an intermediary between the persons concerned (the patients) and Doctena in order to guarantee the proper execution of the patient’s rights. In case of non-compliance by Doctena, the DPO is obliged to inform the relevant authorities. This requires us to stay on top of the requirements and their annual audits and our regular meetings help Doctena stay compliant.
Kemal Webersohn, LL.M
WS Datenschutz GmbH
10719 Berlin (Germany)