Question of the month: How does Compassana protect patients’ personal data?

The short answer: just like a banking app. The longer one: in accordance with the strictest standards when it comes to privacy and data security.

Joy Weichhart

08. August 2023

Data lock on keypad
Data protection is key to Compassana. (Symbol image: Unsplash)

As Clinical Applications Manager, I travel all over Switzerland to recruit healthcare providers and patients for Compassana. And while doing so, I keep hearing similar questions. From now on, I will be answering one of these key questions every month here in this blog; today’s question deals with data protection.  

So, here we go: 
Compassana primarily regards data protection as safeguarding an individual’s right to determine their own data privacy. This means that only users have access to their account and can use it independently.  

To safeguard this, Compassana employs a large number of coordinated technical and organisational methods. These are based on proven technologies and comply with the recommendations regarding current state-of-the-art technologies for information security and data protection.

Therefore, one important basis for data security in the Compassana app is the extremely high degree of technical information security: 

Personal data and medical information are encrypted to the highest “on transit” and “on rest” standards via the Compassana platform and stored in a data centre near Zurich.

Access is restricted to rigorous identity verification using two-factor authentication (2FA) and a prior video-identification procedure. In keeping with the concept of data minimisation, the app stores no data on the user’s smartphone, which means that the data remains safe even if a device is lost. The carefully designed security architecture (privacy by design) is regularly subjected to real tests by external PEN testers (who are, to all intents and purposes, commissioned hackers) to prove its effectiveness. It is only after these tests have been performed that new functions are activated for the app’s users. 

From a legal point of view, all data protection laws that apply in Switzerland and the EU are adhered to. The Compassana app displays the consents and approvals that have been granted (or revoked) directly.  

In summary, Compassana ensures that the data is secure and that users themselves have full control over it.