Data Privacy Declaration

Data Privacy Declaration for management services and care research into managed care delivered by APST GmbH, use of the APST Platform and the ALS and SMA Applications

For better legibility the following text shall not make gender specific distinctions in terminology. Any and all information referring to persons shall be deemed to apply equally to both genders.

1. Data Processing General Purpose

APST GmbH, at the address Friedrichstraße 90, 10117 Berlin, Tel: +49 (0)30 81031410, Fax: +49 (0)30 20164002, E-Mail: info@ambulanzpartner.de (hereinafter “APST“) offers a range of managed care services comprising coordination and networking facilities between patients (and their relatives), medical partners (e.g. doctors, social services) and providers of assistive technology devices, therapeutics and medication therapy (e.g. medical supply and equipment stores) as well as nursing care (hereinafter collectively “Providers”). The entity of participating patients, providers, medical partners and coordinators are subsumed under the term “Care Network”. The APST Platform (www.ambulanzpartner.de) is the online coordination and communication platform digitally linking the care network participants. It features, among other things, an electronic patient record and digital process control for managed care and care research purposes. The “ALS App“ and “SMA App“ are mobile software applications facilitating participation in surveys and disease course and treatment ratings. The Internet platform and the two applications shall subsequently be referred to as “APST Platform”.

2. Responsibilities

(1) APST is responsible for data privacy, protection and security for the APST Platform user experience. For platform operation, APST closely cooperates with Charité – Universitätsmedizin Berlin (Charité – University Hospital Berlin, hereinafter “Charité“). On behalf of APST, personal data are stored on the Charité’s servers that meet the particular and most stringent data security and data privacy standards for health data. Data hosting services for the APST platform in the context of managed care are delivered by Charité. APST is the contracting party of hosting services and the responsible entity pursuant to the General Data Protection Regulation, GDPR (Datenschutz-Grundverordnung, DSGVO).

(2) The personal data captured and used via the APST Platform are sensitive data protected with effective and reliable data privacy and data security measures. Together with Charité, APST ensures compliance with data privacy laws and, at that, is reportable to the County of Berlin Data Protection Authority. At APTS, top priority is equally given to company-internal data privacy and protection. Employees are bound to discretion and under obligation to act in conformity with the applicable data privacy laws.

(3) Our data privacy officers can be contacted at datenschutz@ambulanzpartner.de or by sending a letter for the attention of “(FAO) Data Privacy Officer”, at our address stated above.

3. Data Processing for Managed Care and Care Research Purposes

3.1. Purpose Limitation Principle, Legal Basis

(1) APST shall process your personal data only to the extent necessary for the rendering of managed care and care research services (see Table 1 and 2 in Section 3.4.). Transfer of your personal data to third parties outside the APST network shall require your explicit consent. Moreover, transfer to state organizations and authorities entitled to receive information shall not go beyond the statutory reporting duties unless a court order obliges APST to do so.

(2) The legal basis for data processing for managed care and care research purposes shall be the current contractual relationship (Art. 6 Section 1 p. 1 lit. b GDPR) as well as the patient’s consent (Art. 6 Section 1 p. 1 lit. a GDPR) and the patient’s signed consent form for care research (Art. 6 Section 1 p. 1 lit. a GDPR).

3.2. Managed Care

(1) APST shall process your personal data for care coordination purposes. Managed care is a service rendered by non-physician professionals. Comprised therein are organizational tasks in the provision of assistive technology devices and other medical devices. The following is included in care coordination:

  • Receipt of care provision requests for assistive technology devices, therapeutics and nursing care by e-mail, fax, mail delivery or online
  • Digital capturing of the care provision request on the APST Platform
  • Contacting patients, relatives or legal guardians by telephone to confirm and further specify the care provision request
  • Identification of a suitable provider within the care network in the name and on behalf of the patient
  • Identification of a suitable provider outside the care network (if no suitable provider is available within the network) in the name and on behalf of the patient
  • Provision of a telephone service for patients, medical partners and providers
  • Review and reminder service for pending care provision requests with providers
  • Receipt, forwarding (doctor’s offices and outpatient department) and return of the patient’s health insurance card in the name and on behalf of the patient

(2) To facilitate managed care, APST shall furthermore deliver data, document, prescription, and complaint management services, the extent of which is specified in the relevant sections of the Services Specifications for Patients (Sections 3.2 to 3.6 therein).

