DiPA Apps and Cyber Security

What is a DiPA Application?

A DiPA application refers to a digital application developed as part of the “Digital Care Application” (DiPA). This is an initiative funded by the German government that aims to promote and disseminate digital solutions in the care sector.

A DiPA application can have various functions, such as providing support in organizing care services, monitoring health data, or providing information and services related to care. It is designed to help improve, facilitate, and digitize care. A detailed guide to DiPa can be found on the BfArM website.

To be recognized as a DiPA application, certain criteria must be met, such as the fulfillment of data protection requirements, the integration of user feedback and user-friendliness.

DiPA Apps and Data Protection Requirements

Key point: The data protection requirements that apply to digital health applications (DiGA) must also be met for digital care applications (DiPA).

Challenges

• Not all requirements are directly transferable: Some data protection provisions developed for DiGA do not fit DiPA one-to-one.
• Concrete adaptation necessary: For many requirements, there are specific instructions on how to adapt them for DiPA.

Key Data Protection Points

• Consent: Consent must be voluntary, specific and informed. It must be possible to revoke consent at any time.
• Purpose limitation: Data may only be processed for the purposes stated in the DiPAV.
• Restriction of use: This requirement applies primarily to web applications, not to mobile apps.
• Encryption: Data exchange must be encrypted using TLS as a minimum.
• Storage limitation: Personal data must not be stored for longer than is necessary for the purposes for which it was collected.
• Deletion concept: Data subjects must be able to exercise their rights to data deletion and restriction of processing.
• Processor: Processors must also meet data protection requirements.
• Penetration test: It is important to have all IT components checked with pentests.