Data Protection; Support - Cardiocity RhythmPadGP User Manual

The RhythmPad software suite will only connect to Microsoft Azure if the system that
is running the software suite is connected to the Internet. The data sent to the cloud
is used for purely analytical reasons and for the continuous improvement and
development of our algorithms and associated mathematics.
5.3

Data Protection

Cardiocity's RhythmPad system connects to the Cloud wherever possible and sends
anonymised ECG data for statistical purposes only. We gather this data not only to
provide you the user with an anonymised back up, but also to undertake our process
of continuous improvement with regards the functionality and performance of the
analytical algorithms used within the RhythmPad range of products.
We undertook consultancy with the UK Information Commissioners Office (ICO) to
ensure that the data sent into the cloud was anonymised to the extent that the data
transfer did not qualify as personal data under the UK Data Protection Act of 1998.
European laws on Data Protection and the classification and quantification of
Anonymous data vary from country to country across the EU.
It is the responsibility of the user to ensure that they are operating the
RhythmPadGP product in accordance to their local data protection policy.
Data protection in the EU is enshrined in the Treaty on the functioning of the
European Union (article 16). According to the Treaty, everybody has the right to the
protection of personal data concerning them. The fundamental right to the protection
of personal data is explicitly recognised also in Article 8 of the Charter of
Fundamental Rights of the European Union. Under the heading "Protection of
personal data", Article 8 stipulates:
• Everyone has the right to the protection of personal data concerning him or her.
• Such data must be processed fairly for specified purposes and on the basis of the
consent of the person concerned or some other legitimate basis laid down by law.
Everyone has the right of access to data which has been collected concerning him or
her, and the right to have it rectified.
• Compliance with these rules shall be subject to control by an independent authority.
• Directive 95/46/EC was adopted to harmonise national provisions on protection of
individuals in processing and free movement of personal data. The directive has
been implemented in all EU countries.
On 25 January 2012, the Commission proposed a comprehensive revision of the
current Data Protection Directive which among other issues aims to address key
aspects of processing personal health data, to ensure on the one hand privacy for
patients while still enabling the EU to meet the other legitimate objectives in the
Treaties such as a high level of health protection.
The EU laws are changing on Data Protection towards a unified policy but the onus
remains on the RhythmPad
accordance with local policy. The only data that is sent to the cloud is the subjects'
initials, sex and date of birth. From this data, Cardiocity as an organisation cannot
identify the subject, only the clinic where the subject is registered, if they are
registered at all may be able to identify the subject from this data set.
6.0

Support

Cardiocity provide email support via the
RhythmPadGP Manual.doc 20/05/16
Cardiocity Limited – RhythmPad
GP
user to ensure that the product is being used in
contact@cardiocity.com
GP
– User Guide- Page 40
email address.