Which EHR feeds the Swiss EPR ? The 4 decisive criteria in 2026

The essentials in 30 seconds

‍

Swiss healthcare institutions face a defining decision: which Electronic Health Record (EHR) system to deploy for the next ten years. The pressure comes from three directions at once. Regulatory pressure stems from the new Swiss Federal Act on Data Protection (nFADP), the eHealth Switzerland strategy and the ongoing deployment of the Electronic Patient Record (EPR). Operational pressure comes from the persistent shortage of healthcare workers. And security pressure is driven by the surge in cyberattacks targeting hospitals.

The EHR sits at the centre of this equation. It is the system that produces, structures and transmits clinical data, including to the EPR. A poorly chosen EHR does not simply slow teams down. It blocks the institution's ability to participate in Switzerland's national digital health infrastructure.

Galeon currently works alongside 19 hospitals including 2 university hospitals, managing over 3 million patient records with more than 10,000 active caregivers on the platform. This field experience, combined with a blockchain and AI architecture, makes it possible to identify the four criteria that genuinely determine the quality of an EHR choice for a Swiss hospital CIO or CEO.

This article examines each criterion in detail, benchmarks them against market practices, and provides a practical decision framework.

EHR and EPR: two distinct tools that must work together

Before examining selection criteria, it is worth clarifying a distinction that is routinely blurred in procurement discussions.

The EHR (Electronic Health Record) is the hospital's internal clinical management system. It contains the full patient record produced within the institution: medical history, diagnoses, prescriptions, lab results, nursing notes. It is managed by the hospital, for the hospital.

The EPR (Electronic Patient Record), established under the Swiss Federal Act on the Electronic Patient Record (EPRA), is the patient's digital health passport. It is accessible to all authorised healthcare professionals, regardless of their institution. It does not replace the EHR. It receives relevant information from it.

An EHR is not an EPR. But a good EHR is one that feeds the EPR fluently, securely and in compliance with national standards.

This is where EHR quality becomes strategic. A system that cannot connect to the EPR via HL7 FHIR creates care coordination gaps, generates growing regulatory exposure, and progressively excludes the institution from Switzerland's national digital health ecosystem.

Why has automated act coding become essential in Switzerland?

Medical act coding is the backbone of Swiss hospital billing. Every uncoded or incorrectly coded act represents a direct revenue loss for the institution, as well as additional workload for caregivers who are already stretched.

What is automated act coding?

Automated coding means associating TARMED, SwissDRG or CHOP codes with the acts documented in the EHR, in real time or at the end of a consultation. An AI analyses clinical notes, diagnoses and prescriptions to automatically suggest the most relevant codes, which the caregiver then validates or corrects with a single click.

In Switzerland, the complexity is compounded by the coexistence of multiple billing systems depending on the type of care: outpatient, inpatient and psychiatric. An EHR without an intelligent coding module quickly becomes an administrative burden, and coding discrepancies between institutions remain a documented reality acknowledged by hospital federations.

What concrete benefits can an AI-powered EHR deliver on coding?

• Significant reduction in administrative workload related to code entry and verification
• Detection of coding inconsistencies before submission to the insurer, limiting billing disputes
• Improved traceability of acts and better data quality submitted to national registries
• More time for caregivers to focus on high-value clinical tasks

For CIOs, the key criterion is native integration of the coding engine within the EHR. A bolted-on external module multiplies friction points and synchronisation error risks.

How should an EHR protect a hospital against cyberattacks?

Hospitals have become prime targets for cybercriminals. The Federal Office for Cybersecurity (OFCS) recorded nearly double the number of cyber incidents in the second half of 2023 compared to the same period in 2022, with 30,331 incidents reported against 16,951 (source: OFCS Semi-Annual Report 2023/2). The underlying trend is clear and shows no sign of reversing.

The healthcare sector is particularly exposed. According to an IBM study cited by Swiss public broadcaster RTS, a medical file can sell for more than 300 Swiss francs on the dark web, far above the value of a credit card. This intrinsic value of medical data explains the intensity with which hospitals are being targeted.

