Compliance & Data Protection at anamedi
At anamedi, compliance is not an afterthought — it's the foundation of everything we build. Our solution is specifically designed to meet the highest standards for data protection, privacy, and security in Swiss and European healthcare environments.
🇨🇭FDAP – Swiss Federal Data Protection Act
Anamedi is fully compliant with the revised FDAP (revDSG). All personal health data is:
Stored and processed in Switzerland
Access-controlled and pseudonymized where possible
Processed only with patient consent and within healthcare-specific legal frameworks
🇪🇺 GDPR – General Data Protection Regulation
Our data handling complies with GDPR, including:
Article 6: Lawfulness of processing (explicit consent)
Article 25: Data protection by design and by default
Article 32: Security of processing
Article 17: Right to erasure (with medical documentation exceptions)
🇺🇸 HIPAA (for international customers)
While Anamedi is not currently deployed in the U.S., our infrastructure follows best practices aligned with HIPAA principles, including access control, audit logs, and encryption.
🖥️ On-Premise Deployment
For hospitals and practices with stricter data policies, Anamedi offers full on-premise deployment. This gives healthcare providers complete control over:
Data residency
System access
Network security
🔐 Security & Data Protection
End-to-End Security by Default:
TLS 1.3 encrypted data transfer from microphone to cloud
AES-256 encryption of all stored data
Isolated processing environments (containerized AI models)
Audit trails for all document changes
Role-based access control (RBAC)
Multi-layer firewall and intrusion detection systems
Our infrastructure is built for zero trust environments and follows best practices from OWASP and NIST.
📜 Legal Framework & Patient Consent
We work with legal experts to ensure compliant patient consent processes. Patients must explicitly agree to audio recording and AI-supported documentation. Our consent templates meet the legal standards of the FDAP and GDPR and are designed for:
Informed, understandable communication
Simple digital or paper-based consent flows
Immediate revocation rights
🧠 Data Processing & Hosting
All data is processed exclusively in Switzerland or in GDPR-compliant environments
No transfer to U.S. infrastructure
Optional local processing (on-premise or edge-device transcription) where feasible
Automated deletion of non-essential data after processing
No long-term storage of audio data unless explicitly configured by the clinic
🇨🇭 Swiss Made Hosting
We use ISO-certified, HDS/FINMA-compliant Swiss data centers with:
Redundant storage
Energy-efficient infrastructure
24/7 monitored environments
Full transparency on data residency and access
🧭 Why Not AWS or Microsoft Azure?
We deliberately do not use U.S.-based hyperscalers due to the U.S. CLOUD Act, which allows U.S. authorities to access data — even if hosted in Europe.
Instead, we partner with Swiss hosting providers to ensure your patient data stays protected under Swiss and EU jurisdiction only.
Still Have Questions?
We’re happy to talk directly with your practice or IT team. Let’s make sure all your compliance and security questions are answered.
👉 Contact us at info@anamedi.com