BIOPROMIN LTD
GENERAL DATA PROTECTION REGULATORY (GDPR)
COMPLIANCE WHITE PAPER
Introduction
As a developer, manufacturer, and supplier of noninvasive medical devices, Biopromin LTD is dedicated to delivering high-quality, richly featured medical products making healthcare more accessible and affordable around the world. Since founded in 2011, Biopromin LTD has been striving not only to provide medical devices and industry solutions but also practice corporate value into every aspect of the company. To better serve clients, Biopromin LTD follows the most stringent international and CE manufacturing and quality control standards in each of its state-of-the-art manufacturing facilities, ensuring efficiency and traceability throughout the entire process. This White Paper aims to provide our clients and stakeholders information to understand the Biopromin LTD privacy policy better. Specifically, this White Paper describes how Biopromin LTD implements its privacy policy to collect, store, transfer and delete data in the process of product design, manufacture, sales and use.
With the effective date of General Data Protection Regulation (GDPR) of European Union, Biopromin LTD has been taking practical actions to comply with GDPR compliance frameworks. Biopromin LTD is a leading practitioner at the forefront of industry compliance practices all along. In this White Paper, it will help you to understand:
• Biopromin’s LTD overall privacy protection policy, including guiding principles adopted by Biopromin LTD Headquarters and its subsidiaries; • Biopromin LTD GDPR compliance programme illustrating the corporate governance and internal controls with regards to the considerations of privacy protection; • The mechanism of Biopromin’s LTD products, including NID (non invasive diagnostic), ESWT (shock-wave theraty), LIT (Low Intensity VHF-UHF therapy) on how to collect, store, transfer and delete data. Disclaimer: This White Paper is provided solely for informational purposes and aimed to help existing and prospective business partners understand how Biopromin LTD may facilitate your compliance with the GDPR. It shall not be construed or used as legal advice about the GDPR, its implementing rules or regulatory guidelines. The White Paper summarises Biopromin’s LTD GDPR compliance measures and status as of the release date of this document and is subject to future changes without prior notice. As each business partner may have substantially different demands and may be operating under different personal data protection regimes, Biopromin LTD strongly encourages you to obtain properly customised legal advice on personal data protection in general, and the GDPR compliance in particular. This White Paper does not constitute or create any warranties, responsibilities, representations, contractual commitments, conditions, endorsement or assurances from Biopromin LTD.
Our Vision Better healthcare for all.
Our Mission Advanced medical technologies to make healthcare more accessible.
Our Commitment Biopromin LTD is strongly committed to protecting the privacy of personal data that they maintain about our clients, employees and other individuals. As part of this commitment to confidentiality, Biopromin LTD regularly reviews its data protection practices to comply with applicable laws, industry standards and best practices. Biopromin LTD is now in the process of implementing the requirements of GDPR, building on existing confidentiality and security processes and standards. The new GDPR compliance programme is extensive and covers multiple functional areas and aspects of our business, all in pursuit of accountability and transparency in how Biopromin LTD collects, process, protects and disposes of personal data. Biopromin’s LTD continuous improvement in this area is a long-lasting mission.
GDPR briefing
GDPR Overview: A Regulatory Change As is becoming effective on May 25, 2018, General Data Protection Regulation (GDPR) deal with personal data and intend to give individuals more control over their data. The new GDPR impose a regulatory framework in Europe and the broader world for the processing of personal data relating to an individual in the EU. Compared to the prior regulation. GDPR shifts the focus from organisational responsibilities to the rights of individuals by strengthening their ability to know where it is, how it is being used, making sure it is correct, to have it deleted or transferred, and to object to it being used. This regulation shift changes the way organisations or companies to collect and process data, especially some categories of personal data (health, ethnicity, religion, biometrics, sexual orientation, etc.) having even more demanding conditions. Accordingly, there is a new requirement for organisations or companies to document their processing activities of how they are protecting personal data and using lawfully, fairly and transparently.
Is Biopromin LTD well prepared for GDPR? Biopromin LTD is working closely with its staff, clients and third parties about the GDPR compliance programme between Headquarters and Europe. According to GDPR requirements, Biopromin LTD implements reasonable and appropriate organisational and technical measures to ensure that the nature, scope, context and purpose of our products are under a regulatory framework.
Biopromin LTD practices «Privacy by Design» and our products have been designed with the considerations relevant to GDPR requirements from the beginning of the project and throughout the entire lifecycle.
How we protect our clients information
Biopromin LTD General Data Protection Regulation (GDPR) Programme Given Biopromin’s LTD global footprint and expansive business model, our company sit at the convergence of market demands and regulatory forces related to data, especially the GDPR. Biopromin LTD intends to build the programme on the existing Information Protection Standard and is designed to achieve a level of enhanced baseline uniformity across the globe, informed chiefly by the prevailing and dominant legal requirements, emerging client demands, and the need to facilitate the realisation of Biopromin’s LTD commercial targets. To better meet GDPR compliance requirements and protect customer’s privacy, Biopromin LTD has launched a GDPR compliance programme positively and proactively. In accordance to GDPR compliance core areas, Biopromin LTD will demonstrate the security of the data processing and compliance with the GDPR continually, by implementing and regularly reviewing robust technical and organisational measures, as well as compliance policies in this White Paper.
