We're on Medica 2023, come say "hi" and connect in Hall 12, Booth E53-03!

Back to blog

How To Choose The Right EHR Software Part 2

In the first part of our series, we embarked on selecting the perfect Electronic Health Record software, focusing on essential considerations such as defining goals, assessing practice needs, budget allocation, and key features like user-friendliness, interoperability, and customization. Part 2 of our comprehensive guide investigates the intricate process of choosing the right EHR software.

post illustration

Selecting an EHR system isn’t a one-size-fits-all endeavor, and the decision-making process extends far beyond the initial evaluation. It’s about ensuring your healthcare practice has a robust and adaptable platform to elevate patient care, streamline operations, and embrace the ever-evolving healthcare landscape. In this part, we navigate the finer details of the selection process, providing strategies and insights that will empower you to make an informed and strategic choice.

Choosing the right EHR software is a transformative journey, and we’re here to guide you through every step, ensuring that your practice aligns seamlessly with the future of healthcare. Join us as we continue the quest to select the EHR system that meets your practice’s unique needs and propels it into a new era of efficient, patient-centered care.

8. Data Security and Privacy

When selecting an Electronic Health Record system, the most crucial consideration is safeguarding patient data. Ensuring the highest levels of data security and privacy is a legal requirement and a fundamental ethical obligation in the healthcare industry.

Here’s an in-depth exploration of the critical components that constitute robust data security and privacy within your EHR software:

  • Data Encryption: Robust data encryption is a fundamental aspect of EHR security. The software should employ strong encryption to protect patient data in transit and at rest. Any data transmitted over networks and stored on servers should be unreadable to unauthorized individuals.
  • User Authentication: The EHR system should implement stringent user authentication protocols. This includes secure user logins with strong, unique passwords and, ideally, multi-factor authentication (MFA) to add an additional layer of security. MFA can involve something the user knows (password), something the user has (a mobile device or token), and something the user is (biometric data like fingerprints or facial recognition).
  • Role-Based Access Control: Access to patient data should be based on roles and permissions. Only authorized healthcare providers and staff should have access to specific patient records and information. Role-based access control ensures users can only view or edit data pertinent to their responsibilities.
  • Audit Logs: Robust EHR software maintains detailed audit logs that record every action taken within the system. These logs provide a trail of who accessed patient data, what changes were made, and when these actions occurred. Regular review of audit logs can help detect and respond to unauthorized or suspicious activities.
  • Data Backup and Recovery: Data security is not only about preventing breaches but also about preparedness. EHR systems should have data backup and recovery mechanisms in place. This ensures that patient data can be recovered in case of unforeseen events like system failures, natural disasters, or cyberattacks.
  • Access Control and Session Management: EHR software should feature robust access controls, ensuring that users are automatically logged out after periods of inactivity. This reduces the risk of unauthorized access in cases where a user leaves their workstation unattended.
  • Secure Messaging: For internal communication and collaboration, EHR software should offer secure messaging capabilities. This allows healthcare providers and staff to communicate about patient care without compromising data security.
  • Compliance with Regulations: Ensure the EHR system complies with relevant healthcare data protection regulations. In the United States, this means adhering to the Health Insurance Portability and Accountability Act (HIPAA). In the European Union, it’s compliance with the General Data Protection Regulation (GDPR).
  • Vendor Commitment to Security: Consider the EHR vendor’s commitment to security. They should have a dedicated focus on data protection, regular security audits, and a proactive approach to addressing vulnerabilities and emerging threats.
  • Education and Training: Data security is only as strong as the system’s individuals. Ensure that your healthcare providers and staff receive comprehensive training and education on best practices for data security, including how to handle patient data responsibly.
  • Incident Response Plan: In the unfortunate event of a data breach or security incident, the EHR software should be backed by a well-defined incident response plan. This plan should outline the steps to take in case of a breach, including notifying affected parties and regulatory authorities as required by law.
  • Continuous Monitoring and Improvement: Security is an ongoing process. The EHR vendor should commit to continuous monitoring of the system’s security, performing regular updates and improvements to address emerging threats and vulnerabilities.

By meticulously evaluating these data security and privacy components in your EHR software, you ensure that patient data remains confidential, intact, and protected from unauthorized access or breaches. This commitment not only upholds regulatory compliance but also preserves the trust and well-being of your patients, which are at the heart of quality healthcare delivery.

9. Vendor Reputation and Support

When selecting the right Electronic Health Record software for your healthcare practice, the vendor’s reputation and the quality of their support services are crucial in ensuring a successful and efficient EHR implementation.

