Hi Bill, to build upon Tidge's earlier point on Cybersecurity and Data Privacy, I will assume your software is not a MD, and will use the example of Zoom for use in Telehealth setting. You're lucky that I had to do a presentation on this for our company yesterday, so the info is fresh in my mind.
Is Zoom a MD? Obviously not. But it can be used in healthcare settings to facilitate tele-health conferences. Since it is only intended to display information, ie: Doctor and Patient face and video, and possibly display some medical information, here is what you should think about:
1. Cybersecurity. The directives are:
- NIS Directive 2016/1148
- EU Cybersecurity Act 2019/881
- Also recommend ENISA website. Have fun with this.
- Some standards to begin with: ISO 27799 or ISO 27001 series, those that apply in healthcare
- Do note that HIPAA is not recognised in the EU
2. GDPR: Personal Data Protection
- There was some dispute about EU-US Privacy Shield, not sure about specifics, but since you are based in the US, good to know
- Doctor Face, Patient Face, Patient Health Records, all these fall under 'data concerning health', and are regulated under Article 9 of the GDPR. This is important to note!
- Also, each individual EU state might have slight differences when it comes to application of the GDPR, good to check with your GDPR rep or EU rep
- Data transfer to third country: Would you need to setup a physical server location in the EU? Not sure, depends.
- maximilian schrems vs facebook. This is a good case study on why GPDR is important.
3. Software Development:
- Since it's not a MD, do whatever you want. Scrum Ninja Six Black Belt whatever
Sooo yep that's all I know about. Maybe others will point out some stuff not already covered. Have fun!
Is Zoom a MD? Obviously not. But it can be used in healthcare settings to facilitate tele-health conferences. Since it is only intended to display information, ie: Doctor and Patient face and video, and possibly display some medical information, here is what you should think about:
1. Cybersecurity. The directives are:
- NIS Directive 2016/1148
- EU Cybersecurity Act 2019/881
- Also recommend ENISA website. Have fun with this.
- Some standards to begin with: ISO 27799 or ISO 27001 series, those that apply in healthcare
- Do note that HIPAA is not recognised in the EU
2. GDPR: Personal Data Protection
- There was some dispute about EU-US Privacy Shield, not sure about specifics, but since you are based in the US, good to know
- Doctor Face, Patient Face, Patient Health Records, all these fall under 'data concerning health', and are regulated under Article 9 of the GDPR. This is important to note!
- Also, each individual EU state might have slight differences when it comes to application of the GDPR, good to check with your GDPR rep or EU rep
- Data transfer to third country: Would you need to setup a physical server location in the EU? Not sure, depends.
- maximilian schrems vs facebook. This is a good case study on why GPDR is important.
3. Software Development:
- Since it's not a MD, do whatever you want. Scrum Ninja Six Black Belt whatever
Sooo yep that's all I know about. Maybe others will point out some stuff not already covered. Have fun!
i've learnt so much here as well
