Data protection in the practice - Medical practice - Training



Data protection in the practice - Medical practice - Training

Participants learn what needs to be considered in the area of data protection and information security, especially in the medical practice.
1. introduction and preface (confidentiality as a basis for work in the medical practice)
2. personal data in the doctor's office
3. basics of processing in terms of data protection in the medical practice
4. rights of the patient
5. duties of the medical practice / doctor
6. practical case studies in the medical practice and their correct data protection handling
7. conclusion

Each practical training contains the data protection basics training, since the practical training builds on the basics training.

+ Data protection basics - training

The data protection basics training serves to increase employee awareness in terms of data protection. Participants learn the fundamentals of the relevant data protection regulations.


1. basics
2. duties of the person in charge
3. data subject rights
4. data protection documentation
5. collection of personal data
6. disclosure / transmission of personal data
7. declaration of consent
8. IT security and data security
9. reporting chain in case of violations
10. sanctions for violations

Sample excerpts from physician practice - training:

  • Patient data should be kept confidential and protected from unauthorized access. Protection goal of confidentiality.
  • An appropriate level of data security should be ensured to prevent data loss or theft. Availability protection goal.
  • Access to patient data should be limited to authorized personnel and based on a need-to-know basis.
  • Appropriate technical and organizational measures should be taken to ensure the integrity and confidentiality of the data.
  • Existing data protection policies and procedures should be clearly defined and regularly communicated to employees.
  • Patient consent should be obtained before their data is used for purposes other than medical care.
  • Patients should have the right to access, correct and delete their own medical records, provided this does not conflict with other legal requirements.
  • The practice should designate a data protection officer who is responsible for monitoring compliance with data protection.
  • When using IT systems, appropriate security measures should be taken in accordance with Article 32 GDPR, such as password protection, firewall and encryption, and other IT baseline protection measures if necessary.
  • When patient data is shared with third parties, such as laboratories or insurance companies, appropriate privacy agreements should be in place.

Additional information


1 year

DSB buchen