Here’s a closer look at why these factors are essential:

  • Vendor Reputation: Investigating the reputation of the EHR vendor is akin to performing due diligence before entering into a critical business partnership. A vendor with a strong and positive reputation is more likely to offer reliable software, maintain ethical business practices, and provide quality support.
  • Customer Reviews and Testimonials: Customer reviews and testimonials provide valuable insights into the experiences of other healthcare practices that have chosen the same vendor. The real-world accounts shed light on the software’s performance, user-friendliness, and the vendor’s responsiveness to issues and requests. Positive reviews can instill confidence in your choice, while negative ones may reveal potential pitfalls.
  • Track Record: Assess the vendor’s track record, including their history of delivering EHR solutions. A vendor with a proven track record of successful implementations and ongoing support demonstrates their commitment to meeting the needs of healthcare providers.
  • Customer Support: Excellent customer support is paramount when dealing with complex EHR systems. Consider the availability of support channels (phone, email, chat), response times, and the vendor’s commitment to resolving issues promptly. The vendor should also offer comprehensive training and resources to help your team get the most out of the software.
  • Scalability: As your practice grows, you’ll need a vendor that can scale with you. Investigate whether the vendor has a history of accommodating the changing needs of their clients, from smaller practices to larger healthcare organizations.
  • Technical Expertise: Assess the vendor’s technical expertise, including their ability to adapt to industry standards and technologies. Ensure they stay updated with the latest healthcare regulations, security standards, and interoperability requirements.
  • Regular Updates: Staying up to date with software updates and enhancements is crucial for keeping your EHR system secure and aligned with evolving healthcare standards. Verify that the vendor has a track record of providing regular updates and patches to address security vulnerabilities and improve functionality.
  • Communication and Transparency: A reliable vendor maintains open and transparent communication. They should inform you about any changes, outages, or updates well in advance, allowing your practice to plan accordingly.
  • Support Documentation: Evaluate the availability of support documentation, including user guides, FAQs, and online resources. Easy access to such materials empowers your team to troubleshoot minor issues independently.

In summary, the reputation and support the EHR vendor offers can significantly impact your practice’s experience with the software. By choosing a reputable vendor with a history of excellent customer support, you gain peace of mind and set the stage for a successful and productive EHR implementation, ongoing system maintenance, and effective issue resolution.

10. Scalability

When selecting the right Electronic Health Record (EHR) software for your healthcare practice, you need to consider the element of scalability.

This factor isn’t just about the present state of your practice; it’s about ensuring that your EHR system can evolve and adapt to your healthcare organization’s future needs and growth.

Let’s explore the profound significance of scalability in your EHR software selection:

  • Future Growth Plans: Begin by envisioning the growth trajectory of your healthcare practice. Are you planning to expand your patient base, add new healthcare providers, or offer additional services in the coming years? The EHR system you select should align seamlessly with these growth objectives. It should be capable of accommodating more patient data, increased user accounts, and expanded clinical services without necessitating a complete overhaul.
  • Data Capacity: Scalability in your EHR software ensures it can handle a growing volume of patient data. As your practice expands, you’ll accumulate more patient records, diagnostic reports, treatment histories, and administrative data. A scalable system should offer ample storage capacity and efficient data management to prevent data overload or slowdowns.
  • User Accounts: Consider how the EHR system manages user accounts. Scalability should easily encompass adding new users, such as healthcare providers, nurses, administrative staff, and support personnel. It should also provide role-based access control to ensure users can access only the data and features relevant to their responsibilities.
  • Interoperability: As your practice grows, you may collaborate with a broader network of healthcare providers, laboratories, and specialists. A scalable EHR system should offer robust interoperability capabilities, allowing seamless data exchange with external systems and entities ensuring efficient care coordination.
  • Customization: Scalability should extend to the customization of the EHR system. The ability to tailor the software to accommodate new specialties, services, and workflows is crucial. This empowers your practice to adapt the EHR to changing requirements without compromising data integrity or workflow efficiency.
  • Performance and Speed: A scalable EHR system should handle more data and users and maintain its performance and speed. As your practice expands, the software should continue to deliver responsive user experiences, quick data retrieval, and efficient administrative processes.
  • Cost Efficiency: A scalable EHR system can also translate into cost efficiency. It minimizes the need for a complete software overhaul or transition to a new system as your practice expands. This can result in significant cost savings regarding implementation, training, and data migration.
  • Compliance: As your practice grows, you may encounter evolving regulatory requirements. A scalable EHR system should be adaptable to these changes, allowing you to remain in compliance with healthcare regulations such as HIPAA or GDPR.

In essence, scalability in your EHR software selection is an investment in the future of your healthcare practice. It’s about preparing for growth, optimizing efficiency, and ensuring that your EHR system remains a valuable tool that evolves alongside your practice, facilitating high-quality patient care and operational excellence.

11. Training and Onboarding

Selecting the right Electronic Health Record software for your healthcare practice is just the beginning of a transformative journey.

To ensure a successful implementation, evaluating the training and onboarding options offered by the vendor is crucial. Adequate training and onboarding are the cornerstones of seamlessly transitioning to the new system and realizing its full potential.

