Ensuring data protection: a fundamental value at OneDoc – but how is this managed in practice?

Medical data is sensitive. No one wants to see their AHV number, test results or any other data that could be used for medical purposes, stolen or leaked online. Ensuring data protection is therefore especially important in the medical field. But what does OneDoc do to secure this data?

Data security at OneDoc is managed by a team of ten people and can be summarized in 6 main pillars, as explained by Alexandre Curreli, Chief Technical Officer (CTO) and co-founder of OneDoc:

End-to-end encrypted data in Switzerland

“All medical data at OneDoc is stored exclusively in Switzerland, and all data transfers are encrypted“, explains Alexandre Curreli. End-to-end encryption ensures that data can only be read by those who need to have access to it. Storing data in Switzerland provides an additional security check thanks to the “Swiss made software, hosted in Switzerland” label.

Regular updates

Updates are carried out on a regular basis at OneDoc to avoid any potential security loopholes: “We have updates every week, and some weeks it’s even every day“, explains Florian.

ISO 27001 and DPCO certified

In addition to complying with the nFADP (New Federal Act on Data Protection), we also comply with ISO 27001 and DPCO certification. Behind these seemingly barbaric terms lie two data protection certifications. ISO 27001 contains a set of control points to be respected to ensure data protection. If the requirements are met, the International Organization for Standardization (ISO) awards certification. For its part, the DCPO certifies that OneDoc complies with the Swiss Data Protection Act.

Employee training

Good data protection also means good employee training. “Every employee receives training in good security practices“. Indeed, while we imagine hackers breaking into a company by cracking its codes, the reality is often less spectacular. Security vulnerabilities are largely caused by employees inside the company unintentionally leaking data.

Regular pen test

Penetration tests are carried out regularly by security experts to ensure the reliability of data protection. In concrete terms, those “friendly hackers” will attempt to break into the OneDoc system to extract confidential data. “So far, no one has succeeded!” proudly states Alexandre Curreli.

Security by design

“Data security is something we always keep in mind,” underlines Florian Alonso, “whether in the technical team or in the rest of the company. Safety is always part of the development process, and everything is done to guarantee the best possible security.”

Covid, a data security challenge

When Alexandre and Florian are asked what was the biggest challenge they faced at OneDoc, they don’t hesitate: “Clearly Covid, where we had to develop a vaccination module in just a few weeks to make it available to the cantons.” In such cases, one has to wonder how security can be guaranteed when so little time is available. Alexandre Curreli explains that the key is to stick to good practice, think about security when coding, and always test well.