Biopromin LTD GDPR Compliance Programme Organisation Chart In accordance with the requirement of GDPR, Biopromin LTD improves and develops the corporate governance structure. The compliance governance structure is a modernised, accountability-based framework that facilitates internal control and response to data breach issues. The organisational structure should be clear and reliable so that every relevant department is involve in data protection activities. From top to bottom, the GDPR compliance organisational structure is as shown below.
The GDPR compliance organisational structure has been divided into three core responsibility areas and is as follows: • The GDPR Compliance Senior Management provides compliance strategic vision and plan, as well as performs tactical and strategic management of the GDPR Programme; • The Data Protection Officer (DPO) is in charge of daily compliance operation and coordinates the functioning of internal departments; • The internal departments within the company perform the day-to-day GDPR operational activities. The Data Protection Officer (DPO) is the core role of the GDPR compliance programme. This role is responsible for the day-to-day operations of the compliance activities. The DPO is involved, properly and in a timely manner, in all issues which relate to the protection of personal data. The responsibilities of DPO are including: • Managing compliance violations; • Working with relevant business units to enhance their awareness and propose corrective measures; • Following up with the updates from regulators and notifying the appropriate parties; • Determining the adequacy of the inclusivity of data protection clauses in contracts; • Reviewing and commenting on the data protection clauses from the client.
Biopromin LTD Corporate Practices in Privacy Protection
Privacy by Design is such an approach applied to system/product engineering that promotes privacy and data protection compliance from the beginning of the project and throughout the entire lifecycle. Taking Privacy by Design approach is an essential tool in minimising privacy risks and building trust with our clients. Designing projects, processes, products or systems with privacy in mind at the outset can lead to the benefits that include: • Potential problems identified at an early stage, when addressing them will often be simpler and less costly; • Increased awareness of privacy and data protection across an organisation; • Organisations are more likely to meet their legal obligations and less likely to breach the laws; • Actions are less likely to be privacy intrusive and harm individuals. From a more essential and specific perspective, this approach will help organisations comply with their obligations under legislation. For example, the General Data Protection Regulation (GDPR) from the European Union clearly defines the requirements and obligations of the company and organisation to take positive and valid measures of data protection. These measures can be classified into two types, organisational and technical. Organisations shall modify and optimise internal control processes based on GDPR. This encourages a cultural change to consider privacy and security controls and safeguards throughout the data lifecycle process. Specifically, these controls contain the data minimisation, access controls, retention, accessibility and other factors in the design phase. Since its foundation, Biopromin LTD has attached great importance to the privacy protection of its clients all along. A completely well-designed and stringent internal control system has established and been implementing for more than two decades.
Biopromin LTD takes practical actions in advance to comply with the regulation. Specifically, Biopromin LTD develops an efficient work plan to assess and improve current processes, as shown below. • Privacy Impact Assessment (PIA): Assess current-state privacy controls throughout the product development lifecycle, and identify compliance gaps and risks in data privacy; • Privacy-by-Design (PbD) Implementation Roadmap: Assist in the Design and implementation of PbD framework at the enterprise level, with enhancements to technology, policies, procedures, and operations; • PbD Recommendations Report: Continuously enhance and update privacy controls in response to new risks and regulations.
Biopromin LTD hopes to protect client’s privacy through practical and useful actions. This will benefit clients: • Using the information in a way that people would reasonably expect. This may involve undertaking research to understand people’s expectations about how their data will be used; • Thinking about the impact of your processing. Will it have unjustified adverse effects on them? and; • Being transparent and ensuring that people know how their information will be used. This means providing privacy notices or making them available, using the most appropriate mechanisms.
Data Lifecycle Management (DLM) is a policy-based approach to managing the flow of an information system's data throughout its life cycle: from creation and initial storage to the time when it becomes obsolete and is deleted. DLM includes every phase of a "record" from its beginning to its end. To some extent, DLM means a corporate management control of all informational assets. During its existence, information can become a record by being identified as documenting a business transaction or as satisfying a business need. In this sense, DLM has been part of the overall approach of enterprise content management. DLM, as a new management method, has the following on offer to promote business transformation and revolution: • Fully incorporate the technical aspects, performance and cost along with the schedule requirements into a holistic work pack with complete traceability to client demands all through the lifecycle; • Plan as well as implement the plan with comprehensive configuration management of designs and documents including the program management artefacts; • Seamlessly and securely collaborate and contribute to the existing knowledge base and share best practices across the total value chain; • Have a unique master single source of truth of consolidated data with which are used to define most complex medical devices and platforms of Biopromin LTD and integrate a virtual global network of product developers, designers, production specialists, manufacturing engineers and service/support teams.
Moreover, due to the enormous value of personal data and severe consequence of data leakage, major countries and regions worldwide have accelerated the legislative process to protect personal data and privacy. General Data Protection Regulation (GDPR) from the European Union is a representative example.
What is more important is an understanding of what the GDPR is really seeking to achieve, what the real risk issues are; how to prioritise compliance activity; and how to build appropriate structures for compliance. The GDPR is seeking to (1) put people back in control of their personal data and (2) improve the protections for personal data at the entity’s side. Under these circumstances, Biopromin LTD adjusts corporate governance and refines internal control policies in time to meet GDPR requirements.
Table 1.
According to GDPR, Biopromin LTD divides data lifecycle into several phases and develops critical controls at each stage. Biopromin LTD designs each essential control by GDPR requirements and the company’s business practice. Here take data collection, data storage, data transfer phases as typical examples as shown in the table below:
|
Table 2.
