e-pacs Vers. 03
Register No. DE-080003p, valid until 28/09/2010
3rd Recertification: 08/2015
Telepaxx Medical Archiving GmbH proved that its IT-based service “e-pacs Storage Service” complies with EU data protection law. e-pacs is a central digital image data archive used by radiologists, hospitals and doctors in private practice. Users of e-pacs are controllers in respect of personal data relating to patients. e-pacs comes with excellent encryption and pseudonymisation functionalities. Thus, customers of Telepaxx can be sure to act in compliance with EU data protection law when making proper use of the service.
Product/Version
e-pacs Version 3.0
Cert. No.
EP-S-Z8P8CP
Validity
12/08/2015 – 31/08/2017
Second recertification on June 30, 2013
First recertification on May 20, 2011
Initial Certification on September 29, 2008
Monitoring
04/2016 (O.K.)
12/2016 (O.K.)
Public Report
2015 e-pacs Short Public Report [PDF] 
2013 e-pacs Short Public Report [PDF]
2011 e-pacs Short Public Report [PDF]
Initial: e-pacs Public Report [PDF]
Manufacturer/Provider
Telepaxx Medical Archiving GmbH
Wasserrunzel 5
91186 Büchenbach
Germany
Contact: Andreas Dobler
BEST
Data minimization
(encryption and pseudonymization)
ATTENTION:
Not applicable
Summary
e-pacs is a central digital image data archive. It files x-ray and other medical data. The data are encrypted prior to being transmitted from the department server located at the customer’s site to the e-pacs storage server located at Telepaxx’ premises.
Details
Recertification 08/2015
Since the recertification in 2013, the core components of the e-pacs service have not been modified.
There have been minor changes in the application environment (cf. the short public report).
Recertification 06/2013
Since the recertification in 2011, the core components of the e-pacs service have not been modified.
There have been minor changes in the application environment (cf. the short public report).
Recertification 05/2011
Since the certification in 2008, the core components of the e-pacs service (department server and deep storage server) have not been modified.
There have been some changes in the application environment (e.g., migration from Windows Server 2003, to Windows Server 2008 – for details, cf. the short public report). These changes do not have any impact on the evaluation results.
In 2009, § 11 BDSG (Bundesdatenschutzgesetz – German Federal Data Protection Act) was amended. This provision stipulates the requirements for processing security agreements between controllers and processors. The evaluation proved that the standard contract used by Telepaxx is in line with the (new) requirements.
Initial Certification 09/2008
e-pacs archives x-ray and other medical data on patients. It is used by radiologists, hospitals and physicians in private praxis. The service mainly comprises two components: The e-pacs department server located at the customer’s site and the e-pacs deep storage server located at Telepaxx’ premises. Medical data are encrypted prior to their transmission from the department server to the deep storage server. Moreover, instead of patient names, pseudonyms are transmitted as part of the header data. Thus, Telepaxx cannot access the x-ray image data and does not receive any personal information about the patients concerned.
Technical Evaluator
Dipl. Math. Ralf von Rahden
datenschutz cert GmbH
Konsul-Smidt-Str. 88a
28217 Bremen
Germany
Legal Evaluator
Dr. Irene Karper LL.M.Eur.
datenschutz cert GmbH
Konsul-Smidt-Str. 88a
28217 Bremen
Germany