Here’s a comprehensive exploration of why training and onboarding are integral to your EHR software selection:

  • Customized Training Plans: Look for EHR vendors who provide customized training plans tailored to the specific needs of your practice. Every healthcare practice is unique, and your training should reflect this. Customized training ensures that your staff receives instruction on the features and workflows most relevant to their roles.
  • Onsite and Remote Training: Effective training should offer a variety of delivery methods, including both onsite and remote options. Onsite training allows your team to receive hands-on instruction within your practice environment, while remote training can be convenient for staff members who may be geographically dispersed.
  • Comprehensive Curriculum: The training curriculum should encompass all EHR system features and capabilities. This includes data entry, patient record management, appointment scheduling, billing and coding, and any specialized functionalities relevant to your practice’s specialty.
  • Ease of Accessibility: Training materials and resources should be easily accessible to your staff. This includes training manuals, video tutorials, and interactive e-learning modules. The availability of these resources allows staff to refresh their knowledge as needed and ensures ongoing proficiency.
  • User Support During Transition: During the initial transition to the new EHR system, users will likely encounter questions and challenges. The vendor should provide reliable user support to address these concerns promptly. This support can include a dedicated helpdesk, live chat, or phone support.
  • Timely Training: The timing of training is critical. It should occur well before the EHR system’s full implementation, allowing staff members to become familiar with the software and practice using it without the pressure of immediate go-live deadlines.
  • Scalability: The training provided should be scalable, which can accommodate new staff members as your practice grows. Whether onboarding new employees or simply providing refresher training, the training resources should adapt to changing needs.
  • Certification and Proficiency: Consider certification or proficiency testing options after training. This can help identify staff members who have mastered the system and ensure that everyone is adequately prepared for their roles.
  • Feedback and Adaptation: Effective training involves a feedback loop. The vendor should actively seek feedback from your staff during and after the training process. This feedback can be used to refine training programs and materials, ensuring that they are continuously improved.
  • Ongoing Training and Updates: The EHR software and the healthcare industry constantly evolve. The vendor should provide ongoing training and updates to inform your staff about new features, security best practices, and compliance requirements.
  • Integration with User Feedback: Your staff’s input is invaluable. An effective onboarding and training program should integrate user feedback and insights into the software’s usability and training materials. This collaborative approach ensures that the training process aligns with the preferences and needs of your healthcare team.

Adequate training and onboarding are the keys to unlocking the full potential of your EHR system. They empower your staff to adapt seamlessly to the new technology, reducing the learning curve, increasing productivity, and, ultimately, leading to a more efficient and patient-focused healthcare practice.

12. Data Migration

When transitioning to a new EHR system, one of the most critical considerations is the seamless transfer of your existing patient data.

Data migration moves patient records, medical histories, treatment plans, and other essential information from your current system to the new EHR software. This process must be meticulously executed to avoid data loss, errors, or disruptions in patient care.

Here’s a comprehensive exploration of why data migration is vital and what you should discuss with the EHR vendor:

  • Data Integrity: The primary concern in data migration is maintaining the integrity of your patient data. It’s crucial that all records, including clinical notes, lab results, medication histories, and imaging files, are accurately transferred to the new system. Any data loss or inaccuracies could compromise patient care and safety.
  • Structured and Unstructured Data: Patient data comes in various formats, from structured data (like numerical measurements and standardized codes) to unstructured data (such as physician notes and narrative descriptions). The data migration plan should address both types, ensuring that structured data is mapped correctly and unstructured data is converted accurately.
  • Data Mapping: Data mapping matches data fields in your existing system to corresponding fields in the new EHR software. This process requires a meticulous and standardized approach to avoid errors or inconsistencies in data transfer. Discuss the data mapping strategy with the vendor to ensure they have a well-defined plan.
  • Validation and Quality Control: Effective data migration involves validation and quality control processes. The vendor should have mechanisms in place to validate the accuracy and completeness of the migrated data, identifying and rectifying any discrepancies or issues during the migration process.
  • Timing and Downtime: Plan the timing of data migration carefully. Consider whether data migration can occur during non-operational hours to minimize disruptions to patient care. Ensure that the vendor can provide a clear timeline for the migration process.
  • Fallback Plan: Discuss what happens in the event of unforeseen issues during data migration. A well-prepared vendor should have a fallback plan if the migration encounters unexpected challenges to ensure minimal downtime and data loss.
  • Data Retention: Verify that your existing patient data remains accessible even after migration. The old system should retain patient records for legal and historical purposes, even if you no longer use it for new patient encounters.
  • Training on Data Access: Ensure your staff is trained on accessing and retrieving patient data in the new system post-migration. Understanding how to search for and retrieve historical patient records is crucial for delivering consistent care.
  • Data Backup: Before any data migration, it’s essential to back up your existing patient data. The vendor should advise on and assist with this process to safeguard your information.
  • Data Security During Migration: Discuss the security measures to protect patient data during migration. Data should be encrypted, and access controls should be enforced to prevent unauthorized access.
  • Regulatory Compliance: Ensure the data migration process aligns with regulatory requirements, such as HIPAA in the United States or GDPR in Europe. Patient data must be handled in compliance with relevant data protection regulations.
  • Testing and Validation: Before going live with the new system, the vendor should perform testing and validation of the migrated data to ensure that everything is functioning as expected.

Data migration is a complex process that, if not executed correctly, can have significant repercussions for your practice. Therefore, discussing this aspect thoroughly with the EHR vendor is imperative, ensuring that they have a well-defined plan, tools, and expertise to transfer your existing patient data accurately and securely to the new system.

13. Reporting and Analytics

In the dynamic landscape of healthcare, data isn’t just about records and numbers; it’s a powerful tool for decision-making, performance improvement, and patient care enhancement. When selecting Electronic Health Record software for your healthcare practice, one of the key considerations is the presence of robust reporting and analytics capabilities.

