www.siemens.com/teamplay
teamplay security statement
Ensuring high-level data security and privacy.
EuroPriS e2
HIPAA1
ULD3
Keeping private things private
Protecting the privacy of your personal
data is important to teamplay as it is
in every Siemens Healthcare project.
Rest assured, that teamplay works in
compliance with applicable laws on data
privacy protection and data security.
Furthermore, since teamplay will be
handling personal and sensitive information, we make sure our security measures
go beyond what is required: While providing different data security levels to
be compliant with local regulations,
teamplay meets the US standards of
HIPAA1 (Health Insurance Portability and
Accountability Act) as well as the requirements of the European data protection
directive.
A strong security partner
Employing the Microsoft Azure Cloud
comes with cutting-edge security to
avoid breaches and malicious attacks.
Sophisticated measures like encryption,
segregation and destruction safeguard
all information.
Restricted area
Intelligent access control technologies
restrict data access and use two individual
login accounts and authorizations. Solely
the teamplay users themselves decide
about who they grant access rights or
share their data with. No patient information will be sent to teamplay without
customer and patient consent.
Transparent data use policy
A dedicated agreement (e.g. in US a
Business Associate Agreement) ensures
joint responsibility of all involved parties
and lists all obligations of security and
confidentiality elements for patient
information.
Join the imaging world team.
Safely and trustingly.
teamplay by Siemens Healthcare.
1 HIPAA certified
2 EuroPriSe – certified to European Privacy Seal
standard is initiated but pending
3 ULD – is initiated but pending
Answers for life.
Where is the data of the “teamplay” cloud hosted?
Data is hosted in Microsoft Azure Data Centers within
the customer’s geographical region.
How do you protect the data from getting lost?
In each geographical region all data is replicated between
multiple data centers so that risk of data loss is minimized.
Who has access to the data?
Dose & Usage:
Only anonymized patient data is leaving the institution,
users of the customer and Siemens Service personnel
has access to this anonymized data.
Will you host personalized data in the “teamplay”
cloud?
Only user information is hosted in teamplay. This information is stored encrypted. There is no unencrypted personal
information hosted in teamplay.
Advanced functionalities might need the transfer of
pseudonmynized data subject to customer’s consent.
Images4:
Before data is leaving the institution patient information
is extracted and end-to-end encrypted (zero knowledge)
and image data is anonymized. Only the customer is
able to access and share their patient and other sensitive
information. Siemens Service personnel has access only
to the anonymized images.
Prominent cloud providers have only recently been
hacked (Dropbox, iCould). How does Siemens ensure
data security, e.g. protecting the cloud from unauthorized access or from being affected by malware?
Microsoft is investing significantly in security and has
declared HIPAA1 compliance, further Siemens is applying
state-of-the-art encryption technology and is continuously
performing extensive penetration testing for ensuring
the highest possible level of data security.
Do you provide regular updates for customers to make
sure they’re up to date when it comes to data security?
teamplay is not interfering with the existing IT workflows
of the customer and Siemens provides regular security
updates.
Do you store patient data?
Dose & Usage:
No patient information is stored in teamplay.
Images4:
Patient information is end-to-end encrypted (zero knowledge) with strong state-of-the-art cryptographic
algorithms and is only stored with customer and patient
consent.
Have you implemented any processes for a reliable
deletion of customer/patient data?
Customer will be able at any point in time to delete the
account including all sensitive data.
Is it possible to access imaging devices or PACS
(e.g. controls, remote service lines) via connection
to the cloud?
No, only outbound connection from the Receiver to teamplay Cloud is possible, no inbound connections are needed
or possible.
The information about this product is preliminary.
It is under development, not commercially available, and its future
availability cannot be ensured.
4
Are there any precautionary measures to maintain
thesolution’s functionality, even if security has been
compromised?
Data integrity is ensured by the use of cryptographic hashes.
In case data should be corrupted it will be isolated.
The customer will be notified and can restore the data
from the original data source in the institution. teamplay
is enforcing multi-factor authentication intelligently to
protect the system from unauthorized access.
Global Business Unit
Siemens AG
Medical Solutions
SYNGO
DE-91052 Erlangen
Germany
Phone: +49 9131 84-0
www.siemens.com/syngo
Global Siemens Headquarters
Siemens AG
Wittelsbacherplatz 2
DE-80333 Munich
Germany
Legal Manufacturer
Siemens AG
Wittelsbacherplatz 2
DE-80333 Munich
Germany
Global Siemens
Healthcare Headquarters
Siemens AG
Healthcare Sector
Henkestrasse 127
DE-91052 Erlangen
Germany
Phone: +49 9131 84-0
www.siemens.com/healthcare
pdf 1014
© 2014, Siemens AG
www.siemens.com/teamplay