Siemens Healthcare Teamplay
Recertification: 09/2021
Renewal of certification under EuroPriSe’s new certification scheme pending
Recertification: 09/2021
Siemens Healthcare GmbH provides the cloud-based service teamplay to hospitals and other medical facilities making use of devices for medical imaging. Target of the re-evaluation was teamplay as it is provided to customers in the EU/EEA. teamplay allows its users to monitor the utilisation of these devices in order to improve their image acquisition procedures and to analyse radiation dose enabling minimisation of radiation exposure in imaging procedures. Furthermore, teamplay enables forwarding of image data with configurable data minimization to further applications, for example for automated evaluations, including the return transport of results. Customers are provided with meaningful information on how to make use of the service in compliance with EU data protection law. Users who adhere to the guidance provided by Siemens Healthcare can be sure that processing of patient data by means of teamplay is in line with EU data protection law.
Several new functions were added, please refer to the Short Public Report.
Press Release 🇬🇧 (on the occasion of the initial certification in 10/2016)
teamplay
Connect, compare, collaborate.
teamplay service as provided to EU customers
Function as provided in March 2021
Qualification: IT-based service (processor service)
EP-S-22Q9CP
01/2017
14/09/2021 – 30/09/2023
First Re-Certification on 12/03/2019
Initial Certification on 07/10/2016
05/2022 (O.K.)
01/2023 (O.K.)
teamplay Short Public Report 2021🇬🇧
Siemens Healthcare GmbH
Henkestr. 127
91052 Erlangen
Germany
The teamplay receiver removes data types that could be used for the (re-)identification of patients completely or replaces them by a pseudonym or a less precise value such as an age range in a reliable manner. The extent of the data minimisation depends on the privacy profile that is chosen by the user, with the strictest of these providing for true anonymisation of patient data for teamplay Dose and Usage. Thus, teamplay lives up to the principle of data minimisation in an exemplary manner.
Comprehensive, intelligible and up-to-date documentation is in place which informs the teamplay users about their responsibilities as controllers when it comes to the processing of personal data.
Regarding the processing of patient data, it must be highlighted that users of teamplay qualify as controllers whereas Siemens Healthcare GmbH acts as a processor on behalf of the users. Customers are advised that – depending on the chosen privacy profile – the legitimate use of the service may require the collection of patients’ consent and release from medical confidentiality. More detailed information on this topic is available below at “Details” as well as in the Short Public Report.
Siemens Healthcare GmbH provides the cloud-based service teamplay that can be accessed via https://teamplay.siemens.com. The service is offered to hospitals and other medical facilities making use of devices for medical imaging (e.g., computer tomography (CT) or magnetic resonance imaging (MRI) devices). The modules Dose and Usage enable the users of devices for medical imaging to monitor the efficiency of the utilisation of these devices as well as the radiation dose consumption. This way they can improve their image acquisition procedures and identify radiation doses which are as low as reasonably achievable to meet clinical needs.
teamplay also supports secure exchange of image data with other teamplay users for collaboration purposes in virtual groups.
Monitoring 1 (due in 2022/05) showed that the previous sentence is not accurate anymore due to minor ToE changes made subsequent to recertification (cf. below at Details). Thus, this sentence had to be deleted / striked out.
teamplay consists of web-based services, which are deployed as a cloud service on the teamplay platform, and a software-only gateway (“teamplay receiver”) to be installed in, e.g., a hospital network. The teamplay receiver acts as an intermediary between the hospital computer systems and the web-based services.
In respect of the amount of patient data to be processed, Siemens Healthcare GmbH provides different options to the users of the service. If the user chooses the strictest of the preconfigured settings of the service (“privacy profiles”), then only anonymous data is processed by teamplay within the modules Dose and Usage. When one of the two remaining privacy profiles is chosen, patient data is pseudonymised, but still constitutes personal data.
Monitoring 1 (due in 2022/05):
The ToE has changed slightly (renaming of one module and reduction of the respective functionality): Images has been renamed to DICOM Hub and does no longer provide the functionality to share DICOM studies. An updated version of the SPR has been produced and published to reflect this.
Recert as such:
In addition to the functionalities that were already covered by the previous recertification, the target of evaluation of the current recertification includes the following (newly designed) functionalities:
teamplay Cardio is no longer part of the EU deployment and therefore no longer part of this recertification.
In detail, the ToE of this recertification consists of the following components:
Not part of the target of evaluation (ToE) are
The re-evaluation showed that teamplay continues to meet all applicable EuroPriSe requirements. Further information can be found in the short public report.
In addition to the functionalities that were already covered by the previous recertification, the target of evaluation of the current recertification includes the following (new) functionalities:
In detail, the ToE of this recertification can be specified as follows:
The ToE of the teamplay recertification consists of the following components:
Not part of the target of evaluation (ToE) are
The re-evaluation showed that teamplay continues to meet all applicable EuroPriSe requirements. Further information can be found in the short public report.
teamplay is offered as a basic and as a premium account. It is worth noting that the premium account encompasses all functionalities of the basic account. The target of evaluation of the teamplay certification is the premium account as it is provided to EU customers. More precisely, the ToE consists of the following modules / components of said premium account:
Excluded from the target of evaluation is teamplay as it is offered to the US market or to other markets outsited of the EU/EEA. In addition, the following modules / components of teamplay as it is provided to EU customers do not form part of the ToE either:
When providing the teamplay service, Siemens Healthcare acts as a processor on behalf of the users of the service. This means that the responsibility for the lawful processing of patient data lies with the users (controllers). Depending on the privacy profile that is chosen by a user, the utilisation of the service will involve the processing of anonymised patient data only or the processing of pseudonymised patient data that – despite of its pseudonymisation – still qualifies as personal data. Siemens Healthcare GmbH informs (prospective) users of the service about the fact that it is their responsibility to collect patients’ consent and/or release from medical confidentiality prior to uploading patient data to teamplay if they choose a privacy profile which does not provide for the anonymisation of patient data. In such a case, the users of the service can revert to a high-quality template for the collection of patients’ consent / release from medical confidentiality that is made available to them by Siemens Healthcare GmbH.
Dr. Irene Karper LL.M.Eur.
datenschutz cert GmbH
Konsul-Smidt-Str. 88a
28217 Bremen
Germany
Dr. Irene Karper LL.M.Eur.
datenschutz cert GmbH
Konsul-Smidt-Str. 88a
28217 Bremen
Germany
Dipl. Math. Ralf von Rahden
datenschutz cert GmbH
Konsul-Smidt-Str. 88a
28217 Bremen
Germany
Die deutschlandweit erste Zertifizierung für Auftragsverarbeiter nach Artikel 42 DSGVO.
Die deutschlandweit erste Zertifizierung für Auftragsverarbeiter nach Artikel 42 DSGVO.
© All Rights Reserved.
© All Rights Reserved.