Data protection & InfoSec for a Health Record Platform


Every aircraft generates terabytes of data. From pilots to flight behavior to maintenance.

Data protection & InfoSec for a Health Record Platform

Securing Data Privacy for Healthcare Industry´s Prominent Player: Openmedical AG´s Journey with Priverion


Openmedical AG turned to Priverion in their quest to secure sensitive patient information and comply with updated data protection laws.  Openmedical AG successfully addressed the challenges associated with data protection in its particular sector of industry and managed to make all necessary adjustments to comply with the revised Swiss Federal Data Protection Act (FADP).

The Challenge: Staying up to date

When Openmedical AG approached Priverion, they were confronted with the task of aligning their data protection policies with the recently revised DSG. The project kicked off with the identification of the most critical aspects to address. The primary objectives were to document the data flows within the Openmedical platform and to establish new data processing agreements (DPA) with their extensive customer base. Simultaneously, Openmedical AG had to assess its technical vulnerabilities to enhance data security— this concretely required to conduct multiple penetration tests as well as vulnerability scans.

The Priverion Approach: Comprehensive Data Flow Analysis and Security Assessment

Data Flow Analysis: Priverion began the project by conducting an extensive data flow analysis within the Openmedical platform. This involved scrutinizing the entire lifecycle of data, from acquisition and storage to processing and transmission. By meticulously mapping data flows, Priverion was able to identify areas of improvement.

Data Processing Agreements: Openmedical AG's wide-reaching customer base added a remarkable feature to the case. Priverion worked closely with Openmedical's team to draft and conclude new data processing agreements (DPA) with thousands of customers. These agreements ensured compliance with the DSG.

Technical Vulnerability Assessment: Understanding the importance of securing data at the technical level, Priverion conducted a series of tests to identify vulnerabilities. This included comprehensive penetration testing and vulnerability scans. The results provided a clear view of potential entry points for cyber threats and guided the development of strategies to mitigate these risks.

Results and Impact: Stronger Data Protection and Legal Compliance

The work between Openmedical AG and Priverion resulted in significant improvements to the company's data protection efforts. By taking proactive steps (e.g. regular reviews, new architecture decisions), Openmedical AG positioned itself as a leader in data security and privacy within the healthcare sector.


The collaboration between Openmedical AG and Priverion demonstrates the power of collaboration and expert guidance in the realm of data protection. By addressing the challenges associated with data flows, legal requirements and technical vulnerabilities, Openmedical AG not only secured their data but also solidified their reputation as a responsible and trustworthy provider in the healthcare sector. With Priverion's assistance, Openmedical AG emerged stronger, better prepared to protect patient data and in full compliance with data protection laws. This short description showcases the importance of proactive data protection strategies and the positive outcomes that result from taking the necessary steps to secure sensitive information.

Customer reviews

“Priverion made it possible to standardize our global privacy efforts over our different local organizations and drive efficient marketing solutions.”

Sunstar Group — Digital Transformation Strategy & Services

"Mit Hilfe von Priverion hat sich Careerfairy als vertrauenswürdige und konforme Plattform etabliert. Sie haben unseren Verkaufsprozess optimiert, und die Einhaltung des Datenschutzes sichergestellt. Der Erfolg unserer Partnerschaft unterstreicht die Bedeutung der Priorisierung von Datenschutz und Transparenz mit Experten wie Priverion."

Careerfairy AG — CEO

"Die Zusammenarbeit von FunctionHR mit Priverion zeigt, wie Fachwissen im Datenschutz und die ISO 27001-Zertifizierung die Geschäftsexpansion vorantreiben können. Gemeinsam haben wir die Datensicherheit in einen Wettbewerbsvorteil verwandelt, der es FunctionHR ermöglicht, mit Vertrauen und Zuversicht in neue Märkte vorzudringen."

functionHR GmbH — CEO

"Priverion hat es uns ermöglicht, die angemessenen Datenschutzrichtlinien für unseren Gesundheitssektor umzusetzen. Ihre Expertise unterstütz uns, unserer Verpflichtung zu Datensicherheit und Compliance gerecht zu werden."

openmedical AG — Product Management