We're on Medica 2023, come say "hi" and connect in Hall 12, Booth E53-03!

Back to blog

Developing a HealthTech application is not just about writing code

It requires a comprehensive understanding of healthcare requirements, strict adherence to compliance standards, and the need to ensure the privacy and security of sensitive health data.

Let’s explore how to plan, build and promote a HealthTech app in 2023.

post illustration

Step 1: Identify the Problem and Target Audience

The first step in creating a HealthTech app is to identify the healthcare problem you want to solve. This could be anything from simplifying patient record management to enhancing patient-doctor communication.

Once you know the problem, you’ll need to understand your target audience. This audience could be patients, healthcare providers, or other healthcare professionals. Comprehensive market research will help you understand your target audience’s needs, preferences, pain points, and habits.

Step 2: Scope the Functionality

After identifying the problem and analyzing your target audience, it’s important to define the specific functionalities that your HealthTech app will offer. The functionalities you choose should address the identified problem and cater to the needs of your target audience.

Here’s how you can effectively scope the functionality of your app:

  • Identify Key User Needs: Analyze the pain points and challenges faced by your target audience. Understand their requirements, preferences, and usage behaviors related to healthcare services.

  • Prioritize Core Functions: Determine the core functionalities that directly address the identified problem and are essential for your app’s success. Prioritize features that align with your app’s value proposition and have the greatest impact on solving the problem at hand.

  • User-Centric Design: Design the functionality of your app with a user-centered approach. Ensure that the features are intuitive, easy to use, and aligned with user expectations.

  • Integration with External Systems: If applicable, consider the need to integrate your HealthTech app with external systems, such as electronic health records (EHR) or other healthcare databases.

  • Feedback and Iteration: Involve your target audience and potential users in the scoping process. Conduct surveys, interviews, or focus groups to gather feedback on the proposed functionalities.

  • Competitor Analysis: Analyze similar HealthTech apps in the market to understand their functionality and identify any gaps or unique features that can differentiate your app.

Remember, scoping the functionality of your HealthTech app is a critical step that directly impacts its usability, user adoption, and success in the market.

By focusing on user needs, prioritizing core functions, designing for scalability, and gathering feedback, you can create an app with functionality that serves the needs of your target audience and aligns with their usage behaviors.

Step 3: Consider Compliance and Privacy

Compliance and privacy are critical considerations in the development of HealthTech apps. Adhering to regulatory requirements and prioritizing data protection is paramount to ensure user trust and legal compliance.

Here are the key steps to consider:

  • Understand the Regulatory Landscape: Familiarize yourself with the regulatory frameworks applicable to HealthTech apps in your target market. Some important regulations to consider include the General Data Protection Regulation (GDPR) for European users, the Health Insurance Portability and Accountability Act (HIPAA) for handling protected health information in the United States, and specific medical device regulations if your app qualifies as a medical device. You should also make sure you’re aware of any regional legislation in regards to regulations.

  • Risk Assessment: Conduct a thorough risk assessment to identify potential vulnerabilities and risks to data security and privacy. Assess the potential impact and likelihood of various threats such as unauthorized access, data breaches, or data loss.

  • Privacy and Data Protection: Prioritize privacy and data protection throughout your app’s development lifecycle. Implement measures such as anonymization and encryption of sensitive data, user consent mechanisms, and granular access controls. Clearly communicate your data handling practices and privacy policy to users, ensuring transparency in how their data is collected, stored, and processed.

  • Strong Security Measures: Implement robust security measures to protect user data and prevent unauthorized access. Regularly conduct security testing and vulnerability assessments to identify and address any weaknesses. Ensure secure data storage practices, including encryption of data at rest and in transit. Develop an incident response plan to effectively handle security incidents and data breaches.

  • High-Quality Standards: Maintain high-quality standards by conducting comprehensive testing and usability assessments. Conduct regular security audits and penetration testing to proactively identify vulnerabilities and address them promptly.

  • Documentation and Record-Keeping: Maintain proper documentation and records of your compliance-related activities as well as the register of activities concerning the processing of personal data. This includes privacy policies, consent forms, security measures, risk assessments, and any compliance audits or reviews conducted.

  • Regular Audits and Compliance Reviews: Conduct regular audits and compliance reviews to ensure ongoing adherence to regulatory requirements. Assess your app’s compliance status, identify any gaps or areas for improvement, and take corrective actions as needed.