These tools go beyond data storage; they empower your practice to extract valuable insights from patient records, diagnoses, treatments, and operational metrics.

Here’s an extensive exploration of why reporting and analytics are integral to your EHR software selection:

  • Performance Evaluation: Robust reporting and analytics tools enable you to assess your practice’s performance across various dimensions. You can track patient outcomes, resource utilization, and operational efficiency. This insight is invaluable for making data-driven decisions to optimize your practice.
  • Clinical Decision Support: EHR software with advanced analytics can provide clinical decision support, offering real-time guidance to healthcare providers based on the patient’s data and best clinical practices. This enhances the quality of care and patient safety.
  • Population Health Management: Reporting and analytics are instrumental in population health management. They allow you to identify health trends and patterns within your patient population. By analyzing this data, you can proactively address public health issues and provide preventive care.
  • Financial Management: Reporting tools can aid financial management by tracking billing and reimbursement metrics. You can identify areas where revenue can be optimized, monitor billing and coding accuracy, and ensure compliance with billing regulations.
  • Quality Measures: EHR systems with robust reporting capabilities can help you meet quality reporting requirements. You can track and report on quality measures necessary for participation in various incentive programs and value-based care arrangements.
  • Customizable Reports: Look for EHR software that allows you to create customized reports. This flexibility ensures you can generate reports tailored to your practice’s unique needs, specialties, and objectives.
  • Data Visualization: Data visualization tools make complex data more understandable. Charts, graphs, and dashboards provide at-a-glance insights, making it easier for healthcare providers and administrators to grasp the significance of data trends.
  • Benchmarking: Benchmarking allows you to compare your practice’s performance against industry standards and peers. It can help you identify areas where you excel and areas that require improvement.
  • Predictive Analytics: Some advanced EHR systems incorporate predictive analytics, which use historical data to forecast patient outcomes, disease progression, and resource needs. This can aid in early intervention and resource allocation.
  • Patient Engagement: Analytics can also help with patient engagement. By tracking patient behavior and preferences, you can tailor communication, education, and outreach efforts to improve patient engagement and adherence to treatment plans.
  • Research and Innovation: For practices involved in research or innovation, reporting and analytics tools can support data collection and analysis. This is especially relevant in specialties that require clinical trials or outcomes research.
  • User Training: To fully harness the power of reporting and analytics, ensure that your healthcare providers and staff receive training on how to use these tools effectively.

Reporting and analytics aren’t just about data collection; they’re about turning data into actionable insights. When integrated into your EHR system, these capabilities empower your practice to make informed decisions, improve patient care, and stay at the forefront of healthcare innovation. Consider the depth and breadth of reporting and analytics features as key to your decision-making process when choosing EHR.

14. Trial Period

The decision to adopt a new Electronic Health Record system is significant for your healthcare practice, and making an informed choice is crucial. A trial period allows you to put the software to the test in a real-world clinical setting, and it’s a golden opportunity to assess how well it aligns with your practice’s unique needs and workflows.

Here’s an in-depth exploration of the importance of a trial period in your EHR software selection process:

  • Real-World Assessment: A trial period provides real-world, hands-on experience using the EHR software. It allows your healthcare providers and staff to interact with the system in a clinical environment, uncovering any usability issues, workflow bottlenecks, or features that may not align with your practice’s requirements.
  • User Feedback: During the trial, you can actively solicit feedback from your healthcare team. Their input is invaluable in identifying both the strengths and weaknesses of the software. User feedback can highlight aspects requiring improvement or customization to enhance efficiency and user satisfaction.
  • Customization Assessment: A trial period offers the opportunity to evaluate the EHR system’s customization capabilities. You can assess whether the software can be tailored to accommodate your practice’s specialty, unique workflows, and specific data capture needs.
  • Integration Testing: If your practice already uses other healthcare systems or software (such as billing, lab, or imaging solutions), a trial period allows you to test the EHR system’s compatibility and integration with these existing systems. It’s an opportunity to verify that data can flow seamlessly between systems.
  • Performance and Scalability Testing: Trial periods also provide insight into the EHR software’s performance and scalability. You can assess whether it remains responsive and efficient as your practice increases patient load and data volume.
  • Quality of Support: The trial period is a prime opportunity to evaluate the vendor’s support services. How responsive and helpful is their support team in addressing questions, concerns, or issues that may arise during the trial?
  • Data Migration Testing: If you have existing patient data that needs to be migrated, you can use the trial period to assess the effectiveness and accuracy of the data migration process. This is particularly crucial in ensuring data integrity during the transition.
  • Cost-Benefit Analysis: The trial period can also aid in performing a cost-benefit analysis. You can weigh the costs of implementing the software against the anticipated benefits, such as increased efficiency, improved patient care, and potential cost savings.
  • User Training: Evaluate the EHR vendor’s training and onboarding during the trial. It’s an opportunity to gauge the effectiveness of their training programs and resources in preparing your team to use the software proficiently.
  • Decision Confidence: A trial period ultimately equips you with the confidence to make an informed decision. It minimizes the risk of committing to a system that may not fully meet your practice’s needs or align with your healthcare philosophy.
  • Vendor Commitment: A vendor willing to offer a trial period demonstrates their commitment to ensuring that the software fits your practice. It’s a sign that they prioritize your long-term success and satisfaction.