Data Lifecycle Phase |
Biopromin’s Efforts |
GDPR Core Requirements |
1. Data Collection |
Biopromin LTD will clarify responsibilities and obligations about personal information protection with the cooperative medical institutions in signed contract; |
Consent |
Biopromin LTD will ensure that clinical trial participants or product users have signed informed consent form with medical institutions; |
|
|
Biopromin LTD will follow the process control requirements of Privacy by Design in the implementation of the software development and testing phase; |
Privacy by Design |
|
Biopromin LTD will ensure only really necessary personal identifiable information (PII) and protected health information (PHI) collected. |
Data Concerning Health Scope |
|
2. Data Storage |
Biopromin LTD will ensure collected data is stored securely. Both logical and physical security control measures are deployed under implementation; |
Data Protection |
Biopromin LTD will take appropriate measures considering (1) the state of the art (2) the cost of implementation (3) the nature, scope, context and purposes of the processing and (4) the risk posed to data subjects; |
Data Protection by Design |
|
Biopromin LTD will ensure that, by default, collected data isn’t made available to an indefinite number of people without some action by the data subject; |
Data Protection by Default |
|
Biopromin LTD will ensure collected data will be stored under the premise (1) as required by professional standards or policies (2) as required or permitted by law. |
Lawful Retention of Personal Data |
|
3. Data Transfer |
Biopromin LTD will ensure that the contract signed between the medical institutions and test subject includes the clause fully informs the test subject of cross-border transfer; |
Consent |
Biopromin LTD will ensure that there is a liability clause of cross-border transfer between medical institutions (data senders) and Biopromin LTD headquarters (data receivers); |
|
|
Biopromin LTD will ensure the cross-border transfer of data security and compliance; |
Data Protection |
|
Biopromin LTD will ensure only the necessary data is transferred to comply with the regulation. |
Privacy by Design |
Biopromin LTD respects and values user privacy. Accordingly, Biopromin LTD has drafted a detailed privacy notice to help the user understand our privacy policy and responsibility. Biopromin LTD understands that users trust us with their data. Hence, Biopromin LTD takes this trust seriously and is committed to respecting each user’s privacy and protecting the personal data we handle. There are two approaches to help users to know the privacy policy of Biopromin LTD better. The first one is the Privacy Notice link at the bottom of our result of diagnostics. The other one is in a particular form that is sent to our users. They can easily find the Privacy Notice link in the email and get more information from the external page. The Biopromin LTD Privacy Notice informs our users about the following topics regarding their privacy: • What personal data will Biopromin LTD collect and process? • How Biopromin LTD use your (personal) data? • How does Biopromin LTD protect your (personal) data? • With whom Biopromin LTD shares your (personal) data? • How Biopromin LTD respects your privacy in marketing activities? • How to request access to your (personal) data? • How to contact Biopromin LTD?
The Biopromin LTD company has developed a method for deactivating personal data that is used in cloud software. a) For USPIH cloud software: The use of personal data is completely excluded. The USPIH software uses for processing on a cloud mathematical server: temperature values, gender, patient weight, patient age, pulse, atmospheric pressure and respiratory rate. This data does not apply to personal data. b) For the software of the Personal screening non-invasive diagnostic system of KOLIBRI: For cloud and local software, a mechanism has been implemented to delete personal data stored in the user's account (last name, first name, date of birth, e-mail) at the request of the client. To delete personal data together with your personal electronic account, you must follow the deletion procedure (pressing a button) and confirm the deletion of personal data and your personal electronic account in your e-mail. You must remember that such data as weight, height, gender, race, age and electronic signals sent by you to the cloud mathematical server for processing will remain in our database, but they will be impersonal and not related to personal data. After the destruction of your (personal) data and personal account, the restoration of the results of your non-invasive diagnostics becomes impossible.
How our products are designed to meet the requirements of GDPR.
Biopromin ’s comprehensive product portfolio, built on a foundation of a thorough understanding of our customer’s needs, enables us to offer the right solution for several different care environments, including pre-hospital diagnostic and hospital diagnostic. Biopromin ’s extensive global R&D network utilises cutting-edge technology and translates it into customised healthcare solutions. KOLIBRI integrated innovation platform combined with a commitment to product and service quality has positioned Biopromin LTD as one of the leading clinical solution providers, making better healthcare more accessible to humanity. While Biopromin LTD products insist on the pursuit of quality and technology, we are strongly committed to protecting user personal information as well. As part of our efforts to enhance personal data protection practices and comply with evolving regulations around data privacy, we have robust and practical measures at the product level to provide our users and clients in compliance with laws and regulations, e.g. GDPR. With the General Data Protection Regulation (GDPR), Biopromin LTD has taken reasonable and necessary measures to safeguard all the products that comply. Biopromin’s products offer many built-in functionalities that help users lower the possibility of data breach incidents and respond to a data subject’s requests. The following descriptions are specifically illustrating our products’ ability to ensure ongoing confidentiality, integrity, availability under the framework of GDPR. The tables below are an overview to show how our products are meeting the principles and data subject rights of GDPR.
|
Table 3.