The question is no longer whether a hospital will be attacked, but when, and whether it will be able to continue delivering care during the incident.

Which EHR architectures best withstand ransomware attacks?

Centralised architectures, built around a single server and a single database, carry systemic risk: one successful attack can paralyse the entire system. Decentralised architectures, by contrast, limit the attack surface.

• Monolithic centralised architecture: a single point of compromise is enough to shut down the entire hospital
• Microservices architecture: data is compartmentalised, so compromising one module does not affect the others
• Decentralised blockchain architecture: data is distributed across multiple nodes, making it impossible for any attacker to encrypt it in its entirety

In Galeon's architecture, data never leaves the hospital's own servers. This is the founding principle of Blockchain Swarm Learning® and the primary line of defence against ransomware.

What resilience criteria should be required in a tender?

• Recovery Time Objective (RTO) contractually guaranteed in the event of an incident
• A Business Continuity Plan (BCP) that is tested annually
• Data encryption at rest and in transit (AES-256 minimum)
• Immutable logging of all actions via a blockchain audit trail
• ISO 27001 certification held by the vendor

The US Cloud Act: why data sovereignty is a concrete Swiss issue

The question of where health data is hosted is routinely pushed to the bottom of selection criteria. For any Swiss institution, this is a major strategic mistake.

What is the Cloud Act and why does it concern Swiss hospitals?

The Clarifying Lawful Overseas Use of Data Act, signed into law in the United States in 2018, allows US authorities to demand access to data held by any US-based company, regardless of where that data is physically stored. In practice:

• An EHR hosted on AWS, Microsoft Azure or Google Cloud, even in a European data centre, is subject to US law
• Swiss patient data can theoretically be disclosed to US authorities without any prior Swiss judicial authorisation
• This situation directly conflicts with the nFADP (Switzerland's new Federal Act on Data Protection, in force since September 2023) and with the principle of medical data sovereignty

Hosting an EHR on a US cloud is effectively signing away your patients' data to US jurisdiction. Digital sovereignty is not optional in Switzerland. It is a legal requirement.

What sovereign alternatives exist for Swiss hospitals?

• On-premise hosting on the institution's own servers
• Swiss sovereign cloud providers such as SWITCH or Exoscale, which fall outside Cloud Act jurisdiction
• A decentralised inter-hospital blockchain architecture in which each institution hosts its own data locally

Galeon chose this third approach. In the Blockchain Swarm Learning® model, data remains physically on each hospital's own servers. Only the AI models travel between nodes to be trained in a decentralised manner. The raw data never moves.

How does an EHR connect to the Swiss EPR?

EPR connectivity has become the most structurally significant technical criterion for Swiss hospitals. An EHR that cannot feed the EPR does not just create a coordination gap. It progressively excludes the institution from a national infrastructure that is becoming legally mandated.

What is the standard for connecting an EHR to the Swiss EPR?

Since June 2025, HL7 FHIR interfaces are legally anchored in Swiss legislation for EPR connectivity (source: eHealth Switzerland, Status of the EPR, 2025). Any EHR seeking to feed the EPR must implement this standard. It is the protocol that allows clinical data produced within the hospital to be transmitted in a structured, readable format to the patient's EPR.

• HL7 FHIR R4: exchange standard for clinical data including diagnoses, prescriptions and lab results
• IHE XDS / XUA: protocol for sharing medical documents within the EPR
• SNOMED CT / LOINC / ICD-11: standardised medical terminologies for coding pathologies

An EHR without native HL7 FHIR compliance cannot properly feed the EPR. This is a regulatory constraint, not just a technical one.

Why is EHR-to-EPR connectivity critical for care continuity?

In Switzerland, a patient with a chronic condition is typically treated by multiple professionals: a GP, specialists, a hospital team, a pharmacist and a laboratory. The EPR exists precisely so each of these professionals has access to the relevant clinical information at the right moment. If the hospital's EHR does not transmit its data to the EPR, the entire coordination chain breaks down.

