Our Security





Data Security is of highest importance. DeinDoktor is secured to protect patient confidentiality.

Online consultation with qualified doctors only


For DeinDoktor.ch, it is of the utmost importance that only qualified physicians offer and perform online consultations. This means that only doctors who are registered with the association of Swiss physicians and doctors FMH, see www.fmh.ch, offer online consultation at DeinDoktor.ch. A membership with the FMH is only possible, if a doctor is properly approved by the Canton, more info here.

DeinDoktor.ch ensures the identity of the doctor as follows:
  1. The potential doctor needs a registered Swiss Mobile number, on which an access code will be sent for registration.
  2. The potential doctor needs an email address and password for the login. For registration, a confirmation email has to be enabled manually.
  3. DeinDoktor.ch checks the registration:- Name, practice address, telephone number, education, GLN - number and E- Mail address are compared with the publicly available information of the doctor (FMH and website of the doctor).
  4. DeinDoktor.ch contacts directly the doctor practice and ensures that the doctor wants to register. Only doctors with private practices are admitted.
DeinDoktor.ch offers the patient to evaluate the doctor after the online consultation and has the right to deactivate available functions of the doctor at DeinDoktor.ch.


The consultation remains confidental


DeinDoktors online (video) consultation employs Transport Layer Security (TLS) to encrypt both voice and video data by using WebRTC (Real Time Communication). TLS enables DeinDoktor to comply with the requirements of the United States HIPAA Security Rule for the transmission of patient health information over the Internet.
The core protocols providing DeinDoktor security are SRTP for media traffic encryption and DTLS-SRTP for key negotiation, both of which are defined by the IETF. DeinDoktor endpoints use the AES cipher with 128-bit keys to encrypt audio and video, and HMAC-SHA1 to verify data integrity.
The RTC (real-time communications) Conference Switch is HIPAA-compliant, which means that medical providers can discuss and transmit patient information without fear of compromising HIPAA regulations.
Safety Pilot is a security protocol that routes calls and shared files through a complex route of encryption, authorizations, permissions and auditing. Doctors and patients can communicate via telemedicine without concerns about malware or unauthorized data access.



The communication is secured


DeinDoktor uses Hypertext Transfer Protocol Secure (HTTPS) which is a communications protocol for secure communication over the Internet. HTTPS is layering the Hypertext Transfer Protocol (HTTP) on top of the SSL/TLS protocol, thus adding the security capabilities of SSL/TLS to standard HTTP communications. HTTP operates at the highest layer of the TCP/IP model, the Application layer; as does the SSL security protocol (operating as a lower sublayer of the same layer), which encrypts an HTTP message prior to transmission and decrypts a message upon arrival. Everything in the HTTPS message is encrypted, including the headers, and the request/response load.

SSL



The transaction is safe


The service provider of DeinDoktor has the PCI DSS (Payment Card Industry Data Security Standard) certification, which is a Level 1 Service Provider. Level 1 has the strictest IT security requirements for payment card information processing. The PCI DSS standard is extensively used in English-speaking countries. This standard is primarily a means of protecting payment card information for all merchant sites and payment solution providers that process, transmit and store payment card information. As a PCI DSS level 1 service provider, DeinDoktors Service providers undergoes rigorous compliance audits performed by a recognized independent organization, the Qualified Security Assessor (QSA).

No access to the electronic patient dossier


DeinDoktor.ch offers neither doctor nor patient access to the electronic patient dossier and has nothing to do with the management of the electronic patient dossier. DeinDoktor focuses on the communication between doctor and patient, therefore information about diseases, Diagnostics and drugs are not logged and also not made available to the health insurance or any other party. The Patient can choose to inform the health insurance or other care providers about bills, consultations, etc. To benefit from online consultation at DeinDoktor.ch no medical information of patients are required. E - mail addresses and passwords are confidential and are not provided to third parties.