When conducted thoroughly and thoughtfully, a trial period can be a pivotal step in your EHR software selection process. It helps you make a well-informed decision, minimize risks, and ensure that the EHR system you choose perfectly matches your healthcare practice’s needs and aspirations.

15. Long-Term Costs Evaluation

When selecting the right Electronic Health Record software for your healthcare practice, it’s essential to take a comprehensive view of the costs involved. While the initial expenses are a critical factor, the long-term costs play a significant role in the sustainability and efficiency of your practice.

Here’s an in-depth exploration of why you should assess not just the immediate expenditures but also the long-term financial implications, including ongoing support fees and potential upgrades:

  • Initial Costs: The initial costs of acquiring and implementing an EHR system can be substantial. These costs include the software license, hardware, data migration, training, and customization or integration work. It’s crucial to budget for these expenses and ensure that they align with your practice’s financial capabilities.
  • Support and Maintenance Fees: Beyond the initial implementation, EHR systems typically involve ongoing support and maintenance fees. This includes technical support, software updates, and access to customer service. It’s vital to understand the structure of these fees, whether they are subscription-based, per-user, or based on the size of your practice.
  • Cost of Upgrades: EHR software is subject to continuous improvement and updates. While these upgrades are designed to enhance functionality, security, and compliance, they can also incur additional costs. Assess the vendor’s upgrade policy and pricing to understand the potential long-term financial commitment.
  • Data Storage and Hosting: Consider the costs of data storage and hosting. As your practice grows and accumulates more patient data, you may need to expand your storage capacity or transition to cloud-based hosting, which may have its own pricing structure.
  • Additional User Accounts: If your practice expands and requires more healthcare providers and staff to use the EHR system, this may result in additional user license fees. Assess the scalability and cost implications of accommodating a larger team.
  • Integration Costs: If you integrate your EHR system with other healthcare systems or software, be mindful of the integration costs, both initially and over time. Changes in integrated systems may necessitate updates or adjustments.
  • Compliance Costs: Regulatory requirements in the healthcare industry can evolve, and meeting these standards may require additional investments in compliance-related features or updates to the EHR system.
  • Vendor Lock-In: Be cautious of vendor lock-in, where switching to a different EHR system could be cost-prohibitive due to data migration complexities or contractual obligations. Assess the potential exit costs if you ever need to switch vendors.
  • Total Cost of Ownership (TCO): Calculating the Total Cost of Ownership provides a holistic view of the long-term costs of an EHR system. This includes not only the upfront expenses and ongoing fees but also the potential savings, efficiency gains, and improved patient care that the EHR system can offer.
  • Return on Investment (ROI): Assess the return on investment. Consider the long-term financial benefits of the EHR system, such as improved billing accuracy, reduced administrative overhead, and increased patient volumes, and weigh them against the long-term costs.
  • Budgeting and Financial Planning: Accurate budgeting and financial planning are crucial. Ensure that your practice has a clear understanding of the long-term financial commitment required to maintain and upgrade the EHR system.
  • Vendor Negotiation: Don’t hesitate to negotiate with the EHR vendor, especially regarding support fees and potential upgrades. Understand the contract terms and look for opportunities to align costs with the changing needs of your practice.

By assessing the long-term costs associated with your EHR software, you can make a more informed decision that aligns with your practice’s financial health and sustainability. It’s a strategic approach to ensure that your EHR system not only meets your immediate needs but also remains a cost-effective and valuable asset throughout its lifecycle.


In conclusion, selecting the right Electronic Health Record software for your healthcare practice is a journey that demands careful consideration, meticulous planning, and an unwavering commitment to the well-being of your patients and the efficiency of your operations. Your choice of EHR software isn’t just about digitalizing patient records; it’s about transforming how you deliver care and manage your practice. It’s a decision that influences the quality of patient care, operational efficiency, and your ability to meet the evolving demands of the healthcare landscape.

Throughout this article, we’ve explored a comprehensive guide to help you navigate the complexities of EHR software selection. From defining your goals and assessing your practice’s unique needs to evaluating costs, ensuring regulatory compliance, and seeking a trial period for real-world testing, we’ve covered the essential steps to make an informed decision.

Your journey doesn’t end with the selection, though; it’s an ongoing partnership with your EHR vendor. Training, support, data migration, reporting, and long-term cost assessments all play critical roles in ensuring that your chosen EHR system remains an asset to your practice, now and in the future.

As you embark on this transformative journey, remember that the ultimate goal is to elevate the quality of patient care, improve operational efficiency, and provide a seamless healthcare experience. Your EHR system should be a tool that empowers you to achieve these goals, making your practice more patient-focused and efficient.


Ready for more?

or stop by our instagram icon or linkedin icon to say hello =)

Terms of use



ICure SA is incorporated in Geneva, Switzerland, with a registered office at Rue de la Fontaine 7, 1211 Geneva, Switzerland registered in the commercial registry under CHE-270.492.477 (“iCure”).

