Table of contents
- Why do we perform DPIAs?
- Nature of the Processing
- Scope of the Processing
- Context of the Processing
- Purpose of the Processing
- Experts we Consult
- Necessity and Proportionality
- Identified Data Protection Risks
- Risk-reducing Measures
LAST UPDATE: July 16, 2021
As stipulated in the General Data Protection Regulation (GDPR, 2016/679), we regularly assess our ability to keep your data secure by systematically analyzing and minimizing risks. These so called Data Protection Impact Assessments or DPIAs are performed for all existing and new Byteflies services. In the interest of full transparency, we provide a public DPIA. This is a summary document, meaning that certain confidential information (e.g. exactly how we secure specific devices and systems) are not disclosed as we do not want that information to end up in the hands of bad actors.
Byteflies performs DPIAs because we work on new technologies (GDPR, Article 35), specifically 1) wearables that collect health-related information; and 2) artificial intelligence for clinical-decision support.
- Data is collected from various medical biometric sensors.
- Byteflies Cloud captures this data, organizes it, and authenticates access of users and other applications.
- A Care@Home Hospital application imports relevant data from Byteflies Cloud, runs analytics to derive clinical insights relevant for that patient population, and presents this information to a healthcare professional.
- A Care@Home Patient application assists users with using the medical sensors, and can also be used to self-report health information to the healthcare provider, and certain health-related information back to the patient if authorized by their healthcare provider.
- An optional integration with a medical record system (EMR) can be enabled to make sure healthcare providers have all data available they need to make an informed clinical decision, as well as archive data and reports generated by Care@Home in the EMR. However, data from medical record systems is never permanently stored on Byteflies servers.
We process personal data (as required to provide our services) and so-called “special categories of personal data” (GPDR, Article 9), specifically for preventive medicine, medical diagnosis and the provision of health care. We collect data in the EU and the US, and apply the more strict EU rules world-wide. The data we collect is either pseudonymized or anonymized:
The personal and health-related data is associated with a unique identifier. This unique identifier allows a healthcare provider to link the data to a patient record in order to provide them with health care. Pseudononimized (also known as de-identified) data is stored for as long as the patient is actively using a Byteflies Care@Home application and for a certain period after they stop using the application. Typically this time period is three months but the exact duration of data storage is determined by the healthcare provider and the data processing agreement we sign with them, and is always clearly communicated to the patient.
After the pseudononymized data storage period expires, all personal data is permanently destroyed from our servers. Only the raw anonymous sensor data is retained for two purposes:
- To continue to improve our products on the condition that the patient provided consent for using the data in this manner.
- To monitor the safety and performance of our products in the real-world, as determined in our ISO 13485 compliant post marketing surveillance plan.
This also means it is not possible to re-associate anonymous data with a specific individual unless the healthcare provider decided and is allowed to store the collected data under their governance (and their servers).
Our relationship with individuals we collect data for is two-fold.
- A healthcare provider acts as a data controller (GDPR, Article 24) and Byteflies as a data processor (GDPR, Article 28). In that context, Byteflies provides its services to the healthcare provider so they can administer health care to the patients under their care.
- Byteflies acts as a data controller on the condition that the individual gave their consent. This could be in the context of a research or clinical study (pseudononymized), or in order to monitor the safety and performance of our products, and continuously improve them (anonymized).
Health care is decentralizing and digitizing at a rapid pace. To quote the Digital Medicine Society: Virtual first care (V1C) is medical care for individuals or a community accessed through digital interactions where possible, guided by a clinician, and integrated into a person’s everyday life.
Our mission is to make health care more personal, proactive, accessible, affordable and equitable, especially for people with chronic conditions, by providing services to assist healthcare providers in their clinical decision making. All our data collection and processing efforts serve that mission.
Long-term monitoring of relevant digital measures of health and disease, in and outside traditional care environments, is critical to improve the standard of care for many chronic conditions. Individuals that participate in a Care@Home program will benefit directly from the processed data as it will assist their healthcare provider in continuing and improving their care.
The digital measures and derived clinical insights generated by a Care@Home program are tailor-made for specific disease indications, in order to provide longitudinal and high-quality data to healthcare providers to assist them in clinical decision making, and provide them with versatile tools to extend the administration of care beyond the hospital walls.
Continuously improve the performance, quality, and safety of our products so we can achieve our mission objectives.
We are certified to develop and produce medical devices, which means that we have a Quality Management System (QMS) that manages all aspects of product development, including data governance and security.
