The patient is the person using the Doctena services directly or indirectly through the practitioner to find and manage their medical appointment. In GDPR terms, the patient is always the data-subject (final owner of personal data) and always has the right to define what happens with its data unless there are legal obligations to the request (eg. court order, criminal investigation, …)
The practitioner is the person or legal entity that sub-contracts Doctena to provide them an online agenda and to collect the related patient data. The practitioner is the final receiver of the patient’s data (DOCTOR-PATIENT) and defines the purpose of processing and data collection. It is their responsibility to ensure the patient data is handled securely and according to the regulation when selecting sub-contractors like Doctena or a Doctena connected gateway partners. This security enforcement is done in good confidence and by the use of data processing agreements provided by Doctena that clearly define what Doctena is allowed to do with the data in name of the practitioner, and what is the level of security Doctena implements to protect this data.
In GDPR terms, the practitioner is always the controller (Main responsible) of the patient data and the related appointment data (DOCTOR-PATIENT)
Many different medical softwares exist and are in use by practices/cabinets internally. Gateway partners are legal entities (sometimes the same as the medical software provider) that are specialized in linking some data from the medical software with the Doctena services. For integrations with Doctena only the practitioner’s data (DOCTOR-PATIENT) is concerned. This can be from the medical software to Doctena, from Doctena to the medical software, or in both direction depending on the needs of the practitioner. Doctena also provides external plugins like calendar synchronisations (e.g. Cronofy) that sync Doctena agenda’s to exchange, gsuite, outlook, … which are also considered as gateway partners.
In GDPR terms, Gateway partners are always processors (sub-contractor) of the practitioner. The practitioner must have a data processing agreement in place with the gateway partner in which the practitioner clearly defines what can be done with their data and for what purpose and how it is secured. Gateway partners are seen by Doctena as a sub-processor of the practitioner which received the credentials/permissions to act on their behalf. Therefore, no special data processing agreement is required between Doctena and the Gateway partner, unless there is a special additional personal data processing involved that requires additional arrangement.
The Doctena group refers to Doctena S.A. and its subsidiaries in the different countries:
Doctena SA – 6 Rue Adolphe, L-1116 Luxembourg (Luxembourg)
Doctena Austria (formally a3L e-solutions) – Mooslackengasse 17, A-1190 Wien (Austria)
Doctena Belgium Sprl – Square de Meeus 37, B-1000 Bruxels (Belgium)
Doctena Switzerland GmbH – Hagenholzstrasse 83b, 8050 Zürich (Switzerland)
Doctena Germany GmbH – Platz vor dem Neuen Tor, 10115 Berlin (Germany)
Doctena Netherlands BV – Barbara Strozzilaan 201, 1083 HN Amsterdam (Netherlands)
Doctena Afspraken Sprl – Square de Meeus 37, B-1000 Bruxels (Belgium
Data processing agreement
We have prepared a Data Processing Agreement (DPA) that is the same for all our customers, which you as practitioners (data controller) can sign with Doctena (data processor) to define how Doctena is allowed to use your data. As part of GDPR practitioners are required to have such an agreement in place with all of their sub-contractors to comply with the regulation, and you should add it to your own GDPR documentation. The DPA describes the GDPR terms, roles and the obligations of the data processing for both the processor and the controller. It includes most of the information we describe in this article.
Click here to sign your Data processing agreement with Doctena
Download sample PDF for Data processing agreement with Doctena
If you are using a gateway integration into our system, you need to make sure you have a data processing agreement in place with this integrator in which you clearly give the mandate to the integrator that you as a data controller allow the integrator to act on your behalf onto your Doctena resources
Doctena defines the following services as part of the sub-contracted processing activities which are always to be taken together:
(i) Management of patient’s data regarding his/her doctors’ appointment and follow-up services;
(ii) Management of the doctor’s agenda/calendar; Including Gateway interfaces used by Gateway partners.
(iii) Management of the IT infrastructure, software, maintenance and administration related to the Principal Agreement services.
The nature of operations carried out on the data for the purpose of (i), (ii) and (iii) are:
Collection, storage and modification of personal information of patient required by the doctor to organize the appointment
Search of patient account using one of its stored personal data
Communications with data subject regarding appointment using email or (mobile) number
Data imports into Doctena services using Doctor provided structured data (e.g. Onboarding)
Automated backup of data
The category of data subject is: Patients.
