Particular security measures for medical data: The data privacy concept

Because of SPICS web-based architecture all data processed within the platform is stored in a centralized database operated by a single server, nevertheless the installation of an autonomous instance only within an organization’s intranet is also possible. Due to the processed data’s characteristic as medical data, special data security measures have been taken, in order to ensure data confidentiality and integrity. The greatest focus during the design and the development of the platform was set on a secure implementation according to the state-of-the-art in software engineering, taking into account the Austrian as well as the European data protection regulations.

The following data security measures have been taken:


The data stock separation in detail

According to the data privacy concept, the whole medical data pool is divided in two parts: personal data and pseudonymous treatment data. Each of these data pools is stored in a technically, organizationally and personally completely independent data center. One of those service providers only stores the pseudonymous medical treatment data, whereby each patient just can be identified by an assigned pseudonym. The other data center provides the so called service „patient register“, which enables the assignment of a pseudonym to the appropriate person. Only within the browser of an authenticated user, the pseudonym will be replaced by the corresponding personal data provided by the patient register.

Therefore this concept guarantees the confidentiality of the whole data pool, because its betrayal required the compromising of two completely independent data centers.