These Terms of Use constitute a legally binding agreement made between you, whether personally or on behalf of an entity (“you”) and iCure SA (“we,” “us” or “our”), concerning your access to and use of the https://www.icure.com website as well as any other media form, media channel, mobile website or mobile application related, linked, or otherwise connected thereto (collectively, the “Website”).

When you accept, these Terms form a legally binding agreement between you and iCure. If you are entering into these Terms on behalf of an entity, such as your employer or the company you work for, you represent that you have the legal authority to bind that entity.


iCure may, in its sole discretion, elect to suspend or terminate access to, or use of the iCure to anyone who violates these Terms.

All users who are minors in the jurisdiction in which they reside (generally under the age of 18) must have the permission of, and be directly supervised by, their parent or guardian to use the Website. If you are a minor, you must have your parent or guardian read and agree to these Terms of Use prior to you using the Website.

The original language of these Terms and Use is English. In case of other translations provided by iCure, the English version shall prevail.


The Content of the documentation stated on this Website is ours. All Marks, Content that concern iCure cannot be copied, reproduced, aggregated, republished, uploaded, posted, publicly displayed, encoded, translated, transmitted, distributed, sold, licensed, or otherwise exploited for any commercial purpose whatsoever, without our express prior written permission.

Provided that you are eligible to use the Website, you are granted a limited license to access and use the Website and to download or print a copy of any portion of the Content to which you have properly gained access solely for your personal, non-commercial use. We reserve all rights not expressly granted to you in and to the Website, the Content, and the Marks.


By using the Website, you represent and warrant that:

  1. All registration information you submit will be true, accurate, current, and complete; you will maintain the accuracy of such information and promptly update such registration information as necessary.
  2. You have the legal capacity, and you agree to comply with these Terms of Use.
  3. You are not under the age of 13.
  4. Not a minor in the jurisdiction in which you reside, or if a minor, you have received parental permission to use the Website.
  5. You will not access the Website through automated or non-human means, whether through a bot, script, or otherwise.
  6. You will not use the Website for any illegal or unauthorized purpose.
  7. Your use of the Website will not violate any applicable law or regulation.


You may not access or use the Website for any purpose other than that for which we make the Website available. The Website may not be used in connection with any commercial endeavors except those that are specifically endorsed or approved between you and iCure.

As a user of the Website, you agree not to:

  1. Publishing any Website material in any other media.
  2. Selling, sublicensing, and or otherwise commercializing any Website material.
  3. Publicly performing and or showing any Website material.
  4. Using this Website in any way that is or may be damaging to this Website.
  5. Using this Website in any way that impacts user access to this Website.
  6. Using this Website contrary to applicable laws and regulations, or in any way may cause harm to the Website, or to any person or business entity.
  7. Engaging in any data mining, data harvesting, data extracting, or any other similar activity in relation to this Website.
  8. Using this Website to engage in any advertising or marketing.


This Website is provided “as is,” with all faults, and iCure expresses no representations or warranties, of any kind related to this Website or the materials contained on this Website. Also, nothing contained on this Website shall be interpreted as advising you.


In no event shall iCure, nor any of its officers, directors, and employees shall be held liable for anything arising out of or in any way connected with your use of this Website whether such liability is under this agreement. iCure, including its officers, directors, and employees shall not be held liable for any indirect, consequential, or special liability arising out of or in any way related to your use of this Website.


You hereby fully indemnify iCure from and against any and/or all liabilities, costs, demands, causes of action, damages, and expenses arising in any way related to your breach of any of the provisions of these Terms.


If any provision of these Terms is found to be invalid under any applicable law, such provisions shall be deleted without affecting the remaining provisions herein.


iCure is permitted to revise these Terms at any time as it sees fit, and by using this Website you are expected to review these Terms on a regular basis.


iCure is allowed to assign, transfer, and subcontract its rights and/or obligations under these Terms without any notification. However, you are not allowed to assign, transfer, or subcontract any of your rights and/or obligations under these Terms.


These Terms constitute the entire agreement between iCure and you in relation to your use of this Website and supersede all prior agreements and understandings.


These Terms shall be governed by and construed in accordance with the laws of Switzerland, without regard to its conflict of law provisions.

The parties shall attempt to solve the matter amicably in mutual negotiations. In case of a non-amicable settlement that has been found between the parties, the Court of Geneva will be competent.


Please refer to our Privacy Policy and Cookie Notice for the Data that we collected from the contact form and the Matomo cookie.

iCure SA

Contact: contact@icure.com

Last update: November 2nd, 2022.

Privacy Policy


iCure SA (iCure) is incorporated in Geneva, Switzerland, with a registered office at Rue de la Fontaine 7, 1204 Geneva, Switzerland registered in the commercial registry under CHE-270.492.477.

This Privacy Policy describes the information that we collect through our Website (https://www.icure.com), how we use such information, and the steps we take to protect such information. We strongly recommend that you read the Privacy Policy carefully.


The original language of this Privacy Policy is English. In the case of other translations provided by iCure, the English version shall prevail.

This Privacy Policy is incorporated into and is subject to, the iCure Terms of Use.

1. Definitions

Administrative Data: means Personal Data such as the Name, Email, and Phone in order to perform administrative tasks like Invoicing or contacting the Client (if support is needed).

