Frequently asked questions

Homepage > Frequently asked questions

Introduction

Swisscoding Group SA, hereinafter referred to as “the Company”, has the mission of helping hospitals and clinics (hereinafter “Clients”) focus on their core medical activities by relieving them of administrative tasks, in particular post-hospitalization administrative processes such as medical coding and/or the review of coding cases performed by Clients.

This document is intended to provide Clients and prospects of the Company with answers to the most common questions regarding the measures in place to ensure compliance with applicable personal data protection laws in the context of the services provided by the Company.

Frequently asked questions

Does the Company process personal data?

Yes. To perform its services for Clients, the Company processes personal data, including sensitive personal data (such as health data).

In fulfilling its medical coding and coding review services, the Company only processes anonymized data on its specialized (hosted) platform. However, the Company’s medical coders do access Clients’ IT environments remotely, where non-anonymized data may be accessible. These non-anonymized data, however, are never transferred out of the Clients’ environments or stored on the Company’s platform or IT infrastructure.

For its medical coding and case review services, the Company always acts as a data processor as defined by Article 5 of the Swiss Federal Data Protection Act (FADP). The Clients are the data controllers.

As a Swiss-based company, the Company complies with the provisions of the Federal Act on Data Protection (FADP) and the related Ordinance to the FADP (OFADP).

When working with Clients subject to specific cantonal data protection laws, the Company takes special care to respect those particular legal requirements as well.

Yes. The data processed by the Company is physically hosted in a data center in Zurich and geo-replicated to a data center in Gland.
These data are not transferred elsewhere for storage.
However, data may be accessed from third countries under the following three cumulative conditions:

  • The person accessing the data is an employee or subcontractor of the Company;
  • The person uses the secured access methods put in place by the Company; and
  • The person is located in a country recognized by the Swiss Federal Data Protection and Information Commissioner as offering an adequate level of data protection.

This list of adequate countries is regularly monitored by the Company’s DPO.

In the course of its medical coding and case review services, the Company does not share any personal data with third parties or subprocessors.

However, the Company may transmit anonymized data — for example, to Swisscoding Technologies SA, a company focused on developing and providing software solutions for healthcare actors in Switzerland and abroad, especially in medical documentation, coding, billing, and administrative management. Since the data shared is anonymized, it falls outside the scope of the FADP.

If there are any questions regarding the anonymization process used, the Company can provide explanatory documentation upon request.

The Company has an Information Security Policy that outlines the guiding principles it follows to ensure the confidentiality, integrity, and availability of information. This policy is available upon request to Clients.

As an ISO 27001-certified organization, the Company has implemented, via an Information Security Management System (ISMS), appropriate technical and organizational measures to ensure the security of its information. These measures are also listed in the Information Security Policy.

Roles and responsibilities regarding data protection and information security are clearly defined in this policy. The Company has appointed a Data Protection Officer (DPO) and Information Security Officer, who ensure the policy is enforced.

Need more information?

To learn more about our data protection and information security practices, feel free to contact us by email: email: dpo@swisscoding.com
Or by mail:
Swisscoding Group SA
Avenue de la Gare 43
1003 Lausanne, Suisse

Phone number
+41 21 513 68 00

Email address
info@swisscoding.com

Legal Mentions

Cookie Policy

Trust Center

Privacy Policy

SGS Logo
© Swisscoding SA 2024
Made by Magic Pencil
Durch das Absenden dieses Formulars erklären Sie sich damit einverstanden, dass Ihre personenbezogenen Daten gemäß unserer Datenschutzerklärung verarbeitet werden.
En soumettant ce formulaire, vous acceptez que vos données personnelles soient traitées conformément à notre Politique de confidentialité.
By submitting this form, you agree that your personal data will be processed in accordance with our Privacy Policy