Because there are multiple types of data that can enter into our systems as part of your usage, we include the most common data categories typically used in our system as part of the data processing agreement. This does not mean you or patients are obliged to share all types of data, but that Doctena is authorized to process on behalf of the practitioner in case it is entered into our doctor/patient notes or during general use of our system. These are the categories and types of data that can be collected by our service:
Personal data of identification: name, title, email, address (private and professional), previous addresses, (mobile) phone number (private, professional), identifiers attributed by
2. Personal details: age, sex, date of birth, place of birth, registry office and nationality;
3. Data of electronic identification: IP addresses, cookies, moments of connection, electronic signature;
4. Data relative to the care: data relative to resources and procedures used for the medical and paramedical care of the patients (e.g. doctor/patient notes, reason of visit);
5. Details of the other members of the family or the household: children, supported people, other members of the household, information on parents and relatives;
6. Pseudonymization: Controls to protect Confidentiality, Integrity and Availability of data (e.g. hashed credentials).
7. (only if option is activated) Data of identification: emitted by public services, e.g. national identification number, social security number, number of ID card, passport.
When we work with external partners or subcontractors, we require them to apply at least the same security standards as us. We don’t want to have any weak links in our production and operation chains when it comes to security. Doctena publishes a list of its own sub-contractors (cloud, sms, email services…) as part of its data processing agreement. These sub-contractors have been selected on their compliance with the security and privacy rules. We maintain our own data processing agreements with each of these processors (sub-contractors) where we define the purpose of processing and where we enforces at least the same level of security/privacy as is promised to the practitioners in the principal data processing agreement. The processors (sub-contractors) of Doctena are forbidden to process or transfer data in a third country (countries outside EU/EEA, except if they have a valid adequacy decision by the European commission on the protection of personal data). Any change of processor (sub-contractor) of Doctena will be communicated to all controllers (practitioners) who get 14 days to object this change before it is implemented.
Due to the legal medical data retention obligations in the different countries where Doctena is active, we decided that all data is stored for 10 years and then anonymized automatically. Data can also at any time be anonymised by the practitioner using the online agenda.
Data subject rights
To facilitate both patients and practitioners to answer frequently asked questions regarding GDPR and to allow them to execute their rights, we have put in place our own Doctena privacy center. Our privacy center will ask you some questions to help you to quickly point you to the information you are looking for.
Open the Doctena privacy center
When we receive requests to execute GDPR rights (right to rectification, right to deletion, …) these requests are processed and validated internally by the Chief information security officer (CISO) or specially trained support officer. If the request is valid, two types of actions can take place depending on the type.
For DOCTOR-PATIENT related requests, the request is always forwarded to the controller (practitioner). Only if they give their explicit consent for the action, Doctena will execute the request.
For DOCTENA-ACCOUNT related requests, the request is executed without involvement of the practitioner
Doctena will notify the controller (practitioner) per email of any personal data breach not later than 48 hours after having become aware of it. The notification will be sent along with any necessary documentation to enable the controller (practitioner), where necessary, to notify this breach to the competent supervisory authority.
Data processing and storage location
Doctena’s server infrastructure is hosted on Amazon Web Services and only uses data centers located in the Frankfurt region (eu-central-1) to ensure the data never leaves the EU. Amazon Web Services is fully compliant with GDPR for which you can get additional information on the link below.
Why an external data protection officer?
We could have chosen to assign an internal DPO, but because we wanted to be very transparent to the patients, practitioners and authorities, we chose to assign this role to an external impartial company that is specialized in data privacy and the evolution of the regulation. They act as intermediate between data subjects (patients) and Doctena to ensure the patient’s rights are properly executed. Upon non-compliance by Doctena, the DPO has the obligation to notify this to the related authorities. This forces us to stay on top of the requirements and their yearly audits and our regular meetings helps Doctena to remain compliant
Kemal Webersohn, LL.M
WS Datenschutz GmbH
10719 Berlin (Germany)
Fax : +49 30 88 72 07 88