We are now getting close to the date when the European Commission’s General Data Protection Regulation (GDPR) will take effect. Blueprint Solutions currently provides leading office management solutions for hearing healthcare providers in five EU countries, and as such is subject to the regulation.
Blueprint Solutions has been preparing for the regulation to take effect. In this brief post, I will address some of the common questions that we have received regarding GDPR, starting with the first and most pressing question: Is Blueprint Solutions in compliance with the regulation? The answer is YES. Here are some additional questions we have received from our clients.
Q: Where is my data hosted?
A: Data for European based clients is stored in a secure data center in London, UK, which is managed by our infrastructure partner EveryCity. The data center provides the latest server and security technology and is ISO 27001 certified. More information about our data center and its security measures, can be found here: https://everycity.co.uk
Q: What about backup?
A: Data is backed up both onsite at the data center, as well as at another secure site also in the UK. Blueprint Solutions retains hourly data backups for 24 hours and nightly data backups for 30 days. They are stored at multiple physical locations within the UK.
Q: Is my data encrypted when transmitted?
A: Yes, data is encrypted using 128 bit encryption.
Q: What data access controls are in place?
A: First of all, each user must have a unique user ID and a password. In addition, access can only be obtained through the Blueprint OMS application, and a unique access key is required to activate the application. In other words, access cannot be obtained through a web browser, as is the case with many other applications. Access to the system can also be restricted by IP address.
Q: What if I want a copy of my data?
A: As per our license agreement, your data is your property and is considered confidential. We can provide you a complete, encrypted backup of your data within 1 business day of the request.
Since Blueprint Solutions is also providing office management solutions for hearing healthcare providers in the US, we are subject to, and in compliance with, the Health Insurance Portability and Accountability Act (HIPAA). There are similarities between the two regulations, and in many cases the HIPAA regulation has more specific and stringent requirements.
It is also important to mention that some requirements rest specifically on the clinic, including data security on the PC level and obtaining patient consent for distinct purposes of processing. Consent must now be obtained separately from other written agreements, clearly presented and as easily revoked as given. Specific rules apply for children.
For questions or comments, please contact Henrik Nielsen at firstname.lastname@example.org.