Taking EPD risks in hand: A system for greater security
22.07.2025
Digitisation in the healthcare sector is moving full speed ahead – alongside corresponding requirements for data protection, system security and availability. eHealth Suisse, the national coordination and competence centre for the electronic patient dossier (EPD), placed its trust in the expertise offered by Ergon when designing and implementing overarching risk analysis. The result: A holistic concept, a systematically structured risk catalogue and an iterative analysis process that establishes lasting trust.
As the joint centre of expertise for the federal government and the cantons, eHealth Suisse is responsible for coordination and information for the electronic patient dossier (EPD) project and standardisation in the fields of technical and semantic interoperability. It is coordinating the introduction of the EPD and its further development with the aim of making healthcare in Switzerland more interconnected, secure and efficient.
Security for a complex system
The electronic patient dossier is an IT system organised in a decentralised manner with many different stakeholders – including communities, platform operators, national services, service providers and patients. The federal government commissioned eHealth Suisse with the coordination of the EPD operations and its further development. A structured, overarching risk analysis was required to respond proactively to threats in this dynamic environment.
eHealth Suisse sought external assistance with the design and implementation of these overarching risk analyses. The aim was to be able to identify potential risks at an early stage, evaluate risks in a targeted way and come up with effective measures to counter them.
From structured analysis to a sustainable security culture
Ergon brought its experienced team, methodical strength and an in-depth understanding of the industry to the table. Together, the two organisations developed a holistic concept, based on a top-down approach that systematically identifies threat scenarios. This is supplemented by perspectives from the bottom up. The risk catalogue is split into key themes such as operations, data protection and strategic development and is structured along the lines of functional system zones. Assessment models for probability of occurrence and extent of damage, alongside potential measures, were agreed with eHealth Suisse. The initial analysis delivered concrete results and measures that were sound, prioritised and had clear responsibility.
“Together with Ergon, we have established structured risk management for the EPD. Their expertise continues to help us assess risks soundly and define measures to strengthen secure and stable EPD operations.”
From reactive monitoring to proactive risk management
The solution significantly strengthens the capacity of eHealth Suisse to make decisions and take action today. Risks are evaluated systematically and addressed proactively. This increases security, improves management and establishes trust among all stakeholders – from platform operators to the population. In this way, risk analysis is making a vital contribution to the success and development of the EPD – and the digital future of the Swiss healthcare system.