  • Team Training and Collaboration: Train your development team on compliance requirements and best practices for handling user data. Collaborate with compliance experts or legal advisors to ensure your app meets the necessary regulatory standards.

  • Stay Updated: Stay informed about changes in regulations and industry best practices. Continuously monitor updates to GDPR, HIPAA, and other relevant regulations to ensure your app remains compliant.

By considering compliance and privacy from the early stages of development and implementing strong security measures, you can develop a HealthTech app that prioritizes data protection, privacy, and regulatory compliance. This not only safeguards user trust but also ensures legal compliance and mitigates potential risks associated with data breaches or regulatory penalties.

To navigate this complex terrain, consider consulting with a healthcare compliance expert or choose an already compliant solution for building your next HealthTech app, like iCure.

Step 4: Create Wireframes

Wireframes play a crucial role in the development of your HealthTech app as they serve as the blueprint for its structure, layout, and flow. They provide a visual representation of the various screens and elements within your app, helping you plan and organize its user interface effectively.

When designing wireframes for your HealthTech app, it is important to prioritize usability and user experience. Remember that your target audience may vary in age and technological proficiency, ranging from young adults to seniors. Therefore, it’s crucial to consider the needs and preferences of different user groups when creating wireframes.

Step 5: Choose Your Tech Stack

Selecting the right tech stack is a crucial step in the development of your HealthTech app.

Your tech stack encompasses the programming languages, frameworks, and tools that you will utilize to build your application. The choice of your tech stack should consider factors such as your budget, the complexity of your app, and the target platform (iOS, Android, or web).

Consider the following points when choosing your tech stack for your HealthTech app:

  • Platform Compatibility: Determine the platform(s) on which you intend to launch your app. If you plan to target multiple platforms, a cross-platform framework like React Native could be a suitable choice.

  • Native Development: For iOS-specific apps, Swift is the recommended programming language, as it is specifically designed for developing applications on Apple’s ecosystem. On the other hand, for Android apps, you can choose between Java and Kotlin.

  • Scalability and Future Growth: Consider the scalability of your chosen tech stack. As your HealthTech app evolves and gains more users, you may need to introduce new features or scale your infrastructure to handle increased demand. Ensure that your tech stack can accommodate future feature additions and handle a growing user base without compromising performance or stability.

  • Developer Resources and Community Support: Assess the availability of resources, documentation, and developer community support for your chosen tech stack. Robust community support can also contribute to faster development cycles and help you stay updated with the latest advancements in HealthTech app development.

  • Integration Capabilities: Determine the integration requirements of your HealthTech app. Consider whether you need to integrate with external systems, databases, or APIs.

  • Team Expertise: Evaluate the skills and expertise of your development team. Consider their proficiency in the programming languages and frameworks associated with your tech stack. If your team already has experience with certain technologies, leveraging their existing knowledge can lead to more efficient development and better-quality code.

Remember to regularly assess your tech stack as new technologies and frameworks emerge. Stay informed about industry trends and advancements to ensure that your chosen tech stack remains relevant and aligned with the evolving needs of the HealthTech sector.

By carefully considering platform compatibility, scalability, future growth potential, developer resources, integration capabilities, and team expertise, you can make an informed decision when selecting the tech stack for your HealthTech app. A well-suited tech stack will contribute to the stability, performance, and success of your app throughout its lifecycle.

Step 6: Develop the MVP

Instead of launching a full-featured app, develop an MVP (Minimum Viable Product) with core functionalities. An MVP allows you to test your app concept in the market, receive user feedback, and make improvements accordingly. It saves resources and lets you validate your app idea before you commit to developing the full version.

Here are some key reasons why developing an MVP is a valuable approach for your HealthTech app:

  • Market Validation: By launching an MVP, you can quickly gauge the market’s response to your app idea. It enables you to gather real-world feedback from users, healthcare professionals, or other stakeholders.

  • Cost and Resource Optimization: Developing an MVP allows you to focus your resources on building and testing the most essential features of your app. By starting with a more streamlined version, you can save time and resources compared to developing the full app upfront.

  • Iterative Development: By releasing the core features early, you can gather user feedback and prioritize the subsequent development phases based on real user needs and preferences. This iterative process allows you to continuously enhance and refine your HealthTech app based on validated insights, leading to a more user-centered and impactful final product.

  • Early User Acquisition: Launching an MVP enables you to start acquiring users and building an initial user base from the early stages of development. Early adopters and engaged users can provide testimonials, participate in case studies, and even contribute to the development of subsequent versions of your app.

