1.5.3 | Data protection and IT security

Security Principles

Secure Access

Only strong and individually assigned login credentials should be used.

Management of user credentials within the care environment is the responsibility of the respective organization or designated care managers.

In particular, the following applies:

• User accounts must not be shared.

• Access rights must be assigned according to individual roles and responsibilities.

• Permissions should be reviewed regularly to ensure they remain current.

• Login credentials must not be shared or documented in an unsecured manner.

• Responsibility for the secure handling of personal data rests with the respective care facility.

Authorized Users

The alea system may only be used by trained care managers, authorized healthcare professionals, or other individuals approved by the organization.

Responsibility for organizational IT security within the care environment, including access rights, network security, and endpoint protection, rests with the respective organization.

Data Protection for Personal Data

Personal Data

All personal data collected during system use are processed exclusively within the intended care context.

AssistMe processes only the data required for the respective product function and intended use.

Responsibility for the use of personal data, role assignment, and access management within the care environment rests with the respective organization.

Use of Mobile Devices

When using smartphones, tablets, or other devices, the security requirements of both the device manufacturer and the care organization must be observed.

This includes, in particular:

• Device PIN or biometric authentication

• Automatic screen locking

• Current operating system version

• Enabled device protection features

• Secure network usage

• Protected user accounts

Updates and Version Security

All alea components are subject to regular update and version management processes.

This includes, in particular:

• Software updates of the alea App

• Browser and Cockpit compatibility updates

• Firmware and system updates of hardware components

• Security updates of the operating systems in use

AssistMe provides product-related updates.

Installation of approved security and system updates on mobile or desktop devices remains the responsibility of the respective organization.

Simple Security Recommendations

For secure operation, it is recommended to use only approved devices, browsers, and network environments.

In addition, the following basic principles should be observed:

• Do not use unsecured public networks

• Do not install unapproved software on organizational devices

• Regularly verify browser and App versions

• Maintain protection against malware and unauthorized access

• Do not use compromised or rooted devices

Loss or Theft of a Device

If a mobile device used with alea is lost or stolen, organizational security measures must be initiated immediately.

This includes, in particular:

• Immediate deactivation of the affected user account

• Changing relevant login credentials

• Informing the responsible care manager or IT department

• Reviewing potential unauthorized access

• Documenting the incident according to internal procedures

Procedure in the Event of a Security Incident

If unauthorized access, misuse of data, or a potential security breach is suspected, internal security and reporting procedures must be initiated immediately.

Recommended actions include:

• Immediately disable affected user accounts

• Reset login credentials

• Isolate affected devices

• Inform the responsible internal IT or data protection department

• Contact AssistMe Support regarding product-related irregularities

• Document the incident according to internal data protection and security policies