Healthcare Compliance

Securite pour Cabinets Medicaux

Comment nous protegeons les donnees des patients avec une architecture privacy-by-design

ISO 27001

A propos de la Certification ISO 27001

Communication transparente

AIAgens n'est actuellement pas certifie ISO 27001. Cependant, notre infrastructure est hebergee dans des datacenters certifies ISO 27001, nos processus sont alignes sur le framework ISO 27001:2022, et nos fournisseurs technologiques sont certifies SOC 2 Type II, ce qui offre des garanties equivalentes ou superieures.

What We Have

  • ISO 27001 aligned policies
  • SOC 2 Type II certified infrastructure
  • GDPR & Swiss FADP compliance
  • EU Data Residency
  • Data Processing Agreement

Legal Basis

  • Swiss FADP does not require ISO 27001
  • Requires "adequate technical measures"
  • SOC 2 provides equivalent assurance
  • Art. 321 CP auxiliary compliance
Privacy by Design

Architecture Zero Data Retention

Les donnees les plus sures sont celles qui ne sont jamais stockees

No Call Recording

Voice conversations are never recorded or stored

Real-Time Processing

Voice data processed in-memory and immediately discarded

Appointments Only

Only scheduling data stored (date, time, name)

No Medical Data Processing

Our AI receptionist handles scheduling only. It does not access patient records, diagnoses, or any clinical information.

Swiss Law

Cadre Juridique Suisse

Regulation Requirement Status
nLPD/FADP Adequate technical and organizational measures Compliant
Art. 321 CP Professional secrecy for healthcare auxiliaries Compliant
GDPR EU data protection regulation Compliant
Swiss-US DPF Data Privacy Framework certification Certified

Art. 321 CP - Auxiliary Status

Under Swiss criminal law, IT service providers are recognized as "auxiliaries" of healthcare professionals. This means we are bound by the same professional secrecy obligations as your staff, with criminal penalties for violations.

Mesures de Securite Techniques

Protection de niveau entreprise

Encryption

TLS 1.3 in transit, AES-256 at rest

EU Data Center

ISO 27001 certified infrastructure in Frankfurt

Access Control

Role-based access, need-to-know principle

24/7 Monitoring

Real-time threat detection and alerting

Audit Trails

Immutable logs of all system access

Daily Backups

Encrypted backups with 30-day retention

Engagements Contractuels

Ce que nous offrons par ecrit

Data Processing Agreement

GDPR Art. 28 compliant DPA with standard contractual clauses

Confidentiality Clauses

Art. 321 CP aligned confidentiality obligations

Breach Notification

24-hour notification commitment for any security incidents

Data Deletion

Guaranteed data erasure upon contract termination

Des Questions?

Notre equipe est prete a repondre a vos exigences specifiques en matiere de securite

Contact Security Team View Trust Center