Principles of data protection
As a medical practice for neurology and psychiatry, we are aware of the special importance of the confidentiality of your data. We adhere to the strict regulations of medical confidentiality as well as the professional and legal regulations on data protection. As a matter of principle, personal data is only collected by us if required by law or if you have given your prior written consent.
Updated 11th December 2022 — MV
Data protection is a fundamental right in the European Union according to Art. 8 of the Charter of Fundamental Rights of the European Union. Concrete data protection rules are formulated in the European General Data Protection Regulation GDPR The processing of health data is particularly protected. According to Article 9 (2) GDPR, health data may only be collected and processed under very specific conditions, primarily of course for the purpose of health care. Processing is regulated according to clear principles. These are described in Article 5 GDPR. The key data protection principles relating to processing of your medical record are:
- Purpose limitation: Data may only be collected and used for the previously defined purpose.
- Data minimisation: Data must be adequate for the purpose and limited to what is necessary.
- Accuracy: Data must be factually correct and up-to-date.
- Storage limitation: Data may only be stored for as long as it is required for the purpose.
- Integrity and confidentiality: Data must be protected against unauthorised access and loss.
- Accountability: compliance with data protection must be demonstrable.
If we collect and process data, we are obliged to inform you about this in accordance with Art. 13 GDPR. This includes the legal basis and the purpose of our data processing as well as the recipients of your data.
The purpose of our data processing is your health care. Therefore, we are entitled to process health data according to Art. 9 (2) GDPR and according to German law § 22 BDSG. In fact, we are obliged to document personal health data, conversations with you, examinations, findings and courses of treatment according to § 10 paragraph 1 of the professional code of conduct of the medical association BOÄ (pdf, German) In principle, according to § 10 Para. 2 of the BOÄ, you may be given access to your medical file, provided this is not detrimental to you for therapeutic reasons. The medical record must be kept for a period of 10 years according to § 10 Para. 3 of the BOÄ.
This privacy policy describes our handling of so-called personal data. This refers to information by which you could be identified directly or indirectly.
Responsibility for Data Processing
Practice for
neurology and psychiatry
Karl-Marx-Straße 272, 12057 Berlin
(030) 68 40 99 - 6 / -
70
(030) 68 40 99 - 81
datenschutz(at)neuropraxis-neukoelln.de
Your Medical File
As doctors we create a medical file. We are obliged to do so in order to ensure transparent treatment. It contains a lot of your data, e.g. name, date of birth, address, telephone number, e-mail address (if you provide it), diagnoses, treatments, medication, findings, laboratory results and others. We are obliged to keep this data for 10 years after the end of the treatment. Occasionally longer retention periods may apply, e.g. in the case of X-ray records.
Who can view your medical file
Access to your electronic medical record is secured in our practice by strong passwords. Only our doctors, our employed medical assistants and technical staff, who are required to maintain our computer network, are allowed to view the files. All those involved have to adhere to strict confidentiality procedures.
Recipients of your Data
We only transfer your personal data to third parties if this is legally permitted and necessary or if you have given your consent. Recipients are primarily associations of statutory health insurance physicians, your health insurance company or the medical service of health insurance companies. The data transfer is carried out for the purpose of billing for the services provided by you. With your consent, we may also exchange data with other doctors, psychotherapists, occupational therapists, speech therapists and physiotherapists in order to clarify medical questions. We have no intention of transferring your data to any other third parties without your knowledge and consent.
Data Transmission via Telephone and Fax
The transmission of confidential data via telephone and fax is considered unsafe because these communication channels cannot normally be fully secured. Therefore you must give us your consent to pass on such data.
Data Transmission via Email
We offer secure encryption for the transmission of personal data in an email. This encryption requires the free and open software ”Gnu Privacy Guard (GnuPG)“. However, it is necessary that you install and set up GnuPG on your computer. You will find detailed instructions for this on our website. [follow this link]
Our GPG key
https://www.neuropraxis-neukoelln.de/neuropraxis.asc (fingerprint 8AC9 A796 A5E0 6052 0DD5 67EF 88DD DB8D 59E5 FD23)
Transmission of non-critical Data via Email
Only ”uncritical findings“ (e.g. laboratory results) can be sent to you, at your request and with your written consent, via an unencrypted email.
