Press release
With Meedio, TÜV Informationstechnik (TÜVIT) has successfully tested and certified a digital video communication solution that can be used across all industries. With the certificate, the video service provider can now officially prove that the solution fulfils the highest requirements for data protection and information security.
If a confidential conversation is on the agenda, the parties involved usually look for a protected space to ensure that they can communicate with each other undisturbed. What is a matter of course in the real world should not be ignored on the World Wide Web. Nevertheless, many people use video services that were developed outside the EU and do not fulfil the requirements of the European General Data Protection Regulation (EU GDPR). For this reason, the company Meedio has set itself the goal of developing a European video consultation solution and thus creating a place where people can meet in complete safety, even in the digital space. Meedio has entrusted TÜVIT with the testing and certification of the solution in order to be able to objectively demonstrate compliance with data protection and information security.
The certification of the video consultation solution was accompanied by extensive requirements. These are set out in Annex 31b of the Federal Medical Practitioners' Contract (BMV-Ä) and serve as a basic prerequisite for being listed as a certified video service provider with the National Association of Statutory Health Insurance Physicians (KBV). On the one hand, Meedio had to provide independent proof of data protection. To this end, the experts from TÜVIT examined the processing operations of the video service in accordance with Article 42 GDPR, based on an exemption in Annex 31b BMV-Ä. In this context, they examined, among other things, the principles, lawfulness and security of data processing, as well as the process documentation and the rights of data subjects.
In addition, the information technology security of the solution was also scrutinised in accordance with Annex 31b BMV-Ä. As part of this, the IT security experts first carried out penetration tests to assess the existing security measures. This was followed by an audit in accordance with TÜVIT's own Trusted Site Video Consultation (TSVC) testing and certification process, which was used to inspect the IT infrastructure relevant to video communication. The main focus here was on the technical and organisational measures for transmission and the underlying encryption. For example, the experts checked whether data could be viewed or stored contrary to the specifications.
Meedio's video consultation solution successfully met all the test criteria in terms of both data protection and information technology security. As a result, the video service provider immediately received two certificates: According to Article 42 GDPR as well as TSVC. At the same time, Meedio fulfils the requirements that the KBV places on a certified video service.
"With Meedio, we have tested and certified a video service provider for the first time whose solution can be used not only in the healthcare sector, but also across all industries," says Tobias Mielke, management systems expert (data protection and information security) and Senior Consultant Business Security & Privacy at TÜVIT. "The fact that data protection and privacy are particularly important in this context is now confirmed by the two certificates issued."
TÜV Informationstechnik GmbH (headquartered in Essen, Germany) is a renowned IT security service provider and an independent testing institute and laboratory for IT security and cyber security in digitalisation. TÜVIT has been accredited worldwide since 1995 and creates trust in security measures at the level of business processes, data, applications and technologies through vulnerability analyses, audits and evaluations. TÜVIT is a powerful partner in detecting and responding to cyber attacks and ensures rapid restoration of business capability. In this way, businesses, public authorities and operators of critical infrastructures strengthen their regulatory compliance in the areas of confidentiality, integrity and availability as well as their holistic cyber resilience and IT security in the supply chain.
Together with ALTER TECHNOLOGY, TÜVIT forms the Digital & Semiconductor business unit. The business unit is a key pillar of the TÜV NORD GROUP, a knowledge company that has stood for security and trust worldwide for over 150 years. Engineers and IT security experts in more than 100 countries ensure that companies become even more successful in the networked world.
