DevData classification is an important tool for us to efficiently and securely run the teamplay digital health platform as well as to effectively manage the compliance with regional laws and regulations - especially in regard to data security and data privacy.
In the following, we list major data classes that the teamplay digital health platform, your connected applications and your users are able to process and generate.
Data privacy policy (Siemens Healthineers)
Data protection (European Commission)
European Privacy Seal (EuroPrise)
Cybersecurity (Siemens Healthineers)
Authenticating your application users (article)
Secure data is very important to us. “Privacy by design and by default” is a core principle motivating us daily in development.
The teamplay digital health platform and most probably also your applications frequently use personal information, especially health information, to improve performance and usability as well as to drive innovation and new products and services.
Such personal data is often generated by our customers, for example by hospitals that provide data as part of a collaboration or that generally upload their data to the teamplay digital health platform. Your application or other connected companies might also process personal data. Also in the context of data retailers for test data or in case of government agencies that have to follow the requirements of the GDPR when collecting that data, personal data might be processed as well.
Before receiving health data from our customers, the customer needs to ensure that the legal basis for Siemens Healthineers using the data exists. The same applies when obtaining personal data from other third parties.
If the customer only provides us with anonymized data, which means data that does not relate to a person, where the data subject is not or no longer identifiable, the privacy restrictions do not apply.
According to laws of regional or national governments such as the European General Data Protection Regulation (GDPR), personal data our customers shared with the teamplay digital health platform or with your application in the course of providing service to them may only be used for the purposes that the customers explicitly agreed on and not for other purposes (purpose limitation).
For the teamplay digital health platform and its connected applications, implementing appropriate security measures is a key element of Privacy by Design.
You as the owner of your applications are responsible for the compliance to regional laws and regulations especially when processing personal data.
teamplay Images APIs (article)
Privacy levels for DICOM images (article)
teamplay Data Storage APIs (article)
In the clinical context, image data is output data from imaging modalities. If clinical image data is not completely anonymized, it can contain and represent a lot of personal data. The teamplay digital health platform stores and manages imaging data in the teamplay Data Storage that has been uploaded by clinical institutions through the teamplay Receiver or by partner applications through our teamplay Images APIs.
There are different options how to upload the data to the teamplay Data Storage.
Imaging data can be uploaded from the teamplay Receiver that is installed in the local customer infrastructure. In this case, the teamplay Receiver uploads the data according to the AET settings. The AETs are configured in the institution system for each imaging provider such as a PACS or scanners The to the teamplay Data Storage.
AET configuration details
The teamplay Receiver has been installed in the clinical system.
The teamplay Receiver has a DICOM Storage SCP with a dedicated AET.
Based on this configuration, teamplay Images can accept DICOM data that is actively send by any system in the institutional network.
The default AET for DICOM Storage SCP is: TEAMPLAYISHARE, port: 105.
Another source for uploading imaging data to the teamplay digital health platform is through the teamplay Images web application. The web client of teamplay Images offers a possibility to upload DICOM images through a web interface.
Prerequisites such as the following apply:
The clinical institution must subscribe to the teamplay Images product in advance.
The teamplay web application must be invoked through a browser from the institutional network.
The teamplay Images user in the institution must log into the teamplay portal with a valid teamplay account.
European Privacy Seal for Siemens Healthcare GmbH (EuroPrise)
teamplay Data Storage APIs (article)
The teamplay digital health platform stores and manages uploaded imaging data in the teamplay Data Storage. Imaging data is in most cases sensitive data and must be protected from any data violation or data privacy misuse.
Access control to stored imaging data
The teamplay Data Storage stores the imaging data and manages authorized access through dedicated teamplay API operations.
By default, partner applications in the teamplay digital health platform have no direct access to DICOM studies in the teamplay Data Storage.
Even after a temporary access has been granted, the institutional user in the teamplay portal can revoke the access, for example, by deleting the DICOM study from teamplay Images.
HIPAA and HITECH Acts (portal glossary)
Machine data is data that is generated on machines such as log files, status / processing details, or configuration data.
To comply with regional laws and regulations, your applications must log all activities with sensitive data or configurations in regard to data security and data privacy.
With the help of our APIs, you can add log entries for your application to the institutional audit trail.
Access to DICOM studies is granted, for example, based on generated data availability notifications that are sent to the partner applications.
In case of audits, dedicated events or to optimize their workflows and data flows, the institutional administrator can contact Siemens Healthineers to get access to their audit trails.