We regularly engage with the following individuals and organizations who consult us on or audit our security practices:
- Regulatory organizations (e.g. FDA)
- Notified bodies (e.g. during audits)
- Information Security consultants
- Audits by collaborators (e.g. pharmaceutical companies)
- Hospital Data Protection Officers (DPOs)
Our lawful basis to process the data is described in GDPR Article 9, Clause 2(h) & 3:
Processing is necessary for the purposes of preventive or occupational medicine, (…), medical diagnosis, the provision of health or social care or treatment (…);
(…) those data are processed by or under the responsibility of a professional subject to the obligation of professional secrecy under Union or Member State law or rules established by national competent bodies or by another person also subject to an obligation of secrecy under Union or Member State law or rules established by national competent bodies.
For each Care@Home program, the type and extent of data that needs to be collected to provide high-quality care is discussed with domain experts (e.g. neurology, cardiology, etc.), and clearly communicated in either an informed consent or product brochure to the patient, depending on the context of data processing.
We sign and maintain Business Associate Agreements with our cloud provider, and any data collected on EU citizens is never transferred outside the EU.
The most likely cause is the unsafe storage of log-in credentials by a healthcare provider, which could lead to an unauthorized individual getting access to the data of individuals under the care of that provider.
We mitigate this risk by encouraging good security practices by the healthcare providers we work with and explicitly define each party’s responsibility in a service agreement and data processing agreement (DPA). In addition, we have various mechanisms to monitor for unauthorized access and suspend or revoke user credentials if needed.
We consider the probability of this happening and the residual risk after mitigation low.
Because the entire chain from sensor data collection to presenting processed data to users is using advanced industry-standard encryption technology for both storage and transit, it is almost impossible for a bad actor to modify the sensor data. The most likely place where this could happen is when users are asked to fill out feedback or symptom surveys but the modification would need to occur during data input, e.g. require physical or remote access to a personal mobile device or computer. A secondary cause would be an undetected malfunctioning sensor that modifies the recorded data in a way that is not noticed by the expert user.
In an extreme case, this could lead to an incorrect clinical decision based on the collected data. Care@Home programs are not used to administer care for acute or life-threatening conditions. In addition, the collected data is verified using quality control algorithms, and all data can always be reviewed by medical experts to identify abnormal results.
We consider the probability of this happening and the residual risk after mitigation low.
Technical issues (e.g. bad WiFi connection, sensor malfunction, electrical outages) could block the device from working correctly and might lead to loss of data, and thus interfere with the ability of the healthcare provider to make an informed clinical decision. The product is designed with resilience and integrity in mind to reduce the likeness of this happening and mitigate this risk.
Because Care@Home programs are not used to administer care for acute or life-threatening conditions we consider the residual risk after mitigation low. The probability of this happening will depend on a number of circumstances, including the ability of the user to use the product correctly. We consider this probability low and have monitoring mechanisms to intervene in case it would happen more frequently under specific circumstances.
- Byteflies is ISO 13485 certified for the design and production of medical device hardware and software and has an EU and US-compliant Quality Management System.
- Byteflies has a dedicated Data Privacy Officer (DPO) who is responsible for safeguarding our adherence to all applicable privacy and data security laws.
- Byteflies has a Chief Medical Officer (CMO) who is responsible for safeguarding our adherence to good clinical practice (GCP).
- All Byteflies products adhere to the Least Priviliged and Four-eyes principles, and use rigorous encryption standards.
- Byteflies’s QMS stipulates the iterative and risk-management processes that we apply to all our product design and production activities.
- Byteflies has incident management and data breach procedures.
- All data, at rest and in transit, is encrypted using industry standards.
- All data is either pseudononymized or anonymized, depending on the context of processing.
- If information from multiple data sources is merged to allow a healthcare provider to make an informed clinical decision, that data is never permanently stored in the same location.
- User authentication and authorization to any user-facing Byteflies application follows industry best practices.
- Access logs are kept to identify unauthorized or abnormal access patterns.
- All data is backed up through our cloud provider, Amazon Web Services. Backups never leave the EU for EU-based users.
- Byteflies has the ability to push firmware updates over-the-air (OTA) to our medical devices to mitigate any identified bugs and security issues.
- All Byteflies workstations and devices used to access high & critical risk systems are encrypted, configured with an automatic lock, and always up-to-date with the latest security updates.
- All Byteflies applications follow the OWASP guidelines at minimum and undergo yearly penetration testing by an independent consultant.
- Byteflies servers are secured and maintained via the processes followed by our cloud provider, Amazon Web Services.
- Byteflies office access requires a security token, and Byteflies production room access requires an additional security token. All door access is logged.