Swiss Health Data Space: Federal Office Under Pressure on Data Protection

Executive Summary

The Federal Office of Public Health is planning a "Health Data Space" as a central platform for the exchange of health data among professionals. The project, part of the "Digi Santé" program, is to be built up gradually by 2034 and is more comprehensive than the existing health record. However, experts and data protection officers are demanding strict security requirements to protect sensitive patient data from access by foreign authorities. The FOPH signals its intention to comply with applicable data protection regulations.

People

• Matthias Stürmer (Professor of Digitalization, Bern University of Applied Sciences)
• Dominika Blonski (Vice President, Association of Swiss Data Protection Officers)
• Ruth Wittwer (Author)

Topics

• Healthcare Digitalization
• Data Protection and Data Security
• Cloud Infrastructure
• Public Digital Projects
• Swiss Regulation

Clarus Lead

Switzerland is launching an ambitious digitalization project in healthcare that is meeting considerable skepticism – not only from the population, but also from data protection experts. The central conflict: US tech companies currently control many digital infrastructures, and the US "Cloud Act" requires these companies to make server data accessible to US authorities. For a project involving highly sensitive health data, this is a political Achilles heel that puts the entire course of Swiss digitalization under legitimacy pressure.

Detailed Summary

The "Health Data Space" project is the centerpiece of "Digi Santé," the federal program for digital transformation of Swiss healthcare. Unlike the electronic patient record (now: Health Record), this platform is intended to make all health data exchangeable – doctors, hospitals and other professionals can access shared data sets among themselves. Construction will extend until 2034.

Public acceptance is the critical hurdle. Matthias Stürmer, Professor of Digitalization at Bern University of Applied Sciences, diagnoses justified public skepticism: "Because digitalization is largely controlled by US tech companies, one must and should be skeptical." Central to this is the US Cloud Act, an American law that requires companies like Google or IBM to make server data accessible to US authorities (for example, in case of suspected serious crimes) – regardless of whether the data is stored in Swiss data centers. This means a factual loss of control over sensitive patient data.

The Association of Swiss Data Protection Officers therefore tightened requirements six months ago: Particularly protected personal data must not be stored unencrypted in public cloud storage of international tech companies. Dominika Blonski, Vice President of the Association, bases this on the risk of government access. The FOPH, when asked, signals compliance: it will comply with data protection laws and internal federal administration guidelines, including directives on public cloud use.

Key Statements

• The "Health Data Space" is the largest digitalization project in Swiss healthcare and is to be built up by 2034
• Data protection officers demand: sensitive patient data must not be stored unencrypted in US-controlled cloud systems, as the US Cloud Act enables government access
• Trust in the platform depends on consistent implementation of data protection; the population is skeptical of IT projects in the healthcare sector
• The FOPH declares compliance with all applicable protection provisions and federal administration rules

Further News

• Digital AHV Record from 2028 – Further digitalization project in preparation (12.09.2025)
• Failed Digital Projects – Swiss IT projects often cost more and take longer than planned (11.11.2025)
• Internet Freedom Under Pressure – Decentralization trends vs. centralization tendencies of major platforms (30.11.2025)

Critical Questions

1. Evidence & Data Quality: What specific compliance mechanisms has the FOPH implemented to ensure that the project actually meets the tightened data protection guidelines of the Association – and how is this monitored externally?

2. Conflicts of Interest: To what extent is there a financial or infrastructural incentive for the FOPH to nevertheless resort to established US cloud services in order to save costs, and how is this conflict of interest made transparent?

3. Causality & Alternatives: Could Switzerland build technical alternatives (European or Swiss cloud infrastructure) without incurring significant additional costs or delays? Which scenarios have been examined?

4. Implementation Risk & Side Effects: If the project fails or is delayed due to data protection requirements – how high is the political and budgetary risk, and what contingency planning exists for the exchange of health data in the interim?

5. Trust Gap: The FOPH responds "with restraint" to critical questions – does this not reinforce the public skepticism that threatens to undermine the project?

6. Legal Clarity: Is it legally established that the Association's new data protection requirements are binding for federal offices, or are these merely recommended standards without enforcement mechanisms?

Source Directory

Primary Source: Wittwer, Ruth (2026): "Digitalization in Switzerland – Experts Demand Data Protection for Digital Health Data" – SRF Rendez-vous, 12.05.2026 https://www.srf.ch/news/schweiz/digitalisierung-in-der-schweiz-experten-fordern-datenschutz-bei-digitalen-gesundheitsdaten

Supplementary Sources:

1. NZZ am Sonntag (2026): Report on the FOPH's "Health Data Space"
2. Association of Swiss Data Protection Officers (2026): Clarified Data Protection Requirements for Public Cloud Use

Verification Status: ✓ 12.05.2026

This text was created with the support of an AI model. Editorial Responsibility: clarus.news | Fact-Check: 12.05.2026