The concrete risks of an EHR not connected to the EPR include:

• Redundant diagnostic examinations due to lack of access to existing results
• Risk of medication errors stemming from an incomplete picture of the current treatment plan
• Inability for the GP to access hospital discharge summaries or clinical reports
• Growing non-compliance with EPRA requirements and the DigiSanté 2025-2034 strategy

How can EPR compatibility be verified in a tender process?

• Is the EHR certified for connection to the Swiss EPR?
• Does it offer a documented RESTful HL7 FHIR R4 API?
• Does it support the IHE profiles required under EPRA (XDS, XUA, PIX, PDQ)?
• Does it provide a monitoring dashboard for EPR data transmission flows?
• Has it participated in eHealth Switzerland interoperability testing events (EPR Projectathon)?

Traditional EHR vs AI/Blockchain EHR: a comparative overview

What limits and challenges should be anticipated when deploying an AI-powered EHR?

An informed EHR decision requires an honest look at the real challenges of deployment. Here are the five main limitations that every CIO should plan for.

1. Change resistance among clinical teams

Adopting a new EHR inevitably creates a period of friction. Caregivers who have worked with one system for years resist new interfaces. Change management, including training programmes, internal champions and a phased rollout, represents a significant and often underestimated share of the true cost of an EHR migration.

2. Historical data migration

Moving millions of patient records from one system to another without data loss or clinical continuity disruption is technically complex. The quality of the source data, which is often incomplete, poorly structured or locked in proprietary formats, is typically the first obstacle. A realistic migration timeline must be negotiated contractually before any agreement is signed.

3. Uneven HL7 FHIR maturity across Switzerland

Although HL7 FHIR has been legally mandated since June 2025, real-world implementation remains inconsistent across cantons and vendors. A system that claims EPR compliance on paper may still have significant implementation gaps. Testing EHR-to-EPR data exchange flows under real conditions before signing any contract is essential.

4. Total Cost of Ownership that is hard to predict

The listed licence price represents only a fraction of the true cost. Licences, maintenance, hosting, training, customisations and third-party integrations can significantly exceed the initial budget. Requiring a detailed five-year TCO breakdown is non-negotiable in any serious procurement process.

5. Data governance in a multi-hospital model

When an EHR is shared across multiple institutions, as it is in the Galeon model, governance becomes a central question. Who decides how aggregated data is used? Which hospital has oversight over which information? These rules must be contractually defined before any deployment begins.

‍

FAQ

What is the difference between an EHR and the Swiss EPR?

The EHR (Electronic Health Record) is the hospital's internal clinical management software. It holds the complete patient record produced within the institution and is operated by the hospital. The EPR (Electronic Patient Record) is the patient's digital health passport, accessible to all their authorised healthcare professionals regardless of institution. The two are complementary: the EHR generates the data, the EPR shares it. A hospital cannot replace its EHR with an EPR, or vice versa.

Can an EHR feed the EPR without HL7 FHIR certification?

Not reliably. Since June 2025, HL7 FHIR interfaces are legally mandated for EPR connectivity in Switzerland. An EHR that does not support this standard cannot transmit structured, compliant data to the EPR. Workarounds exist but generate high maintenance costs and increasing regulatory exposure as EPR requirements expand toward the future Electronic Health Record (EHR) framework under DigiSanté 2025-2034.

Is AI act coding reliable enough for SwissDRG billing?

AI coding engines now achieve high accuracy on routine acts, but they do not replace the final clinical validation step. What they do is make that validation faster and more efficient. For SwissDRG, the AI suggests the most probable DRGs based on clinical data documented in the EHR. The real gain is measured in reduced verification time and fewer billing rejections.

Is a Swiss hospital legally required to choose Swiss-based hosting?

The nFADP does not explicitly prohibit hosting abroad, but it requires equivalent data protection guarantees. In practice, hosting in the United States exposes the institution to the Cloud Act, which conflicts with the principles of the nFADP and the position of the Swiss Federal Data Protection and Information Commissioner. Hosting in Switzerland or within the EU under GDPR is strongly recommended by legal specialists in digital health law.

