Data security and encryption for Nursing and Geriatric Care

Nursing and Geriatric Care is subject to the duty of confidentiality and is a very sensitive area in which personal data is collected and nowadays mostly stored electronically. Some transcripts are also made directly to a tablet computer or MacBook. This is particularly true in mobile nursing and care for the elderly.

Different types of electronic files are created that are to be protected.

Since 25 May 2018, new data protection rules have been in force, which become effective under the EU General Data Protection Regulation (EU GDPR). The EU GDPR is an European Union regulation that unifies the rules on the processing of personal data by private companies and public authorities across the EU.

Keep in mind that personal data must always be protected against unauthorized access, including in the event of loss / theft. In the event of loss / theft, where the data can be viewed by unauthorized persons, you must always inform all persons concerned.

The use of cloud storage solutions is also particularly problematic. If you store unencrypted data in the cloud, you need a data processing contract with the cloud service provider, and still need to notify all your clients of possible disclosure or theft in the event of a data breach. This risk is too high and, unfortunately, far too often in the past. Your client data deserves better protection.

Solution

If you collect client data on a Mac and/or iPhone/iPad, you can store that data with SimpleumSafe GDPR compliant. Strong encryption is used on the devices. A synchronization of different Macs or iPhone/iPad can also be carried out encrypted via the cloud. In this case, the cloud provider has no way to gain insight into the data, nor does it need to be concluded with a data processing contract.

SimpleumSafe is already used in many mobile care services. Due to the similarity with the Mac Finder, an introduction is done quickly and a training is not necessary.

SimpleumSafe is GDPR compliant

Solution in detail

Pseudonymization and encryption (GDPR Art. 32 (1a)

Digital data are files that have a file name and content. Even the file name can often provide information about the content. According to GDPR Article 32 (1a), pseudonymization and encryption are appropriate technical measures for the protection of personal data. SimpleumSafe encrypts all files with AES-256, an accepted and proven standard for strong encryption. File names are not recognizable from “outside ” with an unopened Safe.

Confidentiality (GDPR Article 32 (1b)

Access to the data with SimpleumSafe is only possible with a password or with any biometric authentication.

Integrity (GDPR Article 32 (1b)

Integrity is the protection of data against manipulation and damage (hardware defect). SimpleumSafe provides an integrity check that checks all data for readability and error-free decryptability.

Availability, recovery after technical incident (GDPR Article 32 (1b.c)

You can backup a Safe created with SimpleumSafe encrypted with Apple Time Machine or any other backup solution. In addition, SimpleumSafe itself has its own backup solution. As a result, your data backup is encrypted. In the event that you have forgotten your password and you are actually no longer able to access the data, you can use a so-called recovery password to reset your password, provided you have previously created such a recovery password.

Information for all affected persons in the event of data loss or theft

If you have encrypted your data with SimpleumSafe and a Safe ends up in the hands of third parties by theft, you do not have to share this information to your clients. This is where GDPR  Article 34 (3a) applies]: […] The communication to the data subject […] shall not be required […] in particular those that render the personal data unintelligible to any person who is not authorised to access it, such as encryption […] ”

Data in the cloud

SimpleumSafe uses the “extreme secure synchronization ” for synchronization with the iCloud. Even if the synchronization data has been stolen from the cloud and the password has become known, the data can still not be decrypted. In this case, the cloud provider is not a order data processor according to GDPR, as he cannot gain access to the data.

Create photos with personal information

Use the ability to use SimpleumSafe for iOS to directly create photos on iPhone and store them in the Safe in an encrypted manner. These photos are then not stored in the photo library. This allows you to easily photograph client documents, etc.

Examples of use

We want to help you manage, organize and edit your sensitive data as easily as possible with SimpleumSafe. And it all works encrypted throughout. Because the SimpleumSafe user interface for Mac is designed similar to the Mac finder, you can simply drag your files from the finder to the open SimpleumSafe and these are immediately encrypted in the Safe.

Different Safe locations

You can store a Safe at different locations. On your hard disk, on a USB flash drive, or on a network drive.

Secure editing of the data

When editing or in the preview, the data remains encrypted throughout. Once processed, the data is automatically imported back into the Safe.

Encrypted photography

With SimpleumSafe for iOS, you can photograph encrypted from the app and the photos are immediately stored encrypted in the Safe. The photos are then not stored in the photo library.

Encrypting contacts

You can import your contacts (.vcf) and store them encrypted in SimpleumSafe.

Create notes and comments

You can create notes (.txt) and edit them further. Each file can also be commented on in a comment box.

Image viewer and slideshow

With the image viewer and slideshow, you can view all your photos in full screen mode.

Extreme Secure Synchronization

Convenient synchronization of the Safes between iPad, iPhone and Mac. This allows you to keep your data up-to-date anytime, anywhere.

Multiple Safes

You can create multiple Safes and use them completely independently. For example, you can create themed Safes, or a Safe for each client.

Simple and intuitive usability

Due to the simple and intuitive usability, no training or introductory projects are necessary.