  • Competitive Advantage: By releasing an MVP and gathering user feedback, you can differentiate yourself from competitors in the HealthTech market. With user insights and a data-driven approach, you can refine your product strategy and stay ahead of the competition by addressing user needs more effectively.

When developing an MVP for your HealthTech app, focus on the core functionalities that align with your value proposition and key user requirements. Prioritize features that provide the most significant impact and value to users. It is essential to maintain a balance between keeping the MVP lean and providing enough functionality to showcase your app’s potential.

Remember that the MVP is not the final version of your app but a starting point for continuous improvement. Actively engage with users, collect feedback, analyze data, and iterate on your product roadmap to ensure that subsequent versions of your app are driven by user needs and preferences.

Step 7: Incorporate Security Measures

Ensuring the security and privacy of sensitive data is of utmost importance when developing HealthTech apps. Given the nature of the data involved, implementing robust security measures is crucial to protect patient information and maintain trust.

Here are key considerations for incorporating security measures into your HealthTech app:

  • Data Encryption: Employ strong encryption techniques to protect data both at rest and in transit.

  • Authorized and Secure APIs: Verify the security measures implemented by the APIs, such as authentication protocols, access controls, and data encryption.

  • System and Software Updates: Regularly apply updates to the operating system, frameworks, libraries, and dependencies used in your HealthTech app. Promptly address any security vulnerabilities or weaknesses identified in third-party components.

  • Access Controls and User Authentication: Enforce role-based access controls (RBAC) to restrict user permissions based on their roles and responsibilities. Additionally, implement secure user authentication methods, such as two-factor authentication (2FA) or biometric authentication, to add an extra layer of security and prevent unauthorized access to user accounts.

  • Secure Storage of User Credentials: Store user credentials securely by utilizing strong hashing algorithms combined with salt values. Additionally, consider using secure password reset mechanisms and expiration policies to ensure the ongoing security of user accounts.

  • Regular Security Audits and Penetration Testing: Conduct regular security audits and penetration testing to identify vulnerabilities or weaknesses in your HealthTech app’s security measures. Address any identified vulnerabilities promptly to mitigate potential risks.

  • User Data Consent and Privacy: Obtain explicit user consent for data collection, storage, and processing. Comply with applicable privacy regulations, such as GDPR or HIPAA, and ensure transparency in your data practices.

  • Employee Training and Awareness: Educate your development team and staff on security best practices, data handling procedures, and the importance of maintaining a secure environment. Conduct regular training sessions to raise awareness of emerging security threats, social engineering attacks, and data protection principles.

By incorporating these security measures, you can enhance the protection of sensitive data, mitigate security risks, and build trust with users and stakeholders in the HealthTech industry. Prioritize security throughout the development lifecycle and adopt a proactive approach to address evolving security challenges and emerging threats.

Step 7: Testing

Once your app is developed, conduct rigorous testing to ensure all functions work as intended and the user experience is seamless.

Testing plays a vital role in ensuring the quality, functionality, and compliance of your HealthTech app.

Here are the key types of testing to consider during the app development process:

  • Functional Testing: Functional testing ensures that each feature of your HealthTech app functions as intended.

  • Usability Testing: Usability testing helps identify areas for improvement and ensures a user-friendly experience.

  • Performance Testing: Performance testing assesses the app’s responsiveness, speed, scalability, and stability under various conditions and loads.

  • Security Testing: Security testing is crucial in the HealthTech industry due to the sensitive nature of patient data.

  • Compliance Testing: Compliance testing ensures that your HealthTech app adheres to the necessary healthcare regulations and standards.

  • Regression Testing: Regression testing involves retesting previously developed and tested functionalities after changes or updates are made to the app.

  • User Acceptance Testing (UAT): User acceptance testing involves involving end-users or a selected group of representatives to evaluate the app’s usability, functionality, and overall satisfaction.

  • Automated Testing: Consider implementing automated testing tools and frameworks to streamline and expedite the testing process.

By conducting comprehensive testing, you can identify and address issues, validate the functionality and usability of your HealthTech app, and ensure compliance with healthcare regulations.

Test iteratively throughout the development process, from individual features to the complete app, to ensure a robust, reliable, and user-friendly solution.

Step 8: Launch the App

After all testing phases are complete and any necessary adjustments are made, it’s time to launch your app on your chosen platform(s). Launching your HealthTech app is an exciting milestone in your development journey.

