GDPR compliance

Levvel Health’s Remote Patient Monitoring solution (levvel.connect) can comply to GDPR regulations as explained here: https://gdpr.eu/
 
Consent and legal basis for processing
Levvel Health assures that all patients can give their consent to data processing upon initial contact.
Such consent will be stored in the record permanently, or until patient request full deletion of data. In addition to consent from the patient, it is the responsibility of Levvel Health’s clients to provide legal basis for processing – in accordance with intended use for the provided Levvel Health solution.
 
Data control
To preserve subjects’ privacy, Levvel Health must:
  • Only process data for authorized purposes
  • Ensure data accuracy and integrity
  • Minimize the exposure of subject identities, and
  • Implement data security measures.
Levvel Health has fully encrypted database, and encryption keys are stored away from the actual database resulting in full pseudonymisation compliance.
 
The solution is developed and released as a fully certified ISO 13485:2016 system, which insures full data control. Every component of the Levvel Health solution is extensively analysed with regard to patient risk, and the conclusion is documented.
 
Data security
Data security goes hand-in-hand with data control. GDPR puts security at the service of privacy. To preserve subjects’ privacy, organizations must implement:
  • Safeguards to keep data for additional processing
  • Data protection measures, by default
  • Security as a contractual requirement, based on risk assessment, and encryption
Levvel Health has implemented full encryption from end to end with highest possible encryption level (256bit AES). Read more about the legal requirements here: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32016R0679
 
Right to erasure and access
Subject data cannot be kept indefinitely. GDPR requires organizations to completely erase data from all repositories when:
  • Data subjects revoke their consent
  • A partner organization requests data deletion, or
  • A service or agreement comes to an end
It is worth noting, however, that if there are legal reasons — specified in the regulation — an organization can retain and process a subject’s data. Exceptions are few, however. Levvel Health support the ability to allow any patient or user full access to all data stored in the system. All data can be exported to ensure full portability as well. Furthermore Levvel Health upport the ability to erase patient’s data if so requested and if the request is legal according to data processing location, institution and country.
 
Risk mitigation and due diligence
Organizations must assess the risks to privacy and security, and demonstrate that they’re mitigating them. This requires they:
  • Conduct a full risk assessment
  • Implement measures to ensure and demonstrate compliance
  • Proactively help third-party customers and partners to comply, and
  • Prove full data control
The Levvel Health platform is developed under ISO13485:2016 which implement absolute and fully documentable risk analysis, compliance and data control. Same ISO13485:2016 certification regulates all changes and provide assistance to proactively support partners are in compliance too.
 
Levvel Health has full control/track of data in an unbroken chain from user to clinician.
Due to the used ISO 13485:2016 QMS, Levvel Health can document all changes throughout the system, and roll back to previous versions on demand as a part of a recall or breach procedure.
 
Data protection is designed in to system as a default, which is documented by the ISO13485:2016 implementation and can be audited by 3rd party. Default security is highest level. Any changes to data processing is likewise fully documented at any time.
 
Breach notification
When a security breach threatens the rights and privacy of a data subject or subjects, organizations must:
  • Notify authorities within 72 hours
  • Describe the consequences of the breach, and
  • Communicate the breach directly to all affected subjects
Levvel Health ISO13485:2016 QMS system implement full set of procedures for recall and handle data breaches, including who to notify within the relevant time limits.
 
Records of Activity
As an integral part of the solution OTH implement full audit logs for all activities in the system, including ID of operator and patient. Audit logs can be reviewed at will.
 
Levvel Health hereby submit full GDPR compliance.

Jesper Lodahl, CEO 
Levvel Health ApS
 
Deborah Cooley, Chief Compliance Officer 
Levvel Health ApS

Address

Levvel Health ApS
Savsvinget 7, DK-2970 Hørsholm, Denmark
+45 7071 3383
contact@levvel.health

VAT NO.: 41230134

Follow us

Free Icon | Linkedin logo      Facebook Logo Icon of Glyph style - Available in SVG, PNG, EPS, AI & Icon fonts      Twitter icon

Co-funded

European Union's Horizon 2020 research and innovation programme | TiamatCo-funded by the Horizon 2020 of the European Union