(3) In the context of the managed care concept, the patient-related and care related data depicted in Table 1 (Section 3.4.) shall be captured on the APST Platform and used further by those medical partners, providers and coordinators with a mandate for care provision

(4) The users of the APST Platform (patients, medical partners, coordinators) agree that the users duly authorized to deliver the respective patient’s care and/or care coordination may view and exploit further all of the patient’s personal data for care provision purposes.

3.3. Care Research

(1) The data generated in the context of managed care shall be used to perform a systematic analysis of care provision – conditional upon obtainment of your informed consent. The care data digitalized on the APST Platform are thus conducive to care coordination and research into managed care.

(2) The data collected in the managed care context (see Table 2 in Section 3.4.) shall be exploited for scientific or health economic analyses. Data utilization for research, publication, education and health-economic purposes shall take place exclusively by employing pseudonymized and/or anonymized data, subject to your informed consent to the respective cause. Depending on the choices you made in the Patient Information and Consent Form, your pseudonymized and/or anonymized data shall be used as follows:

  • Display of my pseudonymized ratings submissions relating to treatments, providers, medical devices or medicinal products on the APST Platform website (e.g. scoring for satisfaction with physiotherapy, an assistive technology device or a medicine)
  • Analysis of my pseudonymized data for care research purposes in cooperation with academic institutions across Germany to promote the advancement of medical treatments (e.g. systematic analysis of necessary assistive technology devices over the course of ALS, Multiple Sclerosis and other neurological diseases);
  • Analysis of my pseudonymized data for care research purposes in cooperation with organizations from the health care sector to promote the development and advancement of medical technology, medicines, medical devices or treatment methods (e.g. systematic analysis of ALS patients’ user experience with regard to a specific device for the relevant ATD manufacturer).

3.4. Extent and Scope of Data Exploitation

(1) Data processing on the APST Platform shall serve managed care and care research purposes.

(2) Personal data, i.e. individual information on a specific or identifiable patient’s personal and factual situation, shall be used solely for the purpose of realizing managed care. Utilization shall be limited to the very persons within the care network with a mandate for the provision of care and care coordination services for a particular patient.

(3) Table 1 illustrates the data used exclusively for managed care purposes and not for care research within the APST Platform

Table 1: Data used exclusively for managed care purposes (not for care research)

Contact Details

Data Field

Kontaktdaten

  • Main address
  • Subsidiary address(es)
  • Patient’s telephone number (lists)
  • Telephone numbers for relatives and other authorized persons (lists)

Medical Profile

  • Contact details and profile for medical outpatient departments, doctor’s surgeries/offices and clinics, care teams, social services branch, nursing care advisory services and sundry medical institutions involved in the patient’s care
  • Contact details and profile for providers of therapeutics and assistive technology devices and pharmacies

Social Profile

  • Advance Health Care Directive
  • Legal guardianship

Payer/Health Insurance Company

  • Insurance number
  • Copayment exemption
  • Name of health insurance company (select from menu)
  • Competent department at health insurance company
  • Health insurance company’s postal address
  • Date of swiping the health insurance card in the card reader

Documents (Scans of Printouts)

  • Doctor’s letters
  • Patient Information and Consent/sundry assent forms
  • Care provision requests
  • Test reports of care provisions
  • Medication schedules
  • Therapy reports
  • Transition forms
  • Health care proxy
  • Advance Health Care Directive
  • Sundry documents

Provision of Therapeutics

  • Prescriber of therapeutics
  • Prescriber‘s contact details
  • Care partner for therapeutics
  • Care partner’s contact details

Provision of Assistive Technology Devices (ATD)

  • Person who defined the need
  • Name of provider of ATD; name of ATD manufacturer
  • Prescriber of ATD
  • Prescriber’s contact details

Medication

  • Care partner (pharmacy)
  • Prescriber of medication
  • Prescriber’s contact details

(4) Table 2 illustrates those pseudonymized and/or anonymized data used for care research and managed care purposes in conjunction with personal data (Table 1) within the APST Platform.

