Important Updates on the General Data Protection Regulation (GDPR)
As a global provider of oral healthcare technology, Carestream Dental takes its commitment to customer and patient privacy seriously. All of our software and systems are designed with the most stringent information protections in mind, and we value your trust in our business.
Part of this commitment involves being prepared for the General Data Protection Regulation (GDPR). This regulation provides new, consistent standards across the European Union (EU) to protect the rights of individuals in the EU regarding how their personal data is being used. It goes into effect on 25 May, 2018 and applies to any company that controls and/or processes personal data of individuals in the EU, also called “data subjects.”
We are required under the Terms and Conditions that govern our existing relationship with you to comply with all applicable laws, which from the May 25, 2018 will include compliance with the GDPR. This commitment is reflected in our business culture and policies, as well as in our participation in a Privacy Shield Program to ensure secure and proper handling of data transferred and stored outside of the EU as required.
In addition, Carestream Dental is working to ensure all its vendors used as processors and sub-processors are GDPR compliant. Where we process personal data on your behalf as processor, we shall always seek your prior consent before engaging any sub-processor to carry out these activities.
Security and Data Management
Carestream Dental already employs strict policies and procedures around security and data management. An internal team, led by a designated data protection officer, ensures GDPR compliance. Additionally, policies and documentation have already been either created or refined further to safeguard data both inside and outside of the EU while also increasing our ability to react in the unlikely event of a data breach.
We will continue, as has been our practice, to only process personal data according to our customers’ instructions.
Information for Our Practice Management Software and CS Connect Customers
Carestream Dental’s practice management software already features controls that enable the Controller’s compliance with its obligations under the GDPR, in particular for ensuring the ongoing confidentiality, integrity, availability and resilience of systems and services:
- Our practice management software provides authentication capabilities to allow Controllers to restrict access to patient data.
- Our practice management software provides internal security measures for additions, deletions and modifications of records to ensure compliance with the security requirements under the GDPR.
- Our practice management software offers patient archiving capabilities that support the GDPR requirement of “right to be forgotten,” provided the patient’s request does not conflict with other regulatory controls for retaining patient records.
- CS Connect provides anonymisation of patient data when sending image files to laboratories.
Carestream Dental’s support services utilise secure remote access technologies that require the Controller’s consent to be given prior to access, and ensure proper encrypted viewing and/or transfer of patient data.
Where available, Carestream Dental can provide secure data backup services through a vetted third-party service to help Controllers meet their “resilience” requirement under the GDPR.
Carestream Dental will regularly test and assess the effectiveness of its security measures and stay on top of new regulatory requirements to identify additional capabilities that will help Controllers comply with GDPR.
Information for our Imaging Customers
As your partner, we want to help your transition to GDPR compliance as seamless as possible so you can focus on your practice. To help you comply with the GDPR, we will be continually working to improve the functionality of our tools, including capabilities to:
- Provide access controls
- Anonymize or delete user data
- Perform data audits or assessments using data processing logs
- Create provisions for data subjects’ rights
- Enhance security for user data
What should you do to be GDPR ready?
If you are just getting started with GDPR compliance in your organization, here's a quick to-do list to keep in mind as a Data Controller.
Find Out More
- Create a data privacy team to oversee GDPR activities and raise awareness
- Review current security and privacy processes in place
- Identify the Personally Identifiable Information (PII)/personal data that is being collected
- Analyse how this information is being processed, stored, retained and deleted
- Assess the third parties with whom you disclose data
- Establish procedures to respond to data subjects when they exercise their rights
- Establish and conduct a Privacy Impact Assessment (PIA)
- Create processes for data breach notification activities
- Continuously train employee to ensure compliance to the GDPR
Carestream Dental fully supports the principles of the GDPR. Our mission is to help our customers create better patient experiences with relevant communication, and that requires the fair and secure use of personal data that is given with full consent and transparency.
If you have any questions or concerns regarding GDPR and Carestream Dental, please contact us at firstname.lastname@example.org