Cookies: means text files placed on a computer to collect standard internet log information and visitor behavior information. When you visit a website, they may collect information from a computer automatically through cookies or similar technology (for further information please refer to our Cookies Notice, visit allaboutcookies.org.).

Data controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Data processor: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Personal Data: means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Visitor: means the natural person that submits their Personal Data through our contact form; and/or sends us an email; and/or cookies have been implemented.

All other undefined terms used in this Agreement have the meaning from our Terms and Conditions and the General Data Protection Regulation of the Regulation (EU) 2016/679 of 27 April 2016 (GDPR).

2. Concerning your Personal Data

For this website, iCure collects and determines the use and the purpose of any Personal Data uploaded by the visitor, therefore iCure is defined as the Data Controller according to the GDPR.

2.1 Contact Form

iCure collects Administrative Data that the Visitor completed in our contact form available through our Website.

The Administrative Data that Visitor provides to iCure on this contact form are the First name, the last name, the working e-mail address, the name of your organization, and other Personal Data that the Visitor included in the description of its work.

iCure processes these Administrative Data on the lawful basis of the Visitor’s consent (Article 6, 1. a) of the GDPR).

iCure uses these Administrative Data to perform administrative tasks like contacting the Visitor who completed the contact form, to better understand your needs and interests, and to provide you with better service.

2.2 Email

The Visitor can contact iCure through contact@icure.com to get any information about the Company or new job positions. In this email, the Visitor includes his Name, mail address, and any other Personal Data.

iCure processes these Personal Data on the lawful basis of the Visitor’s consent (Article 6, 1. a) of the GDPR).

iCure uses these Personal Data to answer any request from the Visitor and to consider the Visitor’s job application that they sent us by email.

2.3 Newsletters

iCure offers newsletters to provide you with updates, promotional communications, and offers related to our products and services. If you wish to receive our newsletters, we will collect and process your Personal Data for this specific purpose.

iCure processes these Personal Data on the lawful basis of the Visitor’s consent (Article 6, 1. a) of the GDPR). By subscribing to our Newsletters, you explicitly consent to the use of your Personal Data for direct marketing purposes, including the sending of promotional communications and offers by email.

If you do not want your Personal Data to be further processed for direct marketing purposes, you have the right to withdraw your consent at any time, free of charge and without having to provide any justification, by contacting iCure.

3. Security

iCure has implemented appropriate technical and organizational measures to safeguard your Personal Data against any accidental or illicit destruction, loss, modification, deterioration, usage, access, divulgation, and any other unauthorized processing of your Personal Data. We make every effort to protect personal information. However, you should always be careful when you submit personal or confidential information about yourself on any website, including our website.

4. The data retention period and the conditions for deletion

iCure will not retain your Personal Data, as collected, and processed in accordance with this Privacy Policy, for a period longer than necessary to fulfill the purposes described above.

For the Administrative Data from the contact form completed by the Visitor (as described in section 2.1 of this Privacy Policy), these Data shall be stored for a maximum period of 1 month from the completion of the form.

For the Personal Data from the Email completed by the Visitor (as described in section 2.2 of this Privacy Policy), these Data shall be stored for a maximum period of 2 months from the completion of the form.

For the Personal Data from the Newsletters completed by the Visitor (as described in section 2.3 of this Privacy Policy), these Data shall be stored for a maximum period of 11 months from the date of your consent or until you withdraw it.

5. Your rights

You are entitled to access your Personal Data processed by iCure and request their modification or erasure if it is incorrect or unnecessary. To exercise your rights, you may get in touch with iCure by using the electronic contact form available on our website or send a written and signed request to iCure at the email address privacy@icure.com with a copy of your ID or other identification documents, and any document proving that you are the data subject.

In general, where applicable, you also have the right to withdraw consent to the processing at any time. This withdrawal does not affect the lawfulness of processing based on consent made prior to such withdrawal. In certain cases, you also have the right to data portability. Those rights can be exercised by following the abovementioned procedure.

You have the right to lodge a complaint with a supervisory authority, in the Member State of the European Union of your usual place of residence, your place of work, or the place where the violation occurred, if you consider that the processing of personal data relating to you infringes Data Protection Law.

Please, note that the term of processing of such request can take up to one month. Contact: privacy@icure.com

6. Modification

iCure expressly reserves the right to modify this Privacy Policy and you undertake to regularly review the Privacy Policy. By amending the Privacy Policy, iCure will consider your legitimate interests. You will receive a notification if the Privacy Policy is modified. By continuing to actively use the iCure Services after such notification, you acknowledge that you have read the modifications to the Privacy Policy.

7. Information Sharing

Our employees and/or authorized contractors are the people in charge of the Data Processing.

iCure does not sell, rent, or lease any individual’s personal information or lists of email addresses to anyone for marketing purposes, and we take commercially reasonable steps to maintain the security of this information.

However, iCure reserves the right to supply any such information to any organization into which iCure may merge in the future or to which it may make any transfer in order to enable a third party to continue part or all of its mission.

We also reserve the right to release personal information to protect our systems or business when we reasonably believe you to be in violation of our Terms of Use and Privacy Policy or if we reasonably believe you to have initiated or participated in any illegal activity.

