[The creation of a data protection policy: a guide to telemedicine healthcare projects].

In Germany, an increasing number of telemedical pilot projects are in the implementation phase. All these projects have in common that they continuously produce, store, and exchange highly sensitive digital data. A basic prerequisite for projects implemented in conformity with the law is a comprehensive data protection concept, especially after the introduction of the European Data Protection Regulation (DSGVO) in May 2018.The preparation of a data protection concept for a telemedical project is illustrated in this article using the example of the care project "Virtual Diabetes Outpatient Clinic for Children and Adolescents" (ViDiKi), which started on 1 April 2017 and is funded by the Innovation Fund of the Joint Federal Committee (G-BA). Firstly, the legal basis for data protection and the related challenges in the application of new communication technologies are explained. Subsequently, the creation and structure of the data protection concept are described.The data protection concept for a project is constantly changing. It must be audited and regularly evaluated to ensure the security of patient data and to regulate data flows, data storage, and data processing. In practice, a secure and legally compliant exchange of data between study participants and physicians can thus be achieved.