Records management with

360 Documents

Product features

Conformance with ISO 15489-1:2016 and GeBüV

Swiss legal retention periods for medical records and patient files and documents


Last update: 17 May 2025

"It is widely accepted that incorrect or missing entries in medical records have a negative impact on litigation and make it easier for patients to build a case"

Definition and typology


The Swiss Medical Association FMH stipulates in its Code of Professional Conduct, which is binding for all members, under Art. 12 entitled "Duty to take and keep records" (here) that "doctors must keep adequate records about the observations made and any measures taken in the exercise of their profession. They must be kept for at least 20 years following the last entry".


In addition, in Switzerland the relationship between doctor and patient is subject to the provisions of the simple mandate as stated in the FMH Guidelines: Legal Principles in Everyday Medical Practice (here): "As a service provider, the doctor is accountable to the patient at all times (cf. Art. 400 para. 1 CO). He must keep a proper medical history. The recordkeeping duty also ensues from the FMH Code of Professional Conduct and from cantonal healthcare laws" (ibid., p. 36).


In Switzerland, the medical recordkeeping duty in the form of a patient record includes in particular:


  • Documentation of the medical data and facts that are relevant to the medical treatment (BGE 141 III 363)
  • Preparation of medical reports to ensure proper treatment, in particular in the case of treatment by several doctors or a transfer to another doctor
  • Records to secure documentary evidence in the event of claims alleging medical malpractice made by patients
  • Documents about the treatment: Diagnosis, X-rays, laboratory results, medical imagery, (electronic) prescriptions, eMediplans (here), nursing reports, surgery reports, surgery videos, outpatient hospital reports, etc.
  • Correspondence with other healthcare providers
  • Documented (signed) patient briefing and informed patient consent with date and content of the briefing discussion (duty to provide information in accordance with Art. 10 FMH Code of Professional Conduct, BGE 133 III 121)


Medical records may be kept electronically if it can be established at any time who made which entries and when, and unauthorized persons do not have access. Unauthorized persons are all persons such as medical practice assistants (MPA), office staff etc. who are not involved in the treatment.


Backup copies of medical records must be made continuously or at least regularly and stored in a different location protected from unauthorized access - known as offsite backups (here). The FMH generally recommends ensuring all patient data and all persons accessing medical records be located in Switzerland.


It is widely accepted that incorrect or missing entries in medical records have a negative impact on litigation and make it easier for patients to build a case.


Swiss Electronic Patient Record (EPR)


The electronic patient record (EPR) is a Swiss sharing platform for data and documents relating to physical health, to which patients can grant their doctors access (here). In its essence, the Swiss patient record is nothing other than an audit-proof archive in the cloud that can be accessed from anywhere and to which both doctors and data subjects can upload files. That said, the electronic patient file does not release doctors from their duty to keep their own medical histories.


The electronic patient dossier is ideal for storing the dated and signed living will (here) for quick access in medical emergency situations without having to go through the insurance card (Art. 370 - 373 CC).


The Swiss Ordinance on the Electronic Patient Record (here) stipulates the following retention obligations for the EPR:


  • The medical data collected by healthcare professionals in the electronic patient record must be destroyed after 20 years (Art. 10 para. 1 EPRO)
  • The data repositories must be located in Switzerland and be subject to Swiss law (Art. 12 para. 5 EPRO)
  • Logging of access: All accesses must be logged and the data in the access log must be accessible for 10 years without being able to be deleted


Swiss retention periods for medical records


Since 2023, the statutory minimum retention period for patient files (treatment records and medical histories) has been 20 years in many Swiss cantons. This is because the new Swiss tort law provides for a prescription period of 20 years for claims arising from medical malpractice:


"Claims for damages or satisfaction arising from personal injury or death of a person in breach of contract shall prescribe after 3 years from the day on which the injured party became aware of the damage, but in any case after 20 years from the day on which the harmful conduct occurred or ceased" (Art. 60 para. 1bis, Art. 128a CO).


In practical terms, this means that under civil law, medical practitioners can now be held liable for 20 years for gross misconduct. If the patient history is no longer available or is incomplete, there is no possibility of defense or exoneration in the event of liability claims.


Simultaneously, it is required under Swiss data protection law in the area of patient data (here) that patient files no longer needed for medical or evidentiary purposes be regularly deleted (pruned).