GDPR principles relating to processing of personal data |
Products |
||
|
NID (AMP, ANESA, DAD-ANI with sowtware USPIH, KOLIBRI with software KOLIBRI) |
ESWT (StarDevice with software StarDevice) |
LIT (BIOL) |
Lawfulness, Fairness and Transparency |
N/A |
N/A |
N/A |
Purpose Limitation |
* |
* |
* |
Data Minimisation |
* |
* |
* |
Accuracy |
N/A |
N/A |
N/A |
Storage Limitation |
* |
* |
* |
Integrity and Confidentiality |
* |
* |
* |
Accountability |
* |
* |
* |
Remarks: According to GDPR, the principle with N/A is not applicable to Biopromin's LTD product functionality because it is solely related to a controller’s actions in nature. Biopromin LTD respects and is fully aware of the principle, however, the compliance to such principle is irrelevant to Biopromin's LTD product functionality.
Table 4.
GDPR rights of the data subject |
Products |
||
|
NID (AMP, ANESA, DAD-ANI with sowtware USPIH, KOLIBRI with software KOLIBRI) |
ESWT (StarDevice with software StarDevice) |
LIT (BIOL) |
Right of access by the data subject |
* |
* |
* |
Right to rectification |
* |
* |
* |
Right to erasure (Right to be forgotten) |
* |
* |
* |
Right to restriction of processing |
* |
* |
* |
Notification obligation regarding rectification or erasure of personal data or restriction of processing |
* |
* |
* |
Right to data portability |
* |
* |
* |
Right to object |
N/A |
N/A |
N/A |
Automated individual decision-making, including profiling |
* |
* |
* |
Remarks: According to GDPR, the data subject’s right with N/A is not applicable to Biopromin's LTD product functionality because it is solely related to a controller’s actions in nature. Biopromin LTD respects and is fully aware of these rights, however, the compliance to such rights is irrelevant to Biopromin's LTD product functionality.
GDPR Principles Relating to Processing of Personal Data.
General Data Protection Regulation (GDPR) into on May 25, 2018. The new legislation leads to the most significant impact on both organisations and European citizens. In GDPR, it outlines seven principles about personal process data. The GDPR principles form the fundamental conditions that organisations must follow when collecting, processing and managing the personal data for all European citizens.
GDPR Article 5 (b): collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes. The purpose of Biopromin's LTD products is clear and explicit. Our products are used for noninvasive screening diagnosis and treatment, safer patient care and other medical service purposes. The products are following Biopromin's LTD internal data protection policy and external legitimate law requirements. Biopromin's LTD products will never use the patient’s data for any other purposes beyond medical service. All the medical devices and software functions and detailed operation instructions can be found and checked in the product manual book (IFU).
GDPR Article 5 (c): adequate, relevant and limited to what is necessary for relation to the purposes for which they are processed. Biopromin LTD ensures that personal data is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Biopromin LTD will not receive (collect) extra personal data that is irrelevant with product use purpose. For example, Biopromin's LTD NID products will collect the following information for medical service: Personally, Identifiable Information:
Medical and Health Information:
|
Table 5.
NID (AMP, ANESA, DAD-ANI with sowtware USPIH) |
|
NID (KOLIBRI with software KOLIBRI) |
|
GDPR Article 5 (e): kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organizational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject. Biopromin LTD products support users to adhere to the GDPR principle of Storage Limitation. Our products enable a built-in function that can delete patient information stored in it when it is no longer necessary or after it is used. Our users can use this function to clear all sensitive personal data according to internal data retention policies or at the data subject’s request. As the role of processor, Biopromin LTD products will help controllers (e.g. hospitals, doctors) to facilitate them better managing data in compliance with GDPR.
For example, Biopromin LTD NID products can record test results over some time. The user can delete the research results manually. The user can selectively delete personal data or research results manually. The user can delete all his results by deleting a personal electronic account.
4. Integrity and Confidentiality
GDPR Article 5 (f): processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organisational measures. Biopromin LTD always highly values the security of personal data. Biopromin LTD ensures that all personal data will be protected against unauthorised or unlawful processing and accidental loss, destruction or damage. In Biopromin LTD, we take a layered approach to security – using both technology and managerial methods. When viewing and transmitting data (web software), we use https protocols. For example, Biopromin LTD NID products have a Patient Data Management System to manage and protect patient data records. A patient data record consists of the following information: • Patient basic information and exam data • Image files • Report To better manage records, the Patient Data Management System supports users to save, edit, delete and transfer patient data. Also, NID products have Access Control, which sets up four different types of user accounts: Administrator, Operator, Operator-Doctor, Medical staff.
The system administrator does not have access to personal data. He can configure the system as a whole (determine tariff zones, set tariff plans, see general statistics that do not contain personal data). Conduct financial monitoring and others.
The operator can view and delete research information stored in the system and managed by him independently. The operator can change and correct medical information about himself.
The operator-doctor can view and delete information about the study, stored in the system and managed by him independently. An operator-doctor can view research data that is managed by other medical staff. The operator-doctor can change and correct the medical information about the patient.
The medical staff can view and add information about the study, correct medical information (such as patient weight) stored in the system and managed by him independently.
A valid password is required to log in to identify your account type. This security control is designed to prevent misuse of the system.
Meanwhile, Biopromin LTD also allows users to change the password if the user considers it unreliable. |
Table 6.
NID (AMP, ANESA, DAD-ANI with sowtware USPIH) |
|
|
|
NID (KOLIBRI with software KOLIBRI) |
|
GDPR Article 5: the controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1. According to GDPR, Biopromin LTD implements not only internal and publicly-facing policies, records and notices, but also technical measures, and fundamental personnel and strategic changes to their processing operations. In the product research and development phase, Biopromin LTD performs Privacy by Design (PbD) work processes to enhance the comprehensive data protection mechanism. For example, Biopromin LTD products KOLIBRI provide log functioning to record system activities. The system activities, including failures, abnormities and technical alarms, is stored in the log.