However, simply publishing the app on your chosen platform(s) is not enough to ensure its success. To maximize your app’s visibility and attract users, you need to implement a robust optimization strategy. Here are key considerations for a successful app launch:

  • App Store Optimization (ASO): Optimize your app’s title, description, keywords, and screenshots to improve its discoverability. Research relevant keywords and incorporate them strategically to enhance your app’s search ranking.

  • Marketing and Promotion: Develop a comprehensive marketing and promotion strategy to generate awareness and drive downloads. Leverage various channels such as social media, email marketing, content marketing, and influencer partnerships to reach your target audience.

  • User Onboarding and Engagement: Provide a seamless and intuitive onboarding experience for new users. Offer clear instructions, guided tours, and tooltips to help users understand how to navigate and use your app effectively.

  • Customer Support and Feedback: Establish efficient customer support channels to address user queries, concerns, and feedback. Respond promptly to user inquiries and demonstrate a commitment to user satisfaction. Actively listen to user feedback and incorporate valuable insights into future updates and enhancements.

  • Analytics and Performance Monitoring: Implement robust analytics tools to track app performance, user behavior, and key metrics. Monitor user acquisition, retention, and engagement rates to understand how users interact with your app. Use analytics to make data-driven decisions and optimize your app for better user experiences.

  • Collaboration and Partnerships: Collaborate with relevant stakeholders, such as healthcare professionals, organizations, or other HealthTech companies, to expand your reach and enhance your app’s credibility. Seek partnerships that align with your app’s value proposition and can help amplify your marketing efforts.

By implementing a robust optimization strategy and maintaining a focus on user satisfaction and engagement, you can maximize the impact and success of your HealthTech app. A successful app launch sets the foundation for long-term growth and establishes your app as a trusted solution within the healthcare industry.

Step 9: Post-launch Support and Updates

Launching your HealthTech app is just the beginning of its lifecycle. To ensure its long-term success, it’s essential to provide ongoing support, gather user feedback, and make necessary updates and feature enhancements.

Continuously monitoring your app’s performance and actively engaging with users are key aspects of post-launch support. Here are important considerations for this phase:

  • Monitoring and Performance Analysis: Regularly monitor your app’s performance using analytics tools and performance monitoring systems.

  • User Feedback and Bug Reporting: Encourage users to provide feedback through in-app feedback forms, support channels, or review platforms. Prioritize addressing critical issues and bugs that affect the app’s functionality or security.

  • Regular Updates and Enhancements: Continuously improve your HealthTech app based on user feedback, market trends, and emerging technologies. Release regular updates to address bugs, enhance security, and introduce new features or improvements.

  • Security and Compliance: Maintain a strong focus on security and compliance post-launch. Stay informed about evolving compliance regulations and ensure your app remains aligned with relevant healthcare data privacy and security standards.

  • User Support and Communication: Provide timely and effective customer support to address user queries, concerns, and technical issues. Demonstrate a commitment to user satisfaction, building trust, and fostering long-term relationships with your users.

  • User Education and Engagement: Continuously engage and educate users about your app’s features, updates, and best practices. Encourage user engagement through personalized notifications, in-app messaging, or community forums.

  • Iterative Development and Roadmap: Continuously iterate and improve the user experience based on evolving user needs and market demands. Regularly communicate your app’s roadmap to users to set expectations and gather feedback.

  • Beta Testing and User Communities: Consider implementing beta testing programs to involve a selected group of users in testing new features or major updates before a wider release. Encourage user involvement in shaping the future of your HealthTech app.

Remember, post-launch support and updates are critical for maintaining user trust, satisfaction, and continued growth.

By actively engaging with users, addressing their feedback, and continuously improving your app, you can foster a loyal user base and position your HealthTech app for long-term success in the dynamic healthcare industry.

To summarize, developing a HealthTech app is a complex process that requires a strong understanding of the healthcare domain, user behaviors, technological requirements, and legal standards.

Partnering with healthcare professionals, UX/UI designers, and skilled developers can help create an app that truly serves the needs of the users and stands out in the market.


Ready for more?

or stop by our instagram icon or linkedin icon to say hello =)

Terms of use



ICure SA is incorporated in Geneva, Switzerland, with a registered office at Rue de la Fontaine 7, 1211 Geneva, Switzerland registered in the commercial registry under CHE-270.492.477 (“iCure”).

