16.08.2016 | Adrian Bachmann

The EPR as a Litmus Test for Informational Self-Determination


The electronic patient record (EPR) and informational self-determination are two topics that we will be hearing, reading and thinking a lot about in the coming years. Let’s talk about why the EPR is becoming a touchstone for informational self-determination.

On June 19, 2015, Parliament passed the Federal Act on the Electronic Patient Record (EPDG). When the new law comes into force in the first half of 2017, hospitals will have to offer their patients an electronic patient dossier within three years; other healthcare facilities will follow later. To this end, service providers are joining together in so-called communities, which are currently formed according to geographical (e.g. care regions, cantons) and/or organizational (e.g. ownership, professional associations) criteria.

The EPD is intended to improve the quality of medical treatment, improve treatment processes, increase patient safety, increase the efficiency of the healthcare system and promote the health literacy of patients. In future, healthcare professionals (HCPs) can or must store treatment-relevant data from the medical history in the EPR so that it can be accessed by other healthcare professionals and by the patients themselves. Important data-generating systems such as the hospital information systems (HIS) of hospitals or the practice information systems (PIS) of doctors will open up to external access with the EPR. This opening entails security risks, as we know from other e-business applications. The implementation law includes corresponding technical and organizational regulations to limit risks, compliance with which is checked during the mandatory certification of a community. Patients must also make a significant contribution to security by strongly authenticating themselves when accessing the EPR and ensuring the integrity of their end device. For measures of this kind, the EPR communities can draw on almost 20 years of experience, for example in e-banking.

The consistency with which informational self-determination is implemented in the EPR is unusual and unparalleled. Although this right is not explicitly formulated, it is the defining principle behind numerous regulations in the law and ordinance. These include, firstly, the fact that keeping an electronic patient record is voluntary for patients. Secondly, patients have sovereignty over the data in their EPR, for example by being able to prohibit the recording of specific documents or request the destruction of data that has already been recorded. Thirdly, the patient can not only view their own EPR but also the log of all access to documents in their EPR, which creates an unprecedented level of transparency. Fourthly, the patient is responsible for assigning access rights to healthcare professionals along two dimensions:

In the first dimension, each document accessible in the EPR is assigned a confidentiality level of “useful”, “medical” “sensitive” or “secret”. Regardless of the initial classification of a document, it can be changed by the patient at any time.

In the second dimension, the patient specifies which healthcare professionals or groups of healthcare professionals (organizational units, e.g. departments in a hospital) may access their EPR and up to which classification level this access right applies. As part of the basic settings, the patient can also define the classification level up to which emergency access by healthcare professionals is possible without explicit access authorization having been granted in advance. Furthermore, the patient can place selected healthcare professionals on a blacklist that prevents EPR access by these healthcare professionals regardless of all other rights assignments. The patient can nominate deputies (e.g. family members or guardians) who can access the EP on their behalf and also manage authorizations. They can also authorize healthcare professionals to pass on the access rights granted to them to other healthcare professionals.

The authorization management system described above appears complex, and indeed it is. The communities will try to make this unfamiliar task as simple as possible for patients. However, it is easy to imagine that caring for older patients in particular will be a challenge and that this will create a field of activity for existing or new service providers in the healthcare sector.

With the EPR, Switzerland is facing a milestone in digitization and a litmus test for informational self-determination. Are patients really willing and able to make use of this personal right? Will state-imposed informational self-determination accelerate the introduction of the EPR or, on the contrary, hinder it? The forthcoming introduction of the electronic patient record will provide indications of the extent to which our society is ready for informational self-determination. This is another good reason to hope that the EPR will quickly become established in the way envisaged by the legislator.

Note: This article was also published in the journal Alumni Readme.

Compliance Governance, Risk and Compliance (GRC)

About the author
Adrian Bachmann
About the author

Adrian Bachmann is an experienced security expert and risk manager. He advises his clients primarily in the key areas of identity and access management (IAM), authentication, federation, risk management and internal control systems (ICS). He is also a recognised security architect.

Adrian Bachmann, Partner, Managing Director