Data protection and security
The only TÜV-Certified video services provider to be HIPAA compliant
CGM ELVI is the only video services software anywhere in Germany to have obtained TÜV certification for data security and data protection. This guarantees compliance with the highest security standards regarding data retention, procedures for processing, transmission and storage of data and IT infrastructure specifications. Certification has been achieved by applying the principles of IT security at the current level of technology whilst also taking account of basic IT protection according to BSI and the international standard for management systems for information security, ISO/IEC 27001.
The HIPAA certificate constitutes evidence that the requirements in respect of confidentiality and integrity of patient data as set out in the Health Insurance Portability and Accountability Act have been fully met. The Health Insurance Portability and Accountability Act is a US law dating from 1996 which governs data security and privacy within the context of Protected Health Information (PHI). It also regulates patient access to medical data records. HIPAA has been updated several times since being enacted in order to take account of new technologies and modern data protection risks.
CGM ELVI fulfils all the stipulations of the German healthcare system regarding the use of video services by doctors’ surgeries. Particular compliance is in place in respect of technical security and data privacy.
Encryption of video sessions
Communication during a CGM ELVI video session takes place via an SSL-encrypted peer-to-peer connection. This means that participants are linked directly without the use of an intermediary server. A secure server is only required for a brief period whilst the call is being established.
Video communication is based on WebRTC technology. This is an open standard defined by the W3C and implemented by the browser providers. It defines a collection of communication protocols and programming interfaces that enable real-time communication via peer-to-peer connections.