Data Transmission via Encrypted Secure Connections
The legally required and permitted data transfers via the internet, for example to the Association of Statutory Health Insurance Physicians (”Kassenärztliche Vereinigung“) or other practitioners, will always be encrypted.
The Creation of our Website
We have created our website ourselves. HTML and CSS, nothing else. Guaranteed no cookies, no trackers, no scripts and no social media plugins. And that's how we know that our sites are safe for you and respect your privacy.
Server of our Website Hoster
Our websites are located on the servers of
STRATO AG
(Pascalstraße 10, 10587 Berlin,
https://www.strato.de). Strato AG states that their servers are located exclusively in
Germany and are therefore subject to German data protection
regulations. Our website is transmitted in encrypted form. You can
recognise this by the fact that the address line of the browser begins
with https://
. Many browsers display a lock symbol in the
browser line. If the encryption is activated, transmitted data can
practically not be read by third parties.
Data collected by our Website Hoster
Whenever you visit an internet page, data is processed and saved. Including, by Strato AG, on whose servers our websites are located. So-called log data (connection data) are automatically collected and stored in log files. These are data which are automatically transmitted by your browser when you visit our web pages.
The following log data is collected by Strato AG:
- Your IP address, which in principle (anonymised) would be visible to us,
- the files you have retrieved (e.g.
index.html
), - the time of the server request,
- the size of the files retrieved by your browser,
- the page from which you accessed our site, and
- information about your operating system and your Internet browser (”user agent“)
To detect attacks Strato AG stores non-anonymised IP addresses for a maximum of seven days. After this period these are irrevocably anonymised. This data is not merged with other data sources (we cannot see, for example, whether you have visited our website). Further information on the privacy policy of Strato AG can be found (unfortunately in German only) at https://www.strato.de/datenschutz (in German Language).
OpenStreetMap
In order to better find our practice, we have included a map provided by the OpenStreetMap Foundation. When you visit the OpenStreetMap website, a cookie is stored on your end device. The functionality of the map is made available through this cookie. It enables OpenStreetMap to recognise the website from which your request has been sent and to which IP address the directions should be transmitted. If you do not agree with the cookie and the data processing by the OpenStreetMap Foundation, you can prevent the installation of cookies in your browser settings. Further information on the privacy policy of OpenStreetMap Foundation can be found on the OpenStreetMap's website https://wiki.osmfoundation.org/wiki/Privacy_Policy.
Your Consent to Data Processing and your Right of Objection
Many data processing operations are only permitted with your express consent. We will provide you with such consent at the beginning of a treatment in our practice. You can of course withdraw this consent at any time. An informal notification in writing or by email is sufficient for revocation.
Right of Access, Rectification, Blocking and Erasure
You have the right to information about your stored personal data, its origin, its recipients and the purpose of the data processing. You also have the right by law to correct, block and delete this data.
Consequences of Withdrawing your Consent to Data Processing
If you commence treatment at our practice, we assume that you agree with the data processing required by law. This includes the creation of a patient file and the transfer of your data for billing purposes. If you object to this data processing, we will not be able to fulfil our legally prescribed medical duties with the necessary care and will not be able to treat you in our practice. If you withdraw your consent to the transfer of your data, we will no longer be able to inform other doctors about your treatment or to receive reports from other doctors, laboratories or radiological institutes. This may affect the quality of medical treatment.
Right to Data Transferability
You also have the right to have your data handed over to yourself or to third parties. The data will be provided in a machine-readable format. If you request the direct transfer of the data to another responsible person, this will only take place as far as it is technically possible.
Right of Appeal to the Competent Supervisory Authority
If you see a violation of data protection laws, you have the right to complain to the responsible supervisory authority, in this case the State Data Protection Commissioner of Berlin (website in German, only) via mailbox@datenschutz-berlin.de. For more Information on German data protection see the website of the Federal Comissioner for Data Protection and Freedom of Information
Legal Basis
The right to collect, store, process and forward of your personal data is based on the EU General Data Protection Regulation (GDPR Articles 6, 9 and 13), the German Federal Data Protection Act (BDSG § 22), the Professional Code of Conduct of the Berlin Medical Association (BOÄ §§ 9 and 10, pdf file in German, only) and the German Radiation Protection Act (Strahlenschutzgesetz § 85 para. 2, website in German, only).