Image

Disclaimer:

This register is kept with the utmost care. However, EuroPriSe does NOT guarantee the accuracy of information found on the Site. Your reliance on information found on the Site is at your own risk. For more information please go to EuroPriSe Terms & Conditions.

Product/Version

e-pacs Version 3.0

View the e-pacs certificate 

Cert. No.

EP-S-Z8P8CP

Validity

12/08/2015 - 31/08/2017

Second recertification on June 30, 2013

First recertification on May 20, 2011

Initial Certification on September 29, 2008

Monitoring

04/2016 (O.K.)

12/2016 (O.K.)

Public Report

2015 e-pacs Short Public Report [PDF] Image 

2013 e-pacs Short Public Report [PDF] Image

2011 e-pacs Short Public Report [PDF] Image

Initial: e-pacs Public Report [PDF] Image

Manufacturer/Provider

Telepaxx Medical Archiving GmbH
Wasserrunzel 5
91186 Büchenbach
Germany
Contact: Andreas Dobler

BEST

Data minimization
(encryption and pseudonymization)

ATTENTION:

Not applicable

Summary

e-pacs is a central digital image data archive. It files x-ray and other medical data. The data are encrypted prior to being transmitted from the department server located at the customer's site to the e-pacs storage server located at Telepaxx' premises.

Details

Recertification 08/2015

Since the recertification in 2013, the core components of the e-pacs service have not been modified.

There have been minor changes in the application environment (cf. the short public report).

Recertification  06/2013

Since the recertification in 2011, the core components of the e-pacs service have not been modified.

There have been minor changes in the application environment (cf. the short public report).

Recertification 05/2011

Since the certification in 2008, the core components of the e-pacs service (department server and deep storage server) have not been modified.

There have been some changes in the application environment (e.g., migration from Windows Server 2003, to Windows Server 2008 - for details, cf. the short public report). These changes do not have any impact on the evaluation results.

In 2009, § 11 BDSG (Bundesdatenschutzgesetz - German Federal Data Protection Act) was amended. This provision stipulates the requirements for processing security agreements between controllers and processors. The evaluation proved that the standard contract used by Telepaxx is in line with the (new) requirements.

Initial Certification 09/2008

e-pacs archives x-ray and other medical data on patients. It is used by radiologists, hospitals and physicians in private praxis. The service mainly comprises two components: The e-pacs department server located at the customer's site and the e-pacs deep storage server located at Telepaxx' premises. Medical data are encrypted prior to their transmission from the department server to the deep storage server. Moreover, instead of patient names, pseudonyms are transmitted as part of the header data. Thus, Telepaxx cannot access the x-ray image data and does not receive any personal information about the patients concerned.

Technical Evaluator

Dipl. Math. Ralf von Rahden
datenschutz cert GmbH
Konsul-Smidt-Str. 88a
28217 Bremen
Germany

Legal Evaluator

Dr. Irene Karper LL.M.Eur.
datenschutz cert GmbH
Konsul-Smidt-Str. 88a
28217 Bremen
Germany

3rd Recertification: 08/2015

Telepaxx Medical Archiving GmbH proved that its IT-based service "e-pacs Storage Service" complies with EU data protection law. e-pacs is a central digital image data archive used by radiologists, hospitals and doctors in private practice. Users of e-pacs are controllers in respect of personal data relating to patients. e-pacs comes with excellent encryption and pseudonymisation functionalities. Thus, customers of Telepaxx can be sure to act in compliance with EU data protection law when making proper use of the service. 

Image

European Privacy Seal for e-pacs 3.0

© 2008 - 2019 | EuroPriSe GmbH - European Privacy Seal | Handelsregister-Nr. (Commercial Register No.): Bonn HRB 20387

No responsibility for the accuracy of the information. Contact | Privacy Notice | Imprint

Product/Version

REISSWOLF f.i.t.

v1.5; service function as provided in 05/2018

Qualification: IT product and IT-based service (processor service)

View the REISSWOLF f.i.t. certificate

Version of Certification Criteria

11/2011

Cert. No.

EP-S-X5TSCN

Validity

24/05/2018 - 31/05/2020

Monitoring

01/2019

09/2019

Public Report

f.i.t. Short Public Report Image Image 

Manufacturer/Provider

REISSWOLF Systems GmbH

Im Heegen 13
22113 Oststeinbek
Germany

BEST

Access policies can be used to restrict system usage to specific times of the day and/or IP addresses to reduce the attack vector for third-party access. A user session is controlled by means of a cross-tab synchronised session countdown.

ATTENTION

Regarding the processing of personal data on third persons by means of f.i.t., it must be highlighted that the (usually) corporate users of the service qualify as controllers whereas REISSWOLF Systems GmbH acts as a processor on behalf of the users. Customers are advised that the legitimate use of the service may require the collection of the data subject's consent and/or declaration of release from confidentiality.

SUMMARY

REISSWOLF f. i. t. is a web-based archiving system for data storage and access. It serves the purpose of uploading, storing, managing and exchanging data in the sense of a document management system. f.i.t. is a web application that can be used with common internet browsers. 

DETAILS

REISSWOLF f. i. t. is primarily designed for commercial use. It is distributed by REISSWOLF Systems GmbH and operated as Software as a Service (SaaS) in a data center in Germany.

The ToE includes

  • The web-based service REISSWOLF f.i.t. (for details, please cf. the short public report)

It does not include

  • REISSWOLF f.i.t. mobile app
  • REISSWOLF f.i.t. hotfolder
  • Office module
  • Teamviewer
  • Other alternative interfaces to clients

Technical + Legal Evaluator

Ann-Karina Wrede
Innungsstraße 7
21244 Buchholz
Germany

Initial Certification: 05/2018

REISSWOLF f.i.t. provides a web-based service that enables companies to upload, store, manage and exchange data in the sense of a document management system. Users of the service are controllers in respect of personal data on third persons that is processed by means of f.i.t.. The service is designed in a way that facilitates the users' compliance with EU data protection law.

Image

Disclaimer:

This register is kept with the utmost care. However, EuroPriSe does NOT guarantee the accuracy of information found on the Site. Your reliance on information found on the Site is at your own risk.

Image

European Privacy Seal for REISSWOLF f.i.t.