To ensure patients’ data privacy, Portavita has taken a lot of measures.
This has resulted into a system in which:
- abuse is unlikely;
- possible abuse can be detected.
Authentication and Authorisation
Access to the system and access to the data require authentication and authorisation on different levels:
- To enter the system, practitioners and patients need authentication.
- Authorised employees of an organisation (for example thrombosis or general practice) have access only to the data of the patient's own organisation and not to those of other organisations.
- At the moment an employee starts in his function, he/she receives a 'role' in the system in which is defined which data he/she can view or mutate.
- In consultation between the patient and the practitioner, third parties can be involved in the treatment. These third parties only have access to patient records for which they are authorised. This authorisation may also be terminated again.
- A patient has the ability to gain access to his / her own file and can then see who has recorded which information in the system.
- The system logs all information on every modification, recording when it is made and by whom, so that abuse can be detected.
- Data provided by customers to the insurers are anonymous.
- Portavita is not the owner of the data, but the operator of the system and thus registered with the DPA (Data Protection Authoriy).
- The software of Portavita is provided in a Software as a Service model. The Internet connection between the user and the system is protected, and the data is encrypted.