The USPIH software and StarDevice software is protected by an encryption key. This function can prevent unauthorised use of products. The system log records in detail all system activities of the products so that it is convenient for medical professionals to trace any improper operations. |
GDPR Rights of the Data Subject.
The incoming GDPR will provide data subjects with enhanced rights over the use of personal data. Through these rights, data subjects can make a specific request and be assured that personal data is not being misused for purposes other than the legitimate purpose for which it was originally provided. Biopromin LTD always puts the user's needs in top priority while pursuing advanced technology. To help you better understand Biopromin's LTD efforts, we explain it specifically as follows:
GDPR Article 15: the data subjects shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her is being processed, and, where that is the case, access to the personal data. Biopromin LTD products can facilitate our users, namely the controllers, taking appropriate measures to provide information relating to the processing of personal data in a concise, transparent, intelligible and easily accessible form. Biopromin LTD products are able to generate a standard electronic report automatically, which demonstrates what data will be collected and how to process it. For example, Biopromin LTD NID products can generate a report for patients that consists of three parts. The first part is patient information used for identification purposes. The second part is testing parameters and results. The third part is relevant information used for clinical audit investigation. There is a sample report as follows : |
Table 7.
NID (AMP, ANESA, DAD-ANI with sowtware USPIH) |
|||||||||||||
[Name/ contact info/ logo of the company-user] [Patient’s Name/Surname/ID] [Date and Time of examination]
Preliminary computer conclusion about possible pathologies: Disclaimer.
|
No.: |
Parameter: |
Norm: |
< |
> |
|||
1 |
2 |
Erythrocytes RBC. x10¹²/l |
4 - 5,6 |
4,61 |
|||
2 |
1 |
Hemoglobin HGB. mg/dl |
12,5 - 17,5 |
15,11 |
|||
3 |
88 |
Hematocrit. HCT 0.01*% |
0,35 - 0,49 |
0,42 |
|||
4 |
12 |
Thrombocytes. x10⁹/l |
1,8 - 3,2 |
1,97 |
|||
5 |
4 |
Leukocytes WBC. x10⁹/l |
4,3 - 11,3 |
3,71 |
|||
6 |
3 |
Lymphocytes. LYMPH % |
19 - 37 |
38,39 |
|||
7 |
8 |
Monocytes. MONO % |
3 - 11 |
7,52 |
|||
8 |
42 |
Glucose. mg/dl |
71,9 - 107,9 |
89,85 |
|||
9 |
35 |
Cholesterol total. mg/dl |
120 - 250,19 |
224,88 |
|||
10 |
38 |
Low-density lipoproteins (LDL). mg/dl |
104,25 - 130,12 |
131,69 |
|||
11 |
40 |
High-density lipoproteins (HDL). mg/dl |
30 - 67 |
32,98 |
|||
12 |
41 |
Triglycerides (TG). mg/dl |
48,67 - 163,72 |
192,32 |
|||
13 |
25 |
ALT. (SGPT). U/l |
5 - 30 |
115,47 |
|||
14 |
24 |
AST. (SGOT). U/l |
8 - 40 |
114,45 |
|||
15 |
27 |
Bilirubin, Total. mg/dl |
0,5 - 1,198 |
1,07 |
|||
16 |
31 |
Creatinine. mg/dl |
0,62 - 1,39 |
0,60 |
|||
17 |
34 |
Urea. mg/dl |
12,8 - 49,2 |
28,22 |
|||
Hemogram: |
|||||||
18 |
1 |
Hemoglobin HGB. mg/dl |
12,5 - 17,5 |
15,11 |
|||
19 |
2 |
Erythrocytes RBC. x10¹²/l |
4 - 5,6 |
4,61 |
|||
20 |
4 |
Leukocytes WBC. x10⁹/l |
4,3 - 11,3 |
3,71 |
|||
21 |
120 |
Mean cell haemoglobin (MCH). pg |
26 - 32 |
33 |
|||
22 |
121 |
Mean cell volume (MCV). fl |
81 - 94 |
91 |
|||
23 |
122 |
Mean cell haemoglobin concentration (MCHC). g/l |
310 - 350 |
362 |
|||
24 |
123 |
CPB (Color index of blood). |
0,85 - 1,15 |
0,98 |
|||
25 |
3 |
Lymphocytes. LYMPH % |
19 - 37 |
38,39 |
|||
26 |
5 |
Segmented neutrophiles. NEUT % |
47 - 72 |
47,73 |
|||
27 |
7 |
Eosinophils. % |
0,5 - 5,8 |
2,15 |
|||
28 |
8 |
Monocytes. MONO % |
3 - 11 |
7,52 |
|||
29 |
9 |
Band neutrophiles. NEUT % |
1 - 6 |
4,21 |
|||
30 |
6 |
Erythrocyte sedimentation rate ESR. mm/h |
1 - 14 |
11,41 |
|||
Blood coagulation: |
|||||||
31 |
10 |
Beginning of clotting (method of Lee-White). min |
0,5 - 2 |
02`04`` |
|||
32 |
11 |
End of clotting (method of Lee-White). min |
3 - 5 |
03`29`` |
|||
33 |
12 |
Thrombocytes. x10⁹/l |
1,8 - 3,2 |
