Swedish Patient Data Act (HSLF-FS 2016:40)¶
We are not lawyers, this is not legal advise.
It is your responsibility to discover what law applies to you and how to best comply with it. In case of doubt, consult your Data Protection Officer (DPO) or equivalent.
Note
Controls not covered below are controls which cannot be fulfilled by Compliant Kubernetes. These include requirements such as:
- Your management team needs to regularly perform various risk analysis.
- You need to do background checks when recruiting.
- You need to activate multi-factor authentication in your Identity Provider.
- You need to have a policy on how to safely use USB sticks.
- Requirements which fall under the scope of the application.
If you are a Swedish healthcare provider, you likely process patient data. Patient data includes GDPR personal data and patient records. HSLF-FS 2016:40 recommends following ISO 27001.
Please look at the ISO 27001 controls to understand how Compliant Kubernetes helps you keep patient data private and secure.
HSLF-FS 2016:40 3 kap. 9 § Upphandling och utveckling¶
HSLF-FS 2016:40 3 kap. 10 § Upphandling och utveckling¶
HSLF-FS 2016:40 3 kap. 12 § Säkerhetskopiering¶
HSLF-FS 2016:40 3 kap. 13 § Säkerhetskopiering¶
HSLF-FS 2016:40 3 kap. 14 § Fysiskt skydd av informationssystem¶
HSLF-FS 2016:40 3 kap. 15 § Behandling av personuppgifter i öppna nät¶
HSLF-FS 2016:40 4 kap. 2 § Styrning av behörigheter¶
HSLF-FS 2016:40 4 kap. 3 § Styrning av behörigheter¶
HSLF-FS 2016:40 4 kap. 9 § Kontroll av åtkomst till uppgifter¶
- Audit Logs
- Log Review
- How do I comply with HSLF-FS 2016:40 4 kap. 9 § Kontroll av åtkomst till uppgifter?
- Long-term Log Retention