Beurer is the first manufacturer of medical products to be certified in the field of data protection and data security. TÜV Rheinland has certified the web application of the Beurer HealthManager according to the standard "Data protection and data security". Ralf Freude, IT security expert at TÜV Rheinland, handed the certificate to Marco Bühler, managing director of Beurer GmbH. "The confidence of customers in our data protection and security measures is of the utmost importance to Beurer. This is why we turned to a third party in the form of TÜV Rheinland", explained Marco Bühler.
Following a comprehensive security review, the specialists in the field of information security confirmed, among other things, that the online portal of the Beurer HealthManager meets the statutory requirements of the German Federal Data Protection Act. Particular attention was paid to confidential health data, which the user stores when logging in online and is continuously saved when using the Beurer HealthManager.
"As part of the certification process, we performed a data protection audit as well as internal and external security analyses. These involved inspections of various computer centres along with a simulation of an external hacker attack with the aim of stealing confidential data", states Ralph Freude, IT security expert at TÜV Rheinland.
The result was that TÜV Rheinland was able to certify that the online application of the Beurer HealthManager meets the legal requirements of the German Federal Data Protection Act (BDSG) – both from a technical standpoint and with regard to responsibility and processes – and complies with important aspects of international standards such as ISO 27001 and ISO 18028. This means:
The confidentiality and integrity of the processed information are assuredThe declarations of the data privacy statement are effectively implementedPersonal data is effectively protected in accordance with the German Federal Data Protection ActExternally accessible, technical systems are effectively protected against unauthorised use.
To ensure a high level of data security, Beurer stores customer data in two independent computer centres.
The TÜV Rheinland certification is valid for a period of three years. A follow-up audit is performed after 12 months, to establish whether data protection and security is still assured and how processes can continue to be optimised. After 36 months, a re-certification must take place as a means of continuing the ongoing improvement process with regard to data protection and security in the long term.
The Beurer HealthManager is a health management system comprising a mobile app, PC software and the newly certified web platform. To register and download the HealthManager to an end device, the user must log in with their personal data prior to first use. The user can save measured body values such as weight, blood pressure and blood sugar either via USB or wirelessly via Bluetooth® Smart technology or NFC (Near Field Communication) and then view graphical representations of this data.