DevTypes of processed data (article)
teamplay Images APIs (article)
The teamplay digital health platform offers different privacy levels that allow you and your customers to reduce the amount of identifying patient information when uploading data from a clinical institution through the teamplay Receiver to the cloud.
For data that is kind of bypassed and directly uploaded from a partner application to the teamplay Data Storage by using our cloud-based APIs - without using a local teamplay Receiver - , the application owner is responsible to comply with regional laws and regulations regarding data privacy requirements.
Additional contractual requirements from Siemens Healthineers may apply in order to offer clinical customers transparency about data processing and to protect their interests if they are already connected to our teamplay digital health platform via a teamplay Receiver.
Each privacy level controls the way of minimizing data along the associated DICOM attributes. The specified attributes are kept or replaced by a pseudonym or reduced in their preciseness. A privacy level is based on an “allow“-list. Attributes that aren´t specified for a privacy level aren´t retained in the uploaded or downloaded images.
Depending on the selected privacy level of a clinical institution or an application, different data minimization steps are applied to the content of DICOM images. Data minimization can happen in the following scenarios:
Prior to data upload by the teamplay Receiver and related plugins.
Prior to data download / receival requested by a cloud application.
For the download of DICOM images, you decide for your application with each download request which privacy level you like to apply. Depending on the selected privacy level, data such as patient identifiers are minimized to different degrees. For the different privacy levels, the probability of re-identification of patients varies. As an API consumer, you´re responsible to define proper privacy levels in your API requests depending on your use cases, your customer preferences and depending on regional laws and regulations.
Supported privacy levels are, for example:
Standard
High
Restrictive
See the complete list of privacy levels and their minimization concept below.
teamplay Images APIs (API product)
For the teamplay digital health platform, there are the following privacy levels.
By choosing this privacy level, you minimize directly identifiable patient information such as the patient name. Instead, to allow further processing, only a pseudonym of the patient ID is kept. Nevertheless, by combining the available indirect patient identifiers such as age, size, weight as well as the date and time of examinations combined with further external information, in some rare cases, it might be still possible to re-identify a patient.
With this privacy level, you remove even indirect patient identifiers such as age, weight, and size. For this privacy level, the indirect identifiers are replaced with less precise values or removed at all. For example, the institution information isn´t retained at all. This extended data minimization approach further reduces the statistical possibility of re-identification of a patient.
With the restrictive privacy level, even the patient pseudonym isn´t used. With this privacy level, the age cluster instead of the real age is retained. The examination date is mapped to 1st day of the month. This data minimization approach greatly reduces the likelihood of statistical re-identification of a patient. Thus, the probability of re-identification is reduced to a minimum and the anonymity for very important persons (VIPs) is possible.
(not applicable for the download of DICOM images)
With this setting, DICOM images will be taken as it is - without any data minimization. Non-minimized DICOM images contain several types of personal data, such as information about patients and involved healthcare personnel. Before processing such DICOM images, please ensure that all legal requirements are met, including a proper legal justification.
(not applicable for the download of DICOM images)
With this privacy level, you can choose from a list of customized privacy profiles. This option supports dedicated use cases and isn´t visible for all institutions. No general statement with regard to privacy can be given. The “Allow”-lists of privacy profiles can be modified by the following additional options:
Applications can offer additional configuration options to their customers. Use this option to allow dedicated exceptions from data minimization for dedicated DICOM tags. By specifying the privacy level extensions, you modify the level specified in the privacy level input parameter. You can provide more than one of the following values separated by comma.
Enabling this option retains the original information of the DICOM UIDs. DICOM UIDs are DICOM tags with a value representation Unique Identifiers (UID). This means that the Study Instance UID, Series Instance UID, SOP Instance UID, and other DICOM UIDs aren`t changed. In addition, this extension retains the accession number. Retaining these UIDs supports you to identify a study by its Study Instance UID or the accession number in the user interface of teamplay Images as well as in other cloud applications.
The value of the DICOM attribute Patient's Age (0010,1010) is kept. Depending on the systems generating the DICOM images, note that the age value can be stated in days, weeks, month, or years. Age in days together with the examination date allows you the calculation of the date of birth.
Selecting this option retains information about healthcare personnel involved in this study.
You can also decide to minimize uploaded or downloaded DICOM data differently in your own responsibility.