Free Consultation

The need to secure your sensitive patient data

At MOD1, we recognise you as an owner or manager of a small to medium-sized medical practice who wants to safeguard your patients’ sensitive information, protect your business against online threats such as ransomware and comply with the revised Swiss Federal Act on Data Protection (FADP).

You can accomplish this by implementing a series of technical and organisational measures that satisfy the Swiss Medical Association’s (FMH) minimum standards for information security in medical practices.

Common challenges

The challenge you face is that you lack the resources, specialist expertise, and experience to accurately assess your current information security posture whilst focusing on your core business of treating patients. 

If unresolved, this will place your medical practice at heightened risk of a data breach, loss of revenue, damaged reputation, operational downtime and legal liability.

The MOD1 health care provider security assessment service

It is our firm belief that every medical practice can meet the FMH requirements and maintain compliance with the more stringent privacy requirements of the revised Swiss Federal Act on Data Protection (FADP).

Still, we appreciate that embarking on an initiative to implement the numerous recommendations can seem daunting, especially when your organisation lacks the relevant internal expertise to make an accurate assessment of the shortcomings of your existing information security capabilities.

That’s why we created the MOD1 Health Care Provider Security Assessment Service, a comprehensive risk assessment that provides the following benefits:

  • provides a detailed assessment of the security of the practice's IT environment
  • identifies gaps and potential for improvement
  • provides information on critical problem areas
  • highlights FMH requirements that you have successfully implemented
  • increases staff awareness of information security and data privacy best practices
  • can reduce your cyber-liability insurance premium by up to 30%

Here's how it works:

We will guide you through our online assessment questionnaire.

The assessment requires your practice to answer a series of multiple-choice questions about your existing information security and privacy measures.

Our accredited cyber security, data protection, risk and compliance experts evaluate your questionnaire and we discuss the result together.

The result provides:

  • A summary of your existing security and data protection measures and the extent to which they meet the FMH's minimum requirements.

  • Practical advice on how to adapt your current measures to the minimum requirements of the FMH

  • An implication of the resource requirements to develop your current processes, procedures and controls

  • A prioritised overview of the risks to your practice's IT environment

  • Detailed recommendations on how to reduce information risk in a cost-effective way


Based on the security assessment, the practice management can decide whether further steps are necessary to improve cyber security. If yes, we continue with step 3.

If requested, a comprehensive project for the implementation of controls is started on the basis of the security assessment.

The practice appoints a project coordinator to liaise between the consultant and the practice. We then make an appointment with the project coordinator to start step 4.

We conduct interviews and process reviews with relevant practice staff to determine which processes and procedures are implemented and to what extent they are carried out.

For this purpose, meetings are held, partly in person at the practice and partly virtually. The practice is updated on our work at each of the virtual meetings. The practice can follow our progress, documentation and work steps virtually at any time.

The duration of the project depends on the practice and the desired pace. We recommend that the work is spread over no more than three months. Of course, the entire project can also be completed within a few weeks.

After all processes are updated and documented, a cyber security awareness training takes place. All employees should participate in order to sharpen their knowledge about cybercrime.

Afterwards, the practice receives the entire project in written form and can, if necessary:

  • look up everything about cyber security in the practice,

  • update the cyber security independently and,

  • in the worst case, prove that all regulations and laws have been complied with.

What are the deliverables?

The security assessment culminates in a comprehensive report highlighting deficiencies and providing recommendations on measures that you need to meet the minimum requirements of the FMH standard and align with the requirements of the revised FADP.

You also benefit from a management presentation that walks through the content of the report to help provide guidance around the issues observed and advice on the cost effective implementation of additional controls, as necessary.

Why MOD1?

Unlike other providers of cybersecurity risk management services, our consultants are professionally accredited and accustomed to working in the highly regulated healthcare sector.

We appreciate that no two organisations are the same, so we tailor our services to each client’s internal cybersecurity knowledge, capabilities, size, complexity, risk appetite, and budget.

If you’re interested in learning more, schedule a free HCP Security Assessment Discovery Call with a MOD1 cybersecurity, privacy, risk and compliance expert today.

Ready to secure your patient data?

Book your free Healthcare Provider Security Assessment discovery call today.