1,97 |
|||
34 |
86 |
Fibrinogen. mg/dl |
200 - 400 |
358,98 |
|||
35 |
87 |
Prothrombin index (PI). % |
75 - 104 |
76,19 |
|||
36 |
88 |
Hematocrit. HCT 0.01*% |
0,35 - 0,49 |
0,42 |
|||
Electrolyte metabolism: |
|||||||
37 |
13 |
Calcium (Ca). mg/dl |
9 - 12 |
8,63 |
|||
38 |
14 |
Magnesium (Mg). mg/dl |
1,6 - 2,6 |
2,32 |
|||
39 |
15 |
Potassium (K). mg/dl |
13,59 - 20,7 |
15,01 |
|||
40 |
16 |
Sodium (Na). mmol/l |
136 - 145 |
141,28 |
|||
41 |
128 |
Chloride (Cl). mg/dl |
347,41 - 379,315 |
356,4 |
|||
Functional parameters of stomach: |
|||||||
42 |
17 |
pH of gastric juice. |
1,2 - 1,7 |
1,22 |
|||
43 |
19 |
SH. |
7,32 - 7,4 |
8,51 |
|||
44 |
20 |
Basal pressure of Oddi’s sphincter mm Hg |
39 - 41 |
42,87 |
|||
Carbohydrate metabolism: |
|||||||
45 |
33 |
Lactic acid. mg/dl |
9 - 12,55 |
14,64 |
|||
46 |
42 |
Glucose. mg/dl |
71,9 - 107,9 |
89,85 |
|||
47 |
43 |
Glycogen. mg% |
11,7 - 20,6 |
15,17 |
|||
Liver function tests: |
|||||||
48 |
22 |
Aspartate transaminase (AST). mmol/l |
0,1 - 0,45 |
2,36 |
|||
49 |
23 |
Alanine transaminase (ALT). mmol/l |
0,1 - 0,68 |
2,38 |
|||
50 |
24 |
AST. (SGOT). U/l |
8 - 40 |
114,45 |
|||
51 |
25 |
ALT. (SGPT). U/l |
5 - 30 |
115,47 |
|||
52 |
26 |
De Ritis coefficient (AST/ALT). |
0,8 - 1,2 |
0,99 |
|||
53 |
27 |
Bilirubin, Total. mg/dl |
0,5 - 1,198 |
1,07 |
|||
54 |
28 |
Bilirubin, Direct. mg/dl |
0,129 - 0,357 |
0,28 |
|||
55 |
29 |
Bilirubin, Indirect. mg/dl |
0,371 - 0,841 |
0,79 |
|||
Protein metabolism: |
|||||||
56 |
30 |
Protein, Total. g/dl |
6 - 8,5 |
6,76 |
|||
57 |
133 |
Serum albumin (ALB). g/dl |
3,4 - 4,5 |
3,9 |
|||
58 |
134 |
Serum globulin (GLB). g/dl |
2 - 4,5 |
2,4 |
|||
59 |
31 |
Creatinine. mg/dl |
0,62 - 1,39 |
0,60 |
|||
60 |
32 |
Dopamine β-hydroxylase (DBH). nm/ml/min |
28 - 32,5 |
21,79 |
|||
61 |
34 |
Urea. mg/dl |
12,8 - 49,2 |
28,22 |
|||
Lipid metabolism: |
|||||||
62 |
41 |
Triglycerides (TG). mg/dl |
48,67 - 163,72 |
192,32 |
|||
63 |
38 |
Low-density lipoproteins (LDL). mg/dl |
104,25 - 130,12 |
131,69 |
|||
64 |
39 |
Very low-density lipoproteins (VLDL). mg/dl |
7,72 - 20,07 |
14,52 |
|||
65 |
40 |
High-density lipoproteins (HDL). mg/dl |
30 - 67 |
32,98 |
|||
66 |
35 |
Cholesterol total. mg/dl |
120 - 250,19 |
224,88 |
|||
67 |
36 |
β- lipoprotein. g/l |
17 - 55 |
44,46 |
|||
68 |
37 |
β- lipoprotein. mmol/l |
3 - 6 |
4,53 |
|||
69 |
132 |
Atherogenic factor (KA). |
0,71 - 5,36 |
5,82 |
|||
Water metabolism: |
|||||||
70 |
45 |
Cellular water. % |
39 - 42 |
41,19 |
|||
71 |
46 |
Total water. % |
50 - 70 |
54,23 |
|||
72 |
44 |
Extracellular water. % |
21 - 23 |
22,49 |
|||
Hormones: |
|||||||
73 |
47 |
Testosterone. μmol/24hours |
6,93 - 17,34 |
20,10 |
|||
74 |
48 |
Estrogen, Total . nmol/24hours |
17,95 - 64,62 |
11,99 |
|||
75 |
49 |
Thyroxine (T4),Total. μg/dl |
4,6 - 10,5 |
5,5 |
|||
Enzymes: |
|||||||
76 |
50 |
Amylase (W.Т.Caraway). g/l*h |
12 - 32 |
29,34 |
|||
77 |
51 |
Acetylcholine. μg/ml |
81,1 - 92,1 |
82,76 |
|||
78 |
52 |
Acetylcholinesterase of erythrocytes. μmol/l |
220 - 278 |
268,24 |
|||
79 |
54 |
Tyrosine. μmol/l |
77,3 - 82,8 |
76,33 |
|||
80 |
55 |
Creatine kinase MM (CK-MM). μmol/min/kg |
473 - 483 |
474,31 |
|||
81 |
56 |
Creatine kinase MB (CK-MB). μmol/min/kg |
35,1 - 38,1 |
35,78 |
|||
Cell mitosis regulation: |
|||||||
82 |
57 |
Comprehensive cell mitosis regulation factor. |
3,7828 - 3,9372 |
4,3302 |
|||
Internal blood flow, in % to total blood flow: |
|||||||
83 |
64 |
Myocardial blood flow. % |
4,32 - 5,02 |
4,35 |
|||
84 |
65 |
Muscular blood flow. % |
14,56 - 16,93 |
16,82 |
|||
85 |
66 |
Cerebral blood flow. % |
12,82 - 14,9 |
14,24 |
|||
86 |
67 |
Hepatoportal blood flow. % |
20,28 - 29,86 |
24,81 |
|||
87 |
68 |
Nephritic blood flow. % |
21,58 - 25,09 |
27,24 |
|||
88 |
69 |
Skin blood flow. % |
7,9 - 9,19 |
8,09 |
|||
89 |
70 |
Blood flow of other organs. % |
5,76 - 6,7 |
6,74 |
|||
Internal blood flow, in ml/min: |
|||||||
90 |
71 |
Myocardial blood flow. ml/min |
250 - 290,5 |
251,73 |
|||
91 |
72 |
Muscular blood flow. ml/min |
930 - 1081,4 |
1 074,60 |
|||
