Seleziona una pagina

Data Protection FAQs

Preface

Data security and privacy protection is a high priority for Dental Wings. Since we are developing products, we support you in your data protection compliance.

The purpose of this document is to help clarify how Dental Wings products support you in maintaining data security and privacy protection of personal data and help you with your data protection compliance requirements. We have tried to answer the most frequently asked questions in regard to data protection as it relates to our products.

Should you have any additional questions regarding Dental Wings approach to data protection, please contact us at [email protected].

What is generally considered Personal Information or Personal Health Information?

« Personal Health Information » or « PHI » is generally defined as meaning identifying information about an individual, whether living or deceased, and in both recorded and unrecorded forms, and including information that (a) relates to the physical or mental health of an individual, including information that consists of the health history of the individual’s family; (b) concerns any health service provided to the individual; (c) concerns the donation by the individual of any body part or any bodily substance of the individual or information derived from the testing or examination of a body part or bodily substance of the individual; (d) is collected in the course of providing health services to the individual; or (e) is collected incidentally to the provision of health services to the individual.

« Personal Information » or « PI » generally means information about an identifiable individual, including Personal Health Information and includes (without limitation) any information that is “personal information” to that identifiable individual.

What does Processing mean?

« Process » or « Processing » generally means any operation or set of operations performed upon Personal Information, whether or not by automatic means, such as creating, collecting, procuring, obtaining, accessing, recording, organizing, storing, adapting, altering, retrieving, consulting, using, disclosing or destroying the data.

Who is a Protected Individual?

The « Protected Individual » is the individual who is the subject of the Personal Information collected, used and/or disclosed.

Does Dental Wings Process Personal Information from the Protected Individuals of my clinic?

Dental Wings does not Process Personal Information from Protected Individuals unless:

  • you actively share or store your patient cases via DWOS Connect, caseXchange, DWOS Synergy and DWOS Lab;
  • you connect to us for support via TeamViewer or PCVisit and share patient cases during those sessions.

What responsibilities regarding protection of Personal Information do I have when using Dental Wings products?

If you are a Lab or a Clinic, you are responsible to the Protected Individuals for the Personal Information that is entrusted to you, no matter if the Personal Information is on paper or in digital form.

Compliance is the respective Lab’s or Clinic’s responsibility. This means that as a Lab or a Clinic, you are responsible to comply with all appropriate legal and technical safeguards applicable to the Personal Information and you must ensure that any third party that you use to Process the Personal Information do so in compliance with all applicable privacy requirements in force in your jurisdiction.

What responsibilities lie with Dental Wings?

Dental Wings may Process, on behalf of Clinics and Labs, cases containing Personal Information, for instance, using DWOS Connect, caseXchange, DWOS Synergy or DWOS Lab. In doing so, Dental Wings acts as the health information network provider and/or agent of the Clinics and the Labs.

See our Privacy Notice and read more about Dental Wings’ responsibilities.

How do Dental Wings products support my clinic’s or lab’s Personal Information protection compliance?

No product can be compliant on its own. Compliance is established with the workflows and processes around the product, its configuration and usage.
Except for DWOS Lab, patient cases are always stored locally in your Clinic or Lab. However, if you are installing Dental Wings products based on Dental Desktop or Client/Server in a multi-client setup environment with the server located outside the Clinic or Lab, it is your responsibility to ensure that the server in which Personal Information is stored, is located within the country of data origin and complies with the applicable national data protection regulations.

For further details, see the Instructions for Use or contact our support.

How can Dental Wings products help me meet my obligation with regards to Protected Individuals rights?

The right of access and portability:
Dental Wings products provide functionality for exporting patient cases. Be aware that you might hold information about a Protected Individual outside of Dental Wings products. This information could be subject to a Protected Individual’s access requests as well.

Right to be forgotten:
Patients and their Personal Information can be completely deleted from Dental Wings products at your request.

What if I don’t accept the terms of the license agreements or the Personal Information protection provisions?

To be able to use Dental Wings products, you are asked to accept the product’s license agreement. Due to periodic improvements by regulators, we are obliged to adapt those agreements.

  • You are not by default non-compliant when using previous versions of Dental Wings products. However, you shall establish equivalent technical and organizational safeguards to assure Personal Information protection compliance.
  • We highly recommend upgrading to the most current Dental Wings product versions. You will experience more available functionality, improved performance and tighter security safeguards.

How are users able to access Dental Wings communication services?

To access Dental Wings communication services, user-authentication is required. Depending on the product, users have to authenticate with username and password or a hardware dongle.

What data do authenticated users have access to?

To ensure the security and protection of electronic patient health information (ePHI) users can only see their own data and data shared with them by other users.

How are files transmitted within communication services?

All communication services use encryption in transit, with the exception of older versions of Dental Wings software.

Are files transmitted encrypted?

Yes, data transmitted for communication are encrypted using TLS1.2 AES_256 to ensure any data intercepted during transit will be unreadable. This transfer protocol also contains a built-in integrity check to ensure data is not improperly modified during transmission. DWOS Synergy secures transferred data using a PKZIP password.

How are the transmitted files stored?

Dental Wings has multiple servers throughout the globe, each located in the country of origin of the corresponding data sender: Servers located in Germany and Ireland serve the EMEA region, servers in Japan serve Asia and Oceania, servers in China serve China, and servers in USA and Canada serve America.

Dental Wings servers are hosted by external service providers. Dental Wings has signed business associate agreements with those companies, whereby they commit to maintaining security and privacy safeguards for their data facilities.

Who has access to the data stored within Dental Wings communication services?

Besides the data owners, the only individuals that have access to data stored are the internal service technicians for system maintenance purposes and a selected number of support specialists to provide customer support. Access permissions are maintained and continually reviewed by a role manager.

How long is the data stored?

Data stored within Dental Wings communication services depends on the product. It ranges from 28 days to 90 days of storage. However, the data owner has the option of deleting any case data at any point.

Is the data stored within Dental Wings communication services backed up? How often?

All case data stored is backed up daily to ensure proper business continuity and disaster recovery. The coverage of the daily backups depends on the product but is normally only kept for two (2) weeks. The business continuity and disaster recovery servers for North America and Europe are located in Germany, France and Canada. For China, the business continuity and disaster recovery servers are located in China. Additionally, all case data is stored using redundant storage to protect against the accidental loss of data.

Additional organizational safeguards

The aforementioned data security and privacy protection safeguards have been implemented to ensure the confidentiality, integrity and availability of all electronic personal health information (ePHI) created, received, maintained or transmitted via Dental Wings communication services.

Dental Wings continually monitors our safeguards and procedures to ensure that they reasonably protect against all threats to the security and integrity of ePHI. This includes but is not limited to, contractual agreements with suppliers of tools and services used, physical access controls, ongoing employee training, and the maintenance of access audit logs.

Please contact us at [email protected] if you have additional questions.

Last updated: March 8, 2019

Chi siamo
Chi siamo
Lavora con noi
Contattaci
Prodotti
Prodotti
Trova un rivenditore
Download
Download Software
Note di Rilascio
Casi Demo
Seguici