What data protection requirements must a DiGA meet?
A DiGA must comply with the data protection requirements in accordance with the General Data Protection Regulation (GDPR) and national regulations. This includes permissible purposes of data processing and ensuring data security. The purposes include detecting and treating diseases, monitoring health status, improving structural and procedural processes or documentation and traceability.
What data security requirements must a DiGA fulfill?
Data security requirements are a key aspect in the development and operation of a DiGA. Comprehensive measures must be taken to ensure the integrity, confidentiality and availability of the processed data. These include, for example, encryption, access controls, data backup, training and awareness-raising.
How is the interoperability of DiGAs ensured?
DiGAs must be interoperable, i.e. they should use specific data formats and structures that enable information to be exchanged correctly and comprehensibly. They should also use defined, generally recognized technical standards. These are rules and protocols that ensure that different software programs and systems can communicate with each other.
It is also important that DiGAs are developed in such a way that they can be seamlessly integrated into existing systems and databases in the healthcare sector.