Table 2: Data used for managed care and – in pseudonymized and/or anonymized form – for care research

Data Category

Data Field

Domestic Situation

  • Type of abode (house, flat; for rent; own property)
  • Living space and number of rooms
  • Number of steps of stairs/stairwell (if any)
  • Floor/story
  • Availability of a lift
  • Accessibility

Social Profile

  • Marital status
  • Number of children
  • Place of residence or nursing care facility (select from menu)
  • Profession
  • Profession last pursued
  • Nursing care level/degree
  • Nursing care insurance services

Payer/Health Insurance Company

  • Name of health insurance company (select from menu)

Medical Profile

  • Main diagnosis according to ICD-10 (select from menu)
  • Subsidiary diagnosis according to ICD-10 (select from menu)
  • Ventilation therapy (select from menu)
  • Nutrition therapy (select from menu)
  • Contact details and profile for medical outpatient departments, doctor’s surgeries/offices and clinics, care teams, social services branch, nursing care advisory services and sundry medical institutions involved in the patient’s care
  • Contact details and profile for providers of therapeutics and assistive technology devices and pharmacies

Scan of Print Documents

none

Provision of Therapeutics

  • Current therapeutics processes (overview)
  • Therapeutics processes completed (overview)
  • Ticket number for therapeutics; date of filing the care provision request
  • Prescription outside standard care; field of therapy (select from menu)
  • ICD Diagnosis Code (select from menu)
  • Type of therapeutic (select from menu)
  • Quantity prescribed (units)
  • Frequency recommendation (select from menu)
  • Duration of therapy session in minutes
  • Necessity of home visits for therapy
  • Therapy report
  • Cardinal symptoms indicating the provision of therapeutics
  • Therapy goals for the provision of therapeutics
  • Date of issue
  • Envisaged commencement date of therapy
  • Prescriber of therapeutics
  • Prescriber‘s contact details
  • Care partner for therapeutics
  • Care partner’s contact details
  • Date and content of therapeutics need
  • Date and content of prescription request by the provider
  • Date and content of prescription request submitted to the doctor
  • Date of issue of prescription by the doctor
  • Date of receipt of prescription at provider’s office
  • Commencement date of therapy
  • Completion date of therapy
  • Number of weekly therapy units delivered
  • Date and reason for cancellation of therapy

Provision of Assistive Technology Devices (ATD)

  • Pending ATD provision processes (overview)
  • Completed  ATD provision processes (overview)
  • Product description; ticket number
  • Person who defined the need
  • Main need for provision of assistive technology devices; ATD group
  • ATD product description
  • ATD specification
  • Name of ATD; date of prescription
  • Name of provider of ATD; name of ATD manufacturer
  • Prescriber of ATD
  • Prescriber’s contact details
  • Date of care provision need
  • Date of care provision request
  • Date of first contact between coordinator and patient
  • Date of care provision request
  • Date and content of first contact between patient and provider
  • Date and content of the provider’s consultation with the patient and trial period with the patient
  • Date of prescription request by the provider
  • Wording on prescription for the ATD, group, ATD product specification
  • Date of submission of prescription request to the doctor
  • Date of issue of prescription by the doctor
  • Date of receipt of prescription at the provider’s office
  • Date of submission of application for cost absorption to the health insurance company by the provider
  • Date of cost absorption
  • Date of rejection (if any)
  • Date of delivery (if any)

