Image

Disclaimer:

This register is kept with the utmost care. However, EuroPriSe does NOT guarantee the accuracy of information found on the Site. Your reliance on information found on the Site is at your own risk.

Image

European Privacy Seal for Siemens Healthcare GmbH

Product/Version

teamplay

Connect, compare, collaborate.

teamplay service as provided to EU customers

Function as provided in October 2018

Qualification: IT-based service (processor service)

View the teamplay certificate

Cert. No.

EP-S-LZ8DSG

Version of Certification Criteria

01/2017 

Validity

12/03/2019 - 31/03/2021

Initial Certification on 07/10/2016 

Monitoring

11/2019

07/2020

Public Report

teamplay Short Public Report 2019 Image  

teamplay Short Public Report 2016 Image   

Manufacturer/Provider

Siemens Healthcare GmbH

Henkestr. 127
91052 Erlangen
Germany

BEST

The teamplay receiver removes data types that could be used for the (re-)identification of patients completely or replaces them by a pseudonym or a less precise value such as an age range in a reliable manner. The extent of the data minimisation depends on the privacy profile that is chosen by the user, with the strictest of these providing for true anonymisation of patient data for teamplay Dose, Usage and Cardio. Thus, teamplay lives up to the principle of data minimisation in an exemplary manner.

Comprehensive, intelligible and up-to-date documentation is in place which informs the teamplay users about their responsibilities as controllers when it comes to the processing of personal data. 

ATTENTION

Regarding the processing of patient data, it must be highlighted that users of teamplay qualify as controllers whereas Siemens Healthcare GmbH acts as a processor on behalf of the users. Customers are advised that - depending on the chosen privacy profile - the legitimate use of the service may require the collection of patients' consent and release from medical confidentiality. More detailed information on this topic is available below at "Details" as well as in the Short Public Report.

SUMMARY

Siemens Healthcare GmbH provides the cloud-based service teamplay that can be accessed via https://teamplay.siemens.com. The service is offered to hospitals and other medical facilities making use of devices for medical imaging (e.g., computer tomography (CT) or magnetic resonance imaging (MRI) devices). The modules Dose and Usage enable the users of devices for medical imaging to monitor the efficiency of the utilisation of these devices as well as the radiation dose consumption. This way they can improve their image acquisition procedures and identify radiation doses which are as low as reasonably achievable to meet clinical needs. Similar to Dose and Usage is teamplay Cardio, which is a module specifically developed for statistics about procedure volumes, turnaround time, and utilisation of resources in the area of cardiology. teamplay also supports secure exchange of image data with other teamplay users for collaboration purposes in virtual groups. teamplay consists of web-based services, which are deployed as a cloud service on the teamplay platform, and a software-only gateway ("teamplay receiver") to be installed in, e.g., a hospital network. The teamplay receiver acts as an intermediary between the hospital computer systems and the web-based services.

In respect of the amount of patient data to be processed, Siemens Healthcare GmbH provides different options to the users of the service. If the user chooses the strictest of the preconfigured settings of the service ("privacy profiles"), then only anonymous data is processed by teamplay within the modules Dose, Usage and Cardio. When one of the two remaining privacy profiles is chosen, patient data is pseudonymised, but still constitutes personal data.  

DETAILS

Recert 2019/03

In addition to the functionalities that were already covered by the previous recertification, the target of evaluation of the current recertification includes the following (new) functionalities:

  • Images / Images Research
  • Store
  • Cardio

In detail, the ToE of this recertification can be specified as follows:

The ToE of the teamplay recertification consists of the following components:

  • teamplay Receiver, to be installed as a gateway service with the operator (teamplay user);
  • teamplay Platform, with the modules Usage, Dose, Protocols, Images and Images Research, Store and Cardio;
  • legal and technical interfaces with the sub-processors Microsoft Ireland Operations Ltd., Siemens Healthcare Private Limited (India) and Siemens Medical Solutions USA Inc.

