13 April 2017 – On 15 April 2017, the Federal Act on Electronic Patient Files (Bundesgesetz über das elektronische Patientendossier, EPDG) enters into force. The EPDG and its implementing ordinances allow for and govern the sharing of electronic patient data among Swiss healthcare providers.

The implementation of the EPDG constitutes the principal element of the so-called “Swiss eHealth Strategy” jointly developed by the Swiss government, the cantons and the Conference of Cantonal Health Directors (GDK). The strategy aims at further improving the quality and processes of medical treatment as well as the efficiency of the Swiss healthcare system. “Electronic patient files” will consist of virtual dossiers allowing healthcare providers to access patient data relevant for medical treatment. Relevance of such data is determined on a case-by-case basis and depends on the individual medical history of the patient concerned. Notwithstanding emergency situations, all access is subject to the prior explicit consent of the patient concerned. Patient data will not be centralized, but continue to be stored on the local servers of the participating healthcare providers.

Access to electronic patient files will be limited to healthcare providers that are members of certified associations (so-called “Gemeinschaften” or “Stammgemeinschaften”). Whereas Swiss hospitals, maternity units and nursing homes are under an obligation to participate in the electronic patient file and to join a “Gemeinschaft” or “Stammgemeinschaft” within 3 (in case of hospitals) or 5 years, participation is not (yet) mandatory for other healthcare providers (e.g., pharmacies, physicians or dentists). In order for a “Gemeinschaft” or “Stammgemeinschaft” to obtain certification, it must, among other things, comply with a wide range of detailed obligations governing data protection and data security, e.g., regarding the storage and transfer of data or data protection and security management systems. The Federal Data Protection and Information Commissioner is expected to closely monitor the data handling by participating associations to ensure compliance with data protection and data security laws.