FAQ 2: What you need to know about data protection

In Switzerland, there are various legal bases relating to data protection. The framework conditions for the handling of personal data can be found in the data protection laws, at federal level in the Data Protection Act (DSG)or in the cantonal (information) and data protection laws. These laws are intended to ensure the protection of the privacy and fundamental rights of the people whose personal data is processed. 

Personal data may only be used for the purpose stated - so if your family doctor asks you to fill out a form with your contact details at the start of your consultation, she may only use this data for things related to your treatment at this practice. 

Health Data - for example, information about diagnoses, treatments, medications, laboratory results and other medical measures, but also data from your fitness tracker or data collected in a research study on a health topic - is considered particularly worthy of protection. For each new purpose for which your data would be used, you must give your express consent again, which can sometimes cause researchers to not pursue their research. The law also states that the data must be stored securely.

Data protection is centered around people, not the data itself. The Data Protection Act protects your personality and fundamental rights when data about you is processed and ensures that you do not suffer any disadvantages as a result.

Data security is about preventing data from being processed without authorisation. Various technical and organizational measures are used for this purpose. For example, physical patient records must be locked away, and digital Health Data must be protected against cyberattacks. The four fundamental principles of data protection apply:

• Confidential: Data must be protected so that it is only accessible to authorized persons.

• Available: Data should be accessible and usable at any time for authorized users.

• Integrity: Data must be kept accurate and unaltered.

• Traceable: It should be possible to monitor and verify the processing and use of data.

The higher the protection requirement for the data, the stricter the protection measures are.

The provisions of the Data Protection Act (DSG)are often supplemented by professional secrecy, to which many healthcare professions are subject (Art. 321 of the Criminal Code). Professional secrecy is intended to enable you to confide in your doctor without fear. Only if the doctors have all the relevant information can they treat you properly. It is also, of course, about protecting your privacy and confidentiality.

In addition to doctors, their employees are also subject to professional secrecy. Data covered by professional secrecy may only be disclosed in the following cases:

• If the patient consents.

• If there is a legal basis for doing so. For example, adverse effects and incidents related to medicines must be reported to Swissmedic.

• If the cantonal health directorate releases the doctor from the duty of confidentiality.

• In emergencies, e.g., a state of emergency.

You have the right to know what data is stored about you. You must be informed about what happens to your data and who receives it. You can also request that your data be deleted or corrected if necessary.

Modern medicine can do a lot, but there are still no cures for many diseases. New therapies can only be developed if basic research, translational research, and clinical research work together. Thanks to technological progress, there are more and more possibilities for this: ever larger amounts of data from molecular biology, systems biology, medicine, and everyday life can be compared. Therefore, it is so important that as many patients as possible make their data available for research. This way, new therapies and medicines can be developed.

Depending on the purpose, two types of Health Data are distinguished:

• Clinical data collected in a study. 

• Data collected in everyday life, for example, by a pedometer, heart rate monitor, or a doctor. This is known as Real-World Data (RWD), routinely collected data on a patient's health status and/or the provision of healthcare from various sources. Important sources of Real-World Data are electronic health records, disease registries, data from patients, or data from health insurance companies.

The potential of Real-World Data for research is significant. RWD is seen as a potentially rich and underutilized source to gain insights into how diagnostic systems or medicines affect outcomes for patients under real-world conditions. You can learn more about this in the article “Digital Tools for a Self-Determined Life – Using the Example of Spinal Muscular Atrophy (SMA)”.

• Unencrypted health-related personal data: These are data about you and your health. Unencrypted means that the data is identifiable and can be directly attributed to you. Either because they are labeled with your name or because you can be easily identified due to other information such as hospital number, rare disease, etc. In a hospital treatment, the data is usually unencrypted.

• Encrypted health-related personal data: To encrypt samples and data, all information that allows conclusions to be drawn about your person must be removed. This information is not deleted but transferred to a separate document called a “key”. The encrypted data is given a pseudonym, such as a sequence of numbers or letters. Using the pseudonym and the key, the data can be identified as yours. Data and samples are only encrypted if the person working with them does not have access to the key. Data in research registers as well as data and samples in biobanks are usually encrypted.

• Anonymised health-related personal data: These data cannot be traced back to you or only with disproportionate effort. To ensure that data and samples are considered anonymised, they must be irrevocably de-identified. After anonymisation, no one can link the existing data to you. It must be ensured that the effort required for re-identification is disproportionately high and therefore practically impossible. The more data available, the more difficult it is to anonymise it.

To ensure that data can no longer be assigned to a specific person, all identifying characteristics must be completely removed from the datasets. Especially with genetic data, which are very individual, anonymisation is only possible in rare cases. Furthermore, due to rapid technological developments, it is becoming increasingly likely that anonymisation of data, which can no longer be reversed, will probably no longer be possible in the future.

Factual anonymisation is probably the most common form of data sharing with pharmaceutical companies. Your data is coded and pseudonymised and can only be assigned to you as a person with the help of a key. Pharmaceutical companies only receive the data, not the key. Identification is therefore not possible.

According to the Data Protection Act,data is also anonymised as soon as the purpose of the data processing allows it. This means that if it is no longer necessary to have personal data for data processing for research, planning, or statistical purposes, this data must be anonymised. Why pharmaceutical companies need Health Data and which ones you can read here.

Yes. Personal data is regularly processed in research. This is why the Human Research Act(HFG) exists. It is based on the constitutional article on research on humans (Art. 118b BV) and regulates research on human diseases and the human body with health-related personal data.

Compared to the Data Protection Act, the Human Research Act imposes additional requirements on data protection. Firstly, the interests of the individual – your health and well-being – take precedence over the interests of science and society. Secondly, you may only be included in a research project if you have been informed about it and have given or refused your consent. A refusal is binding in any case. Consent can be withdrawn. Thirdly, you have the right to be informed about the results that affect your health. Research projects must always be approved by an ethics committee. No research project may be carried out without the approval of the ethics committee.

There is no universally applicable process. Simplified, the process usually proceeds as follows:

• Step 1: The doctor's practice or hospital where you are being treated informs you about what happens to your Health Data and that you can object. You then sign a consent form.

• Step 2: Your data are usually stored in a central database belonging to the doctor's practice, the hospital, or an affiliated research institution (e.g., registry). There they are stored encrypted and can be reused (secondary use). For example, to answer a research question or for a study. The data can be considered identifiable because a key is available.

• Step 3: When the purpose for which the data is being reused is fulfilled (e.g., when data collection for a study is completed), the database can anonymise the data in a further step. This allows them to be shared with third parties without identifying patients. Proper anonymisation makes it impossible to recognise you as a patient.

In Switzerland, various medical registers record disease data and data on the quality of treatment for quality assurance. A well-known registry is the cancer registry. If someone in Switzerland is diagnosed with cancer, a precancerous condition, or a benign tumor, this is reported to the responsible cancer registry. The data is then forwarded to the National Cancer Registry. Cancer registration has been helping to improve healthcare in Switzerland for years. By making their data available to cancer registries, affected individuals not only help to record all cases of illness but also to improve care for everyone and to combat cancer better. All registries are subject to the same requirements: The data may only be used with the consent of the affected individuals and with the approval of the ethics committee.