Securing Data Privacy for Healthcare Industry´s Prominent Player: Openmedical AG´s Journey with Priverion

Introduction

Openmedical AG turned to Priverion in their quest to secure sensitive patient information and comply with updated data protection laws.  Openmedical AG successfully addressed the challenges associated with data protection in its particular sector of industry and managed to make all necessary adjustments to comply with the revised Swiss Federal Data Protection Act (FADP).

The Challenge: Staying up to date

When Openmedical AG approached Priverion, they were confronted with the task of aligning their data protection policies with the recently revised DSG. The project kicked off with the identification of the most critical aspects to address. The primary objectives were to document the data flows within the Openmedical platform and to establish new data processing agreements (DPA) with their extensive customer base. Simultaneously, Openmedical AG had to assess its technical vulnerabilities to enhance data security— this concretely required to conduct multiple penetration tests as well as vulnerability scans.

The Priverion Approach: Comprehensive Data Flow Analysis and Security Assessment

Data Flow Analysis: Priverion began the project by conducting an extensive data flow analysis within the Openmedical platform. This involved scrutinizing the entire lifecycle of data, from acquisition and storage to processing and transmission. By meticulously mapping data flows, Priverion was able to identify areas of improvement.

Data Processing Agreements: Openmedical AG's wide-reaching customer base added a remarkable feature to the case. Priverion worked closely with Openmedical's team to draft and conclude new data processing agreements (DPA) with thousands of customers. These agreements ensured compliance with the DSG.

Technical Vulnerability Assessment: Understanding the importance of securing data at the technical level, Priverion conducted a series of tests to identify vulnerabilities. This included comprehensive penetration testing and vulnerability scans. The results provided a clear view of potential entry points for cyber threats and guided the development of strategies to mitigate these risks.

Results and Impact: Stronger Data Protection and Legal Compliance

The work between Openmedical AG and Priverion resulted in significant improvements to the company's data protection efforts. By taking proactive steps (e.g. regular reviews, new architecture decisions), Openmedical AG positioned itself as a leader in data security and privacy within the healthcare sector.

Conclusion

The collaboration between Openmedical AG and Priverion demonstrates the power of collaboration and expert guidance in the realm of data protection. By addressing the challenges associated with data flows, legal requirements and technical vulnerabilities, Openmedical AG not only secured their data but also solidified their reputation as a responsible and trustworthy provider in the healthcare sector. With Priverion's assistance, Openmedical AG emerged stronger, better prepared to protect patient data and in full compliance with data protection laws. This short description showcases the importance of proactive data protection strategies and the positive outcomes that result from taking the necessary steps to secure sensitive information.

‍