These Terms of Use constitute a legally binding agreement made between you, whether personally or on behalf of an entity (“you”) and iCure SA (“we,” “us” or “our”), concerning your access to and use of the https://www.icure.com website as well as any other media form, media channel, mobile website or mobile application related, linked, or otherwise connected thereto (collectively, the “Website”).

When you accept, these Terms form a legally binding agreement between you and iCure. If you are entering into these Terms on behalf of an entity, such as your employer or the company you work for, you represent that you have the legal authority to bind that entity.


iCure may, in its sole discretion, elect to suspend or terminate access to, or use of the iCure to anyone who violates these Terms.

All users who are minors in the jurisdiction in which they reside (generally under the age of 18) must have the permission of, and be directly supervised by, their parent or guardian to use the Website. If you are a minor, you must have your parent or guardian read and agree to these Terms of Use prior to you using the Website.

The original language of these Terms and Use is English. In case of other translations provided by iCure, the English version shall prevail.


The Content of the documentation stated on this Website is ours. All Marks, Content that concern iCure cannot be copied, reproduced, aggregated, republished, uploaded, posted, publicly displayed, encoded, translated, transmitted, distributed, sold, licensed, or otherwise exploited for any commercial purpose whatsoever, without our express prior written permission.

Provided that you are eligible to use the Website, you are granted a limited license to access and use the Website and to download or print a copy of any portion of the Content to which you have properly gained access solely for your personal, non-commercial use. We reserve all rights not expressly granted to you in and to the Website, the Content, and the Marks.


By using the Website, you represent and warrant that:

  1. All registration information you submit will be true, accurate, current, and complete; you will maintain the accuracy of such information and promptly update such registration information as necessary.
  2. You have the legal capacity, and you agree to comply with these Terms of Use.
  3. You are not under the age of 13.
  4. Not a minor in the jurisdiction in which you reside, or if a minor, you have received parental permission to use the Website.
  5. You will not access the Website through automated or non-human means, whether through a bot, script, or otherwise.
  6. You will not use the Website for any illegal or unauthorized purpose.
  7. Your use of the Website will not violate any applicable law or regulation.


You may not access or use the Website for any purpose other than that for which we make the Website available. The Website may not be used in connection with any commercial endeavors except those that are specifically endorsed or approved between you and iCure.

As a user of the Website, you agree not to:

  1. Publishing any Website material in any other media.
  2. Selling, sublicensing, and or otherwise commercializing any Website material.
  3. Publicly performing and or showing any Website material.
  4. Using this Website in any way that is or may be damaging to this Website.
  5. Using this Website in any way that impacts user access to this Website.
  6. Using this Website contrary to applicable laws and regulations, or in any way may cause harm to the Website, or to any person or business entity.
  7. Engaging in any data mining, data harvesting, data extracting, or any other similar activity in relation to this Website.
  8. Using this Website to engage in any advertising or marketing.


This Website is provided “as is,” with all faults, and iCure expresses no representations or warranties, of any kind related to this Website or the materials contained on this Website. Also, nothing contained on this Website shall be interpreted as advising you.


In no event shall iCure, nor any of its officers, directors, and employees shall be held liable for anything arising out of or in any way connected with your use of this Website whether such liability is under this agreement. iCure, including its officers, directors, and employees shall not be held liable for any indirect, consequential, or special liability arising out of or in any way related to your use of this Website.


You hereby fully indemnify iCure from and against any and/or all liabilities, costs, demands, causes of action, damages, and expenses arising in any way related to your breach of any of the provisions of these Terms.


If any provision of these Terms is found to be invalid under any applicable law, such provisions shall be deleted without affecting the remaining provisions herein.


iCure is permitted to revise these Terms at any time as it sees fit, and by using this Website you are expected to review these Terms on a regular basis.


iCure is allowed to assign, transfer, and subcontract its rights and/or obligations under these Terms without any notification. However, you are not allowed to assign, transfer, or subcontract any of your rights and/or obligations under these Terms.


These Terms constitute the entire agreement between iCure and you in relation to your use of this Website and supersede all prior agreements and understandings.


These Terms shall be governed by and construed in accordance with the laws of Switzerland, without regard to its conflict of law provisions.

The parties shall attempt to solve the matter amicably in mutual negotiations. In case of a non-amicable settlement that has been found between the parties, the Court of Geneva will be competent.


Please refer to our Privacy Policy and Cookie Notice for the Data that we collected from the contact form and the Matomo cookie.

iCure SA

Contact: contact@icure.com

Last update: November 2nd, 2022.

