Privacy information about Pacmed Critical

Pacmed is the manufacturer of the decision support software ‘Pacmed Critical’. Pacmed Critical is a CE-certified medical device that predicts the likelihood of a patient’s readmission to the Intensive Care Unit or Medium Care and/or unexpected death within a seven-day period of their hypothetical discharge at the time of using the software. The predictions that Pacmed Critical generates for a patient are based on processing personal data from the patient. Since personal data is at the core of the product, verification of correct data processing is also an integral part of Pacmed’s measures to ensure the safety and quality of Pacmed Critical.

As a manufacturer of a medical device, Pacmed has legal obligations to provide a safe medical device that delivers the right quality of services. Pacmed aims/strives to comply with these obligations without processing of personal data. Pacmed has concluded agreements with Amsterdam UMC (location VUmc) and we are investigating whether this is possible.

In case Pacmed would be required to process personal data to comply with legal obligations incumbent on Pacmed as a manufacturer of a medical device, Pacmed intends to keep the processing to a minimum. Amsterdam UMC (location VUmc) and Pacmed are investigating in this Pilot-trial/first months of the implementation of Pacmed Critical in what ways Pacmed can best ensure the safety and quality of Pacmed Critical. Pacmed will adjust its way of working as well as agreements accordingly.

Pacmed mainly works with pseudonymized data and based on that information we expect that it won’t be reasonably possible for Pacmed to identify a data subject.

If a data subject contacts Pacmed to exercise one of the abovementioned rights mentioned in articles 15 to 20 of the GDPR, and we are unable to identify them, we will give the data subject the opportunity to provide additional information enabling their identification. Only if identification is still impossible thereafter, the abovementioned privacy rights will not apply. Pacmed will then refer you to the hospital.

This exemption only applies when Pacmed no longer requires the identification of a data subject. In that case the GDPR states that the controller is not obligated to maintain additional information in order to identify the data subject, solely to comply with the GDPR (article 11).

This could be the case when Pacmed only processes pseudonymous data. According to the European Data Protection Supervisor (EDPS) this is data that can no longer be attributed to a specific individual, without the use of additional information. In that case, Pacmed is not obligated to process additional personal data and will follow the steps mentioned above.

As we continuously strive to improve our products and way of working, we will also update this statement if necessary.