Quick start

Ingestion: Upload, Outlook, scanner

Data acquisition

OCR technology: text recognition

Text recognition

Indexation along your folder structure

Indexation

Full-text search with results highlighting

Full-text search

Product features of 360 Documents

Business logic


  • Capture documents and associated metadata: Via simple upload, drag & drop from Outlook, bulk scanning or via API calls
  • Support of over 100 file extensions: Ingest and display documents in commonly used file formats
  • File sharing: Give internal and external access, set passwords and link expirations
  • Capture email attachments: As linked records or as a single compound record
  • Import digital records and associated metadata: Migrate directly from an external application, either in bulk or individually
  • Date of origination: When migrating, set a retention trigger predating a record's creation in 360 Documents
  • Link workflows associated with records: Annotate records, validate metadata, post "To do" entries, sign with Swiss and EU electronic signatures
  • Duplicate records: Use them in multiple business contexts (for example, in both the accounting and HR department)
  • Lifecycle management: Produce reports on records capture, usage and disposal
  • Website archiving

Usability


  • Hands-on in-app documentation in 4 languages including the foundations of records mangement
  • Full-text enterprise search: Advanced filtering, keyword and synonyms search in EN, DE, FR, IT
  • OCR and business data extraction: Industry-leading computer vision stack with high confidence scores
  • Data extraction at scale: Automatically detect and capture pre-existing metadata
  • Automatic document recognition: Detect over 30 document types (invoices, Swiss QR bills, IDs, tickets)
  • Business intelligence: Translate, summarize and question PDFs across all major LLMs
  • Contextual metadata service: Define and capture custom metadata
  • Metadata templates: Capture entity metadata according to one or several pre-determined templates
  • Validate custom metadata values against syntactical standards (booleans, enums, numbers, strings, URLs, phones, timestamps)
  • Classification service: Associate records and folders to their business context (for example, Accounting, HR, Sales, AML, etc.)
  • Create, manage and maintain business classes

Regulatory


  • Global compliance: ISO 15489-1:2016, ISO 16175-1:2020, DoD 5015.2-STD, MoReq2010
  • Swiss compliance: CO, GeBüV, FADP, eCH-0026, eCH-0038, eCH-0160, eCH-0164 (Swiss disposal schedules come preconfigured)
  • Disposal scheduling service: Allocate legal retention periods for records and folders, modify and replace existing disposal schedules to meet new legal or business demands
  • Retain residual metadata after record disposal: As stipulated by applicable jurisdictional standards
  • FADP compliance: Comply with Art. 25 et seq. of the Swiss Data Protection Act ("Rights of the Data Subject"), especially in terms of being able to provide information about "the retention period for the personal data"
  • Legal holding service: Pause record disposal preventing records from being disposed of during lawsuits, audits or governmental inquiries
  • Transfer records of continuing value together with their metadata to a public archive
  • Retention triggers: date of creation / origination, from last addition to folder timestamp, from folder closed timestamp, customized triggers

Security


  • User and user group service: Apply security and access restrictions on record, folder, document type and business class level ensuring that only authorized agents can access records
  • Historical user data: Trace all actions of all past users of 360 Documents
  • Model role service: Assign user roles choosing from over 200 function definitions (FND)
  • Security logging: Create and maintain access, usage and security metadata, generating event logs for each system interaction
  • Object lock: Protect records from any alteration on network level
  • Generate checksums to support integrity and duplicates detection
  • Authenticate users via 2FA before giving access
  • Perform malware detection when uploading files
  • Swiss data centers in compliance with ISO 27001 and FINMA requirements
  • 3-2-1-Backup: Regular backups offline on tape in Switzerland to prevent ransomware

Related content


360core archiving Add-in on Microsoft AppSource (here)



Federal Office of Public Health FOPH (2025) Right of Access to Case File (here)


FMH / Schweizerische Akademie der Medizinischen Wissenschaften - SAMW (2020) Rechtliche Grundlagen im medizinischen Alltag. Ein Leitfaden für die Praxis (here)


FMH (2023) IT-Grundschutz für Praxisärztinnen und Praxisärzte 11 Empfehlungen (here)


FMH (2023) Leitfaden für die Aufbewahrung und Archivierung (here)


FMH (2023) Standesordnung der FMH (here)


FMCH (2019) Richtlinien der FMCH für die Patienten-Aufklärung (here)


Swiss Federal Data Protection and Information Commissioner (2025) Patient records - inspection, storage and deletion of patient data (here)


Swiss Ordinance on the Electronic Patient Record (2023) (here)


SRF News (2023) Digitales Gesundheitswesen - Das elektronische Patientendossier: Was Sie wissen müssen (here)

Introduce 360 Documents in our healthcare facility