In addition, please be aware that in certain circumstances, iCure may be obligated to release your personal information pursuant to judicial or other government subpoenas, warrants, or other orders.

8. Links to other Websites

This Website may provide links to third-party websites (Instagram and Linkedin) for the convenience of our users. If you access those links, you will leave this website. iCure does not control these third-party websites and cannot represent that their policies and practices will be consistent with this Privacy Policy. For example, other websites may collect or use personal information about you in a manner different from that described in this document. Therefore, you should use other websites with caution and do so at your own risk. We encourage you to review the privacy policy of any website before submitting personal information.

9. Cookies

To get more information on how iCure uses Matomo’s cookies, please check our Cookie Notice.

10. Contact

Please contact us with any questions or comments about this Policy, your Personal Data, and our use and disclosure practices by email at privacy@icure.com If you have any concerns or complaints about this Policy or your Personal Data, you may contact our DPO at privacy@icure.com.

Please, note that the term of processing of such request can take up to one month.

iCure SA

Contact : privacy@icure.com

Last update: July the 26th, 2023.

Information Security Policy


1. Introduction

The iCure universe is built on trust. Guaranteeing the confidentiality of the data that are entrusted to us is our highest priority.

The Information Security Policy of iCure abstracts the security concept that permeates every activity and abides by the ISO 27001:2013 requirements for Information Security, so that we ensure the security of the data that iCure and its clients manage.

Every employee, contractor, consultant, supplier and client of iCure is bound by our Information Security Policy.

2. Our Policy

iCure is committed to protecting the confidentiality, integrity and availability of the service it provides and the data it manages. iCure also considers protecting the privacy of its employees, partners, suppliers, clients and their customers as a fundamental security aspect.

iCure complies with all applicable laws and regulations regarding the protection of information assets and voluntarily commits itself to the provisions of the ISO 27001:2013.

3. Information Security Definitions

Confidentiality refers to iCure’s ability to protect information against disclosure. Attacks, such as network reconnaissance, database breaches or electronic eavesdropping or inadvertent information revealing through poor practices.

Integrity is about ensuring that information is not tampered with during or after submission. Data integrity can be compromised by accident or on purpose, by evading intrusion detection or changing file configurations to allow unwanted access.

Availability requires organizations to have up-and-running systems, networks, and applications to guarantee authorized users’ access to information without any interruption or waiting. The nature of data entrusted to us requires a higher-than-average availability.

Privacy is the right of individuals to control the collection, use, and disclosure of their personal information. Our privacy policies are based on the GDPR(https://gdpr-info.eu/) and can be augmented by added requirements of specific clients or law areas.

4. Risk Assessment

The main threats iCure is facing as a company are:

  1. Data Theft;
  2. Data Deletion;
  3. Denial of Service attacks;
  4. Malware;
  5. Blackmail and Extortion.

As providers of a solution used by developers active in Healthcare, we also have to anticipate the risks of:

  1. Attacks on our clients’ data, which could lead to major social damages and a loss of trust in our solution;
  2. Abuse of our solution by ill-intentioned clients, that could impact the quality of the service provided to the rest of our clients.

The motivation of the attackers in the latter cases can range from financial gain to political or ideological motivations.

A last risk is linked to the nature of the healthcare data we handle. We must ensure, that the data we handle are not used for purposes other than those for which they were collected:

A piece of data collected from a patient for the purpose of a medical consultation should not be available to third parties, not even a government agency.

5. Risk Management

The main principles we apply to manage the risks we face are:

  1. Confidentiality by design: All sensitive data is encrypted end-to-end before being stored in our databases. We do not have any access to the data we store. Our client’s customers are the only ones who can decrypt the data we store.
  2. Anonymization by design: Healthcare information that has to be stored unencrypted is always anonymized using end-to-end encryption scheme. This means that the link between the healthcare and administrative information must be encrypted.

Those two principles allow us to minimize the risks of data theft, blackmail, extortion, and coercion by government agency.

  1. Multiple real-time replicas, with automatic failover: We use a distributed database architecture to ensure that our data is available at all times. We use a master-master architecture, each data is replicated at least 3 times. Snapshots are taken every day to ensure that we can restore the data in case of a malevolent deletion event.
  2. Automatic password rotations: no single password can be used for more than 48 hours. Passwords are automatically rotated every 24 hours. In case of a password leak, we can limit the window of opportunity for an attack.

Those two principles allow us to minimise the risks of data deletion, denial of service attacks, and malware.

  1. Minimization of the attack surface: we deploy our systems in the most minimal way. We only expose the network services that are strictly necessary.
  2. Strict dependency management: we only use open-source software that is regularly updated and audited by the community. We favor dependency management software and providers that minimize the risk of supply chain poisoning.

Those two principles allow iCure to minimise the risks of intrusion by vulnerability exploit or supply chain attacks, two risks that could lead to data theft or data deletion.

6. Further Information

This policy is valid as of November 10th, 2022. For futher information please connect with us at privacy@icure.com


iCure SA

Rue de la Fontaine 7, 1204 Geneva, Switzerland


This website uses cookies

We use only one cookie application for internal research on how to improve our service for all users. It is called Matomo, and it stores the information in Europe, anonymized and for limited time. For more details, please refer to our and .