- Cloud-based IT services offer great potential for availability, security, scalability and cost reduction in the healthcare sector.
- The current legal situation and differing cantonal requirements make it difficult to implement data protection uniformly and hinder innovation throughout Switzerland.
- There is a concrete need for harmonization; the federal government should work with data protection experts and ICT experts to develop uniform implementation aids/guidelines.
- Issues relating to uniform federal responsibility, DSG adaptation and a list of certified cloud services with independent audits must be clarified.
Submitted text
Cloud-based IT services offer enormous potential in the healthcare sector for stable, secure and cost-effective solutions. Nowadays, scalable software is developed almost exclusively in the cloud. In addition, technologies and applications can be adapted from other industries, which reduces development costs and increases scalability. Cloud services are also relevant to quality, as the general availability, security, latency and reliability are usually better than with self-developed applications that are hosted in in-house IT infrastructures.
The current legal situation makes the use of cloud-based solutions more difficult. Health data is protected by the Federal Act on Data Protection (FADP) and the cantonal data protection laws and must be processed in accordance with their principles. Hospitals subject to public law and hospitals with a cantonal service mandate must act in accordance with the data protection regulations applicable in their respective canton. However, the cantonal and, in some cases, communal principles and requirements vary greatly. As a result, implementation by the data protection officers is inconsistent. This situation is particularly difficult for healthcare institutions operating throughout Switzerland and hinders innovation.
In view of this problem, I put the following questions to the Federal Council:
- Does the Federal Council share the view that the implementation of data protection Need for harmonization in the area of clouds in the healthcare sector e.g. with regard to uniform information security requirements for hospitals and care facilities or data storage in Switzerland?
- Is the Federal Council ready, together with data protection experts and ICT specialists, uniform guidelines for the implementation of (implementation aid/guidelines) in order to promote innovation? Are there any federal government channels that can be used?
- Is it constitutional possible to make all cloud services in the healthcare sector subject to the national federal law on data protection? If so, is the Federal Council prepared to amend the FADP?
- What does the Federal Council think of the idea of publishing a list of certified cloud services operating in the healthcare sector? Which independent body could carry out audits and publish such a list?