92 |
73 |
Cerebral blood flow. ml/min |
750 - 871,68 |
832,91 |
|||
93 |
74 |
Hepatoportal blood flow. ml/min |
1690 - 2488,33 |
2 067,85 |
|||
94 |
75 |
Nephritic blood flow. ml/min |
1430 - 1662,6 |
1 804,99 |
|||
95 |
76 |
Skin blood flow. ml/min |
500 - 581,65 |
511,73 |
|||
96 |
77 |
Blood flow of other organs. ml/min |
375 - 436,19 |
438,78 |
|||
Cerebral hemodynamics: |
|||||||
97 |
82 |
Cerebral blood flow on 100g of tissue. ml/100g |
50 - 55 |
52,98 |
|||
98 |
83 |
Blood flow per 1gr of thyroid gland. ml/g |
3,7 - 4,3 |
3,90 |
|||
99 |
84 |
Blood flow per 1gr of cerebral tissue. ml/g |
2,9 - 3,2 |
3,10 |
|||
100 |
85 |
Cerebral spinal fluid pressure (CSF). mm H₂O |
90 - 145 |
125,62 |
|||
101 |
116 |
Width of the third ventricle of cerebrum. mm |
4 - 6 |
6,11 |
|||
Functional parameters of cardio-respiratory system: |
|||||||
102 |
78 |
Pulmonary vascular resistance (PVR). dyn/cm5*sec |
160 - 250 |
148,05 |
|||
103 |
79 |
Central venous pressure. mm H₂O |
70 - 150 |
67,51 |
|||
104 |
80 |
Time of pulmonary circulation. s |
16 - 23 |
24,39 |
|||
105 |
81 |
Time of systemic circulation. s |
4 - 5,5 |
5,70 |
|||
106 |
21 |
Energy Expenditure. kkal/kg/min |
1,23 - 4,3 |
6,04 |
|||
107 |
61 |
Oxygenation velocity of RBC. ml/min |
260 - 280 |
224,35 |
|||
108 |
62 |
Surface of gaseous exchange of RBC. m² |
3500 - 4300 |
3 677,92 |
|||
109 |
63 |
Deficit of circulatory blood. ml/kg |
0 - 250 |
75,80 |
|||
110 |
89 |
Vital capacity of lungs (VC). cm³ |
3500 - 4300 |
3 567,06 |
|||
111 |
90 |
Minute ventilation (VE) l/min |
4 - 12 |
12,68 |
|||
112 |
91 |
Functional residual capacity (FRC) cm³ |
----- |
1 855,50 |
|||
113 |
92 |
Peak expiratory flow (PEF). l/min |
74 - 116 |
82,90 |
|||
114 |
93 |
Test Tiffeneau. % |
84 - 110 |
79,16 |
|||
115 |
94 |
Working rate of oxygen consumption. % |
45 - 60 |
74,62 |
|||
116 |
95 |
Time of single load. min |
3 - 10 |
9,54 |
|||
117 |
96 |
Respiratory exchange ratio (RER). |
0,8 - 1,2 |
0,87 |
|||
Oxygen transport and consumption: |
|||||||
118 |
18 |
pH of blood. |
7,36 - 7,45 |
7,24 |
|||
119 |
59 |
Volume of circulatory blood. ml/kg |
68 - 70 |
80,54 |
|||
120 |
60 |
Cardiac output (CO). l/min |
3,5 - 4,3 |
5,46 |
|||
121 |
97 |
Transportation of oxygen(O₂). ml/min |
900 - 1200 |
1 126,09 |
|||
122 |
98 |
Quantity of assimilated oxygen on 100 gr. of cerebral tissue. ml |
2,8 - 3,4 |
2,28 |
|||
123 |
99 |
Oxygen saturation in arterial blood (SaO₂). % |
95 - 98 |
92,98 |
|||
124 |
100 |
Oxygen consumption per kg of body weight. ml/min/kg |
4 - 6 |
4,86 |
|||
125 |
101 |
O₂ consumption. (VO₂) ml/min |
200 - 250 |
276,12 |
|||
126 |
102 |
Myocardial oxygen consumption. ml/min |
7 - 10 |
9,62 |
|||
127 |
103 |
Oxygen extraction index. % |
26 - 34 |
31,3 |
|||
Transport and elimination of CO₂: |
|||||||
128 |
104 |
CO₂ elimination. ml/min |
119 - 300 |
283,07 |
|||
129 |
105 |
(CO₂) in arterial blood. % |
32,5 - 46,6 |
47,72 |
|||
130 |
106 |
(CO₂) venous blood. % |
51 - 53 |
53,33 |
|||
131 |
107 |
Rate of CO₂ production. ml/min |
150 - 340 |
350,06 |
|||
Functional parameters of cardio-vascular system: |
|||||||
132 |
108 |
Vascular Permeability Index. |
4,165 - 4,335 |
4,030 |
|||
133 |
109 |
Stroke volume (SV). ml |
60 - 80 |
70,95 |
|||
134 |
110 |
Interval PR. sec |
0,125 - 0,165 |
0,149 |
|||
135 |
111 |
Interval QT. sec |
0,355 - 0,4 |
0,411 |
|||
136 |
112 |
Interval QRS. sec |
0,065 - 0,1 |
0,110 |
|||
137 |
113 |
Left ventricular Stroke Work Index. % |
52 - 60 |
66,05 |
|||
138 |
114 |
Systolic arterial pressure. mm Hg |
----- |
124,03 |
|||
139 |
115 |
Diastolic arterial pressure. mm Hg |
----- |
89,45 |
|||
140 |
58 |
Plasma density. g/l |
1048 - 1055 |
1 050,06 |
|||
141 |
117 |
Cardiac work. Joule |
0,692 - 0,788 |
0,63 |
|||
------------------ Out of group |
|||||||
142 |
118 |
eGFR [MDRD]. ml/min/1.73m² |
95 - 145 |
153,6 |
|||
143 |
119 |
Estimated creatinine clearance rate(eCCr)[Cockroft and Gault]. ml/min |
95 - 145 |
184,0 |
|||
144 |
124 |
Cystatin C (CysC). mg/l |
0,6 - 0,96 |
0,58 |
|||
145 |
125 |
BUN. mg/dl |
6 - 23 |
