Swedish Patient Data Act (HSLF-FS 2016:40)¶
We are not lawyers, this is not legal advise.
It is your responsibility to discover what law applies to you and how to best comply with it. In case of doubt, consult your Data Protection Officer (DPO) or equivalent.
Controls not covered below are controls which cannot be fulfilled by Compliant Kubernetes. These include requirements such as:
- Your management team needs to regularly perform various risk analysis.
- You need to do background checks when recruiting.
- You need to activate multi-factor authentication in your Identity Provider.
- You need to have a policy on how to safely use USB sticks.
- Requirements which fall under the scope of the application.
If you are a Swedish healthcare provider, you likely process patient data. Patient data includes GDPR personal data and patient records. HSLF-FS 2016:40 recommends following ISO 27001.
Please look at the ISO 27001 controls to understand how Compliant Kubernetes helps you keep patient data private and secure.