Medication

  • Medication discontinued (overview)
  • Current medication (overview)
  • Medicine ticket number
  • Central pharmaceutical number for medicine (if any)
  • Brand name
  • List of excipients and constituents
  • Qualitative and quantitative composition
  • Date of starting medicine intake
  • Date of discontinuing medicine intake (if any)
  • Dosage regimen
  • Therapeutic indication
  • Name and address of pharmacy
  • Prescriber of medication
  • Prescriber’s contact details

Clinical Scales

  • Amyotrophic Lateral Sclerosis Functional Rating Scale- revised (ALSFRS-r), 12 items
  • Amyotrophic Lateral Sclerosis Functional Rating Scale extended (ALSFRS-ex), 15 items
  • Functional Ambulation Categories, one item
  • Questionnaire on Health-Related Quality of Life (EQ-5D-5L9), 5 items
  • Measure Yourself Medical Outcome Profile (MYMOP)
  • Net Promoter Score (NPS), one item
  • Treatment Satisfaction Questionnaire for Medication (TSQM), 9 items

Applicationen

  • Disease progression rate in ALS and SMS

4. Data Processing for Website Visits

(1) When using our websites merely for the purpose of gaining information, i.e. when no request or personal information is submitted and no login is performed, we shall process the data your browser sends to our server, and those data technically required to display our website to you and to safeguard stability and security:

  • IP address
  • Date and time of enquiry,
  • Duration of website visit,
  • Time zone difference to Greenwich Mean Time (GMT),
  • Content of enquiry (precise page),
  • Access status/http status code,
  • Data volume transferred each time,
  • Website this enquiry is coming from,
  • Our websites that you visit,
  • Internet service provider,
  • Browser type,
  • Server Log Files,
  • Operating systems and their interface,
  • Language and version of browser software.

(2) The relevant legal basis is Art. 6 Section 1 p. 1 lit. f) GDPR, i.e. our legitimate interest in displaying the websites that are accessed.

5. Data Processing for Contact

When you contact us via e-mail, telephone or by using a contact form, the information you supply to us (e.g. e-mail address, name, telephone number and content of the enquiry) shall be processed to answer your queries and/or deal with your issue. The legal basis for this is Art. 6 Section 1 p. 1 lit. b GDPR.

6. Data Processing for Newsletter Circulation

(1) We shall send e-mails and other electronic memorandums with commercial information (hereinafter “Newsletter“) only subject to your explicit consent (Art. 6 Section 1 lit. a GDPR) or to a legal permission. The newsletters contain the latest information on our projects, events, company and network. By subscribing to our newsletter you agree to receive it.

(2) Employment of shipping or mail order services, performance of statistical surveys and analyses as well as login procedure protocols shall be based on our legitimate entitlement pursuant to Art. 6 Section 1 lit. f GDPR. Our interest shall be aimed at employing a user-friendly and secure newsletter system, to satisfy both our business interests and your expectations.

(3) You may revoke your consent to receipt of our newsletter at any time.

7. Your Rights

1) With regard to your personal data, you shall be entitled to the following rights in your dealings with us:

  • Right to information (Art. 15 GDPR),
  • Right to rectification and deletion (Art. 16 und 17 GDPR),
  • Right to limitation of processing (Art. 18 GDPR),
  • Right to objection against processing (Art. 21 GDPR),
  • Right to data transferability (Art. 20 GDPR).

(2) You shall furthermore have the right to lodge a complaint with the Data Protection Authority about the way we process your data.

(3) We point out that you may revoke any data privacy consent you have given us at any time and with effect for the future. The same shall apply to your consent to be contacted for commercial purposes. To this end, please simply send an e-mail to: datenschutz@ambulanzpartner.de. The respective revocation may result in our offer no longer being available to you or with limitations only.