13 |
|||
146 |
126 |
Transferrin. mg/dl |
204 - 380 |
239,75 |
|||
147 |
127 |
Urine specific gravity. g/cm³ |
1005 - 1035 |
1 019 |
|||
148 |
129 |
Ceruloplasmin (CP). mg/l |
150 - 600 |
469,516 |
|||
149 |
130 |
Alkaline phosphatase (ALP). U/L |
38 - 119 |
96,13 |
|||
150 |
131 |
Intracranial pressure (ICP). mmHg |
7 - 15 |
9,2 |
|||
Table 8.
NID (KOLIBRI with software KOLIBRI) |
GDPR Article 16: the data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement. According to the GDPR, data subjects have the right to immediately obtain from the dispatcher the correction of inaccurate personal data concerning him or her. Thus, Biopromin LTD developed the corresponding function of the system so that the controller can respond promptly to the requests of the data subject and, accordingly, make corrections. Biopromin LTD has developed a Personal Account in the cloud, which is a patient data management system (KOLIBRI) and the USPIH program. It is easy for users to manage and correct patient data, including necessary patient information, examination information, image files and reports. See table 5.
3. Right to Erase (The right to be forgotten)
GDPR Article 17: the data subject has the right to receive from the controller the deletion of personal data relating to him without undue delay, and the controller is obliged to erase personal data without undue delay ...
To help the controller comply with the right of deletion, Biopromin LTD products provide functions to delete personal data accordingly. For example, NID products can help our users delete data that is no longer needed for its original purpose, or the user has withdrawn his consent.
a) For USPIH cloud software: The use of personal data is completely excluded. The USPIH software uses for processing on a cloud mathematical server: temperature values, gender, patient weight, patient age, pulse, atmospheric pressure and respiratory rate. This data does not apply to personal data.
b) For local USPIH software: For local USPIH software, a mechanism for deleting personal data stored in a local database is implemented. To do this, use the menu "Delete patient" or "Delete examination."
c) For the software of the Personal screening non-invasive diagnostic system of KOLIBRI: For cloud and local software, a mechanism has been implemented to delete personal data stored in the user's account (last name, first name, date of birth, e-mail) at the request of the client. To delete personal data together with your personal electronic account, you must follow the deletion procedure (pressing a button) and confirm the deletion of personal data and your personal electronic account in your e-mail. You must remember that such data as weight, height, gender, race, age and electronic signals sent by you to the cloud mathematical server for processing will remain in our database, but they will be impersonal and not related to personal data. After the destruction of your (personal) data and personal account, the restoration of the results of your non-invasive diagnostics becomes impossible.
GDPR Article 17: the data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and has the right to transmit that data to another controller without hindrance from the controller to which the personal data has been provided…
a) For software USPIH: The USPIH software allows you to export data from the results of a patient examination to a paper medium and files of the HTML or PDF format. This enables you to realize the right to data portability.
b) For the KOLIBRI software: The KOLIBRI software allows you to export data from the results of a patient examination onto paper and PDF files with the subsequent transfer of files via email. This enables you to realize the right to data portability. The KOLIBRI software allows you to remotely connect the transfer of the results of your research to the doctor’s cloud account and the function of displaying the test results in the doctor’s account in real-time is implemented. This allows you to realize the right to data portability. |