Not part of the target of evaluation (ToE) are

  • further services and products of Siemens Healthcare GmbH such as teamplay for markets outside the EU/EEA and the website www.healthcare.siemens.de with general product information;
  • further applications accessible in teamplay Store nor their operation or procurement;
  • the Microsoft Azure Cloud and components of the data centres (contractual clauses with Microsoft and technical-organizational measures implemented by Microsoft were reviewed during the re-evaluation, but the certification does not refer to the Azure Cloud as such, but only to the teamplay service as provided by Siemens Healthcare to EU/EEA customers);
  • the Auth0 platform and its PaaS;
  • the operational environment of the user including tablets, apps or smartphones.

The re-evaluation showed that teamplay continues to meet all applicable EuroPriSe requirements. Further information can be found in the short public report that is available here: Image

Initial Cert 2016/10

teamplay is offered as a basic and as a premium account. It is worth noting that the premium account encompasses all functionalities of the basic account. The target of evaluation of the teamplay certification is the premium account as it is provided to EU customers. More precisely, the ToE consists of the following modules / components of said premium account:

  • The modules "usage", "dose" and "protocols" (cf. the Short Public Report for details);
  • the "teamplay receiver" (software to be installed in the IT environment of the users of the service);
  • the web-based services that allow for the use of the modules "usage", "dose" and "protocols";
  • legal and technical interfaces with the sub-processors Microsoft Ireland Operations Ltd. and Siemens Healthcare Private Limited (India).

Excluded from the target of evaluation is teamplay as it is offered to the US market or to other markets outsited of the EU/EEA. In addition, the following modules / components of teamplay as it is provided to EU customers do not form part of the ToE either:

  • The module "images" which allows for the collaborative use of data and images as well as for the establishment of an online community;
  • authentication of users via the Siemens Corporate Authorisation Service that provides an alternative login functionality for teamplay;
  • the Microsoft Azure Cloud as such (including components of the data centres that are used for the provision of the teamplay service to EU customers);
  • the IT environment of the teamplay users.

When providing the teamplay service, Siemens Healthcare acts as a processor on behalf of the users of the service. This means that the responsibility for the lawful processing of patient data lies with the users (controllers). Depending on the privacy profile that is chosen by a user, the utilisation of the service will involve the processing of anonymised patient data only or the processing of pseudonymised patient data that - despite of its pseudonymisation - still qualifies as personal data. Siemens Healthcare GmbH informs (prospective) users of the service about the fact that it is their responsibility to collect patients' consent and/or release from medical confidentiality prior to uploading patient data to teamplay if they choose a privacy profile which does not provide for the anonymisation of patient data. In such a case, the users of the service can revert to a high-quality template for the collection of patients' consent / release from medical confidentiality that is made available to them by Siemens Healthcare GmbH.

Legal Evaluator

Dr. Irene Karper LL.M.Eur.
datenschutz cert GmbH
Konsul-Smidt-Str. 88a
28217 Bremen
Germany

Technical Evaluator (since 10/2018)

Dr. Irene Karper LL.M.Eur.
datenschutz cert GmbH
Konsul-Smidt-Str. 88a
28217 Bremen
Germany

Technical Evaluator (until 10/2018)

Dipl. Math. Ralf von Rahden
datenschutz cert GmbH
Konsul-Smidt-Str. 88a
28217 Bremen
Germany

Recertification: 03/2019

Siemens Healthcare GmbH provides the cloud-based service teamplay to hospitals and other medical facilities making use of devices for medical imaging. Target of the re-evaluation was teamplay as it is provided to customers in the EU/EEA. teamplay allows its users to monitor the utilisation of these devices in order to improve their image acquisition procedures and to analyse radiation dose enabling minimisation of radiation exposure in imaging procedures. Furthermore, teamplay supports secure exchange of image data with other teamplay users for collaboration purposes in virtual groups. Customers are provided with meaningful information on how to make use of the service in compliance with EU data protection law. Users who adhere to the guidance provided by Siemens Healthcare can be sure that processing of patient data by means of teamplay is in line with EU data protection law.

Several new functions were added, please refer to the Short Public Report

https://teamplay.siemens.com  

Press Release Image Image (on the occasion of the initial certification in 10/2016)

© 2008 - 2019 | EuroPriSe GmbH - European Privacy Seal | Handelsregister-Nr. (Commercial Register No.): Bonn HRB 20387

No responsibility for the accuracy of the information. Contact | Privacy Notice | Imprint