(4) In so far as our processing of your personal data is based on the weighing of interests (Art. 6 Section 1 S. 1 lit. f GDPR), you shall be entitled to object to such processing. When lodging such an objection, we will kindly ask you to tell us the reason why we are no longer allowed to process your personal data the way we do. For any substantiated objection, we shall verify the facts and either cease to process your data, adjust the processing method or elucidate to you our compelling protection-worthy reasons why we shall continue to process your data.

8. Data Security and Data Deletion

(1) The data accessible on the APST Platform are sensitive data and shall thus be subject to the most stringent and state-of-the-art security standards.

(2) You may only access your data after entering an individual user name and password. We generally recommend safeguarding your access data (user name, password) as if they were valuables and to refrain from writing them down and keep them somewhere. You shall personally be responsible for the safety and security of your own computer and software, and under obligation to ensure adequate protection.

(3) Access to personal data shall be subject to access authorization as specified below:

Patient

  • Personal contact details
  • Personal social profile
  • Personal medical profile
  • Personal care processes
  • Personal ratings
  • Contact details and profile for medical partners and providers involved in the patient’s care provision

Medical Partners and Providers

  • Access to all the data available on the platform for the patient for whom they have a mandate for treatment or provision (no data available for patients for whom they do not have a mandate for action)

Coordinator Role

  • Access to all the data available on the platform for the patient for whom they have a mandate for coordination (no data available for patients for whom they do not have a mandate for coordination)

APST Network Manager, Data Manager and Administrator Roles

  • Full data set with all patient-related and care-related data
  • Full data set for all medical partners and providers
  • Full data set for all patient ratings (survey administration) and participating parties (participant administration)

(4) Data shall be encoded for transfer from the user’s computer to the server and vice versa.

(5) The data processed by APST shall be deleted upon expiry of contract if no relevant retention periods are provided by law. Data shall be continued to be processed after the patient’s death, unless the contractual relationship has been terminated by the patient’s legal successor or the patient’s consent has been revoked. The processing of any data not deleted for reasons of compliance with legal provisions (e.g. settlement data pursuant to § 257 Section 1 German Commercial Code [Handelsgesetzbuch, HGB] and/or § 147 Section 1 commercial/tax regulations for data retention) shall be limited, i.e. data shall be disabled for operative use.

9. Final Provisions

(1) APST shall take technical and organizational security measures to protect the data processed, particularly against random or willful manipulation, destruction, or violation by an unauthorized person. Security measures shall be updated on a continuous basis according to technical progress.

(2) To the extent to which we use subsidiary companies to render our services, we shall take appropriate technical and organizational measures safeguarding protection of personal data pursuant to the applicable laws. Subsidiary companies shall predominantly be technical providers supporting us in our performance.

(3) APST shall update the Data Privacy Declaration from time to time according to technical progress and the further development of the services offered herein. In so far as the amendment made to the Data Privacy Declaration does not affect the utilization of the personal data we already have on you, the new Data Privacy Declaration shall be in full force and effect from the date of updating it. Any changes to the Data Privacy Declaration affecting the utilization of the personal data we already have on you shall only be implemented if this is considered an adequate and reasonable act for you. In such a case, you shall be notified in good time. You shall have the right to object to the Data Privacy Declaration within four (4) weeks of receiving notification of the new effective Data Privacy Declaration. In case of objection, we shall reserve the right to terminate the utilization contract. If no objection is lodged, the amended Data Privacy Declaration shall be considered agreed by you. We shall remind you of your right to objection and the significance of the notice period for objection when we notify you of such a change.

(4) APST shall be available to you for further queries and information on data privacy and protection, and the processing of your personal data via the address for correspondence stated on the legal information page on our website. For requests, suggestions, and information on data privacy you may furthermore contact the external data privacy officer for APST at datenschutz@ambulanzpartner.de.

Our data protection officer:

Hans-Christian Widegreen
Fachanwalt für Informationstechnologierecht
Widegreen&Data GmbH
Wrangelstraße 5, 10997 Berlin
datenschutz@ambulanzpartner.de