What is Galeon's Blockchain Swarm Learning® and why does it matter for security?

Blockchain Swarm Learning® (BSL®) is a proprietary Galeon architecture in which medical data remains on each hospital's own servers and is never centralised. Only the AI algorithms travel between nodes to be trained. This approach eliminates the single point of failure, neutralises the Cloud Act risk, and allows hospitals to be compensated via the $GALEON token for their contribution to training data.

What is a realistic deployment timeline for a new EHR in a hospital?

It varies considerably depending on the size of the institution, the quality of existing data and the scope of the rollout. A phased approach by department, covering emergency, internal medicine and surgical wards in sequence, helps limit operational risk and allows lessons to be learned before full deployment. Historical data migration and staff training are consistently the longest phases.

How is Galeon currently deployed across hospitals?

Galeon is active in 19 hospitals including 2 university hospitals, managing over 3 million patient records with several thousand caregivers on the platform. Deployment follows a progressive, department-by-department approach, with dedicated Galeon staff embedded in local teams during the transition phase. The platform is designed to integrate with existing systems via API, avoiding any abrupt replacement of the existing IT ecosystem.

In summary: the 4 non-negotiable criteria for an EHR that feeds the Swiss EPR in 2026

Choosing an EHR in Switzerland in 2026 means choosing the central system that feeds the EPR, protects patient data and structures the daily work of thousands of caregivers. The four decisive criteria—automated act coding, resilience to cyberattacks, data sovereignty in light of the Cloud Act, and HL7 FHIR compliance for EPR connectivity—form an inseparable foundation. A system that excels on one and falls short on another exposes the institution to significant operational, legal or financial risk.

AI and decentralised blockchain solutions like Galeon are structurally designed to meet all four requirements. AI coding reduces the administrative burden. The BSL® architecture neutralises ransomware threats. Local hosting guarantees sovereignty. And HL7 FHIR APIs enable seamless EPR connectivity and care continuity between institutions.

Galeon already works with 19 hospitals including 2 university hospitals, with over 3 million patient records under management. The proof of concept is established. This is no longer a technology bet. It is a maturity decision for CIOs and hospital directors who want to build the hospital of tomorrow without compromising the security and sovereignty required today.

A well-chosen EHR does not simply manage the patient record. It feeds the EPR, protects data and prepares the hospital for the medicine of tomorrow.

‍

Sources

Cybersecurity

• Federal Office for Cybersecurity (OFCS), Semi-Annual Report 2023/2, published 6 May 2024. Cyber incidents reported: 30,331 in H2 2023 vs. 16,951 in H2 2022.
• RTS / IBM study, Medical data increasingly vulnerable to cyberattacks, December 2023. A medical file can sell for over CHF 300 on the dark web.

Data sovereignty and the Cloud Act

• CLOUD Act (Clarifying Lawful Overseas Use of Data Act), US federal law enacted 23 March 2018. Authorises extraterritorial access to data held by US-incorporated companies.
• CNIL, Cloud: the risks of a European certification framework allowing foreign authorities to access sensitive data. Outlines Cloud Act risks for health data hosted with US-law providers.

Data protection in Switzerland

• Swiss Confederation, New Federal Act on Data Protection (nFADP), in force since 1 September 2023.

PED, interoperability and standards

• eHealth Switzerland, Exchange formats: data structuring. Adoption of HL7 FHIR for the Patient Electronic Dossier (PED).
• eHealth Switzerland, Status of the PED in Switzerland, 2025. HL7 FHIR legally mandated since June 2025 as the basis for the future Electronic Health Record framework.
• Federal Office of Public Health (FOPH) / eHealth Switzerland, Electronic health record: technical aspects, 2025. IHE (FHIR), HL7 and SNOMED standards applied to the PED.
• DigiSanté Programme 2025-2034, National strategy for digital transformation in healthcare, Swiss Confederation. Built on HL7 FHIR, IHE and SNOMED CT standards.

‍