Health data is our first responsibility. Here is where it lives, how it is protected, and the frameworks we comply with.
You choose the jurisdiction: Switzerland, France or another European Union country. Patient data stays in the chosen territory and under your jurisdiction — it is never transferred outside that perimeter without your agreement. Our datacenters comply with the Swiss nLPD and the GDPR.
Our infrastructure and processes are audited against the most demanding standards in the industry:
Audit reports are available under a non-disclosure agreement (NDA), on request at contact@globalaccess.ch.
Data is encrypted in transit (TLS) and at rest. Exchanges between the on-premise hospital components and the cloud are mutually authenticated (mTLS). Direct patient identifiers are segregated from the rest of the record.
For AI features (voice dictation, prescription OCR), data is anonymized before any processing by an external model.
Every sensitive action — reading or modifying a report — is logged: who, what, when, from which address. Audit logs are retained in line with legal obligations and remain available for inspection.
Your data belongs to you. It is neither sold nor shared with third parties for commercial purposes. A data processing agreement (DPA) governs each processing activity; the list of subprocessors is provided on request.
Data is retained only as long as strictly necessary and deleted once the applicable legal periods expire. No indefinite retention of personal health data.
Found a vulnerability? Write to contact@globalaccess.ch. We handle security reports as a priority and commit to responding quickly.