- Full Service
- Individual, efficient solutions
- Transparent Pricing Structure
- International legalilty guaranteed
- There when you need us
15+ years
of legal practice
Specialised
in data protection
Award winning
legal practice in Germany
International
clients in over 35 countries
Increasing pressure to protect patients’ data
Hospitals, clinics and doctors’ surgeries collect, process and use the highest amount of Sensitive Personal Data of all branches. This mainly includes data regarding the health of patients, which are specifically protected not only by medical secrecy, but also by the European GDPR as so-called special categories of Personal Data. Moreover, increasing competitive pressure with high expectations dominates this sector.
Our data protection services for you:
Data Protection for the Healthcare and Hospitals
3 steps to legal consultation
Simply fill out this form and one of our team will contact you to organise a free of charge, no obligation call.
Hospitals and clinics must take steps to secure patient data
Information about hospitals‘ and clinics‘ contractual obligations with patients, health insurance funds, and other service providers is often buried deep in lengthy legal documents. However, it’s important to be aware of these obligations in order to ensure that data is processed in a compliant manner.
One such obligation is the contractual provision of information security. In order to protect patients‘ data, hospitals and clinics must take steps to secure their networks and systems against unauthorized access. They must also ensure that only authorized personnel have access to patient data, and that data is properly secured against accidental or unauthorized access, alteration, or destruction.
Another important contractual obligation is the provision of notice in the event of a data breach. If there is a breach that results in the unauthorized access, use, or disclosure of patient data, the hospital or clinic must notify both the affected individuals and the relevant authorities as soon as possible. Failing to do so can result in significant fines.
Modern services, new obligations
In order to meet these obligations and the increased demands of patients towards a modern service company, the operators of hospitals, clinics or medical care centers are more than ever required to design and implement an efficient Data Protection Concept. Additionally, they should observe the limits set by the legislator and the courts for the handling of patient data. Sensitive Data of patients, but also of doctors, nurses and service providers require special protection.
Do you need an External Data Protection Officer?
Five steps to full service compliance:
Introduction of your company and KINAST as well as the relevant contact persons. Discussion of the current data protection setup and most important data protection topics.
We conduct data protection audit on-site or based on questionnaires to evaluate the current data protection status of your company.
Document the current data protection status and define further required actions if necessary.
We carry out all necessary measures identified during the data protection audit.
Designation as External data protection officer and on-going consultation starting from day 1.
From the doctor’s practice to the Medical Care Center (MCC, GER) or the clinic and hospital, we can advise as an External Data Protection Officer to ensure compliance with all Data Protection Regulations.
Our service to you
How we help clients with data protection in the healthcare branch
We are happy to advise and support internal Data Protection Officers or specialist departments in your data protection projects. For example, in terms of preparation of certifications (e.g. KTQ certifications), employee training, the drafting of data protection manuals or the introduction and design of hospital information systems (HIS). This also includes, among other things:
- Drafting or revision of necessary guidelines, work instructions, declarations of commitment and declarations of consent
- Monitoring the proper use of data processing programs that process personal data. In particular hospital information systems and their data protection-compliant allocation of roles and access rights
- Staff training (e.g. for nursing staff, telephone exchange staff)
- Contact for patients and other third parties regarding Data Protection
- Data Protection support for employees (e.g. dealing with official enquiries, requests for inspection of medical records and other information claims by third parties, transfer of patient data within and outside the hospital/clinic)
- Data Processing of patient data on behalf of another controller
Your data protection experts for the Healthcare & Hospitals branch
Laura Graßie
Managing Director | Attorney at Law (Germany)
Max Sion
Attorney at Law (Germany)
Filiz Gürsoy
Business Lawyer
Jan Rübsteck
Managing Director | Attorney at Law (Germany)
Benefit from our experience in the field of Data Protection for Healthcare & Hospitals
We work efficiently and with the clear goal of protecting your processes best possible. Get in contact with us without obligation to benefit from our experience in the field of Health care & Hospitals.
Send this page to a colleague?
Find out more about our individual services
Data Protection
Officer
Our Lawyers act as External Data Protection Officers (DPO) for small and medium-sized companies, associations, institutions and international corporations.
Data Protection
Manager
Working alonside a DPO, our Data Protection Managers help to implement data protection guidelines and ensures orderly and up to date documentation of your GDPR compliance.
Data Protection
Auditor
Regular data protection audits ensure that your business continues to process and store personal data in a manner that’s compliant with ever changing data protection laws.
