Jusletter IT

Data protection and data security are decisive factors for the acceptance of eHealth solutions. This also applies to the introduction of the Electronic Patient Record (EPR) in Switzerland. The author examines the legal framework for data breach notification obligations of actors involved in the EPR system. He advocates harmonization of the data protection laws of the Confederation and the Cantons with regard to notification and investigation obligations. Further, he stresses the importance of cooperation between the competent supervisory authorities with regards to notices of data security incidents concerning the EPR.