Privacy Policy


iCure SA (iCure) is incorporated in Geneva, Switzerland, with a registered office at Rue de la Fontaine 7, 1204 Geneva, Switzerland registered in the commercial registry under CHE-270.492.477.

This Privacy Policy describes the information that we collect through our Website (https://www.icure.com), how we use such information, and the steps we take to protect such information. We strongly recommend that you read the Privacy Policy carefully.


The original language of this Privacy Policy is English. In the case of other translations provided by iCure, the English version shall prevail.

This Privacy Policy is incorporated into and is subject to, the iCure Terms of Use.

1. Definitions

Administrative Data: means Personal Data such as the Name, Email, and Phone in order to perform administrative tasks like Invoicing or contacting the Client (if support is needed).

Cookies: means text files placed on a computer to collect standard internet log information and visitor behavior information. When you visit a website, they may collect information from a computer automatically through cookies or similar technology (for further information please refer to our Cookies Notice, visit allaboutcookies.org.).

Data controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Data processor: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Personal Data: means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Visitor: means the natural person that submits their Personal Data through our contact form; and/or sends us an email; and/or cookies have been implemented.

All other undefined terms used in this Agreement have the meaning from our Terms and Conditions and the General Data Protection Regulation of the Regulation (EU) 2016/679 of 27 April 2016 (GDPR).

2. Concerning your Personal Data

For this website, iCure collects and determines the use and the purpose of any Personal Data uploaded by the visitor, therefore iCure is defined as the Data Controller according to the GDPR.

2.1 Contact Form

iCure collects Administrative Data that the Visitor completed in our contact form available through our Website.

The Administrative Data that Visitor provides to iCure on this contact form are the First name, the last name, the working e-mail address, the name of your organization, and other Personal Data that the Visitor included in the description of its work.

iCure processes these Administrative Data on the lawful basis of the Visitor’s consent (Article 6, 1. a) of the GDPR).

iCure uses these Administrative Data to perform administrative tasks like contacting the Visitor who completed the contact form, to better understand your needs and interests, and to provide you with better service.

2.2 Email

The Visitor can contact iCure through contact@icure.com to get any information about the Company or new job positions. In this email, the Visitor includes his Name, mail address, and any other Personal Data.

iCure processes these Personal Data on the lawful basis of the Visitor’s consent (Article 6, 1. a) of the GDPR).

iCure uses these Personal Data to answer any request from the Visitor and to consider the Visitor’s job application that they sent us by email.

2.3 Newsletters

iCure offers newsletters to provide you with updates, promotional communications, and offers related to our products and services. If you wish to receive our newsletters, we will collect and process your Personal Data for this specific purpose.

iCure processes these Personal Data on the lawful basis of the Visitor’s consent (Article 6, 1. a) of the GDPR). By subscribing to our Newsletters, you explicitly consent to the use of your Personal Data for direct marketing purposes, including the sending of promotional communications and offers by email.

If you do not want your Personal Data to be further processed for direct marketing purposes, you have the right to withdraw your consent at any time, free of charge and without having to provide any justification, by contacting iCure.

3. Security

iCure has implemented appropriate technical and organizational measures to safeguard your Personal Data against any accidental or illicit destruction, loss, modification, deterioration, usage, access, divulgation, and any other unauthorized processing of your Personal Data. We make every effort to protect personal information. However, you should always be careful when you submit personal or confidential information about yourself on any website, including our website.

4. The data retention period and the conditions for deletion

iCure will not retain your Personal Data, as collected, and processed in accordance with this Privacy Policy, for a period longer than necessary to fulfill the purposes described above.

For the Administrative Data from the contact form completed by the Visitor (as described in section 2.1 of this Privacy Policy), these Data shall be stored for a maximum period of 1 month from the completion of the form.

For the Personal Data from the Email completed by the Visitor (as described in section 2.2 of this Privacy Policy), these Data shall be stored for a maximum period of 2 months from the completion of the form.

For the Personal Data from the Newsletters completed by the Visitor (as described in section 2.3 of this Privacy Policy), these Data shall be stored for a maximum period of 11 months from the date of your consent or until you withdraw it.

5. Your rights

You are entitled to access your Personal Data processed by iCure and request their modification or erasure if it is incorrect or unnecessary. To exercise your rights, you may get in touch with iCure by using the electronic contact form available on our website or send a written and signed request to iCure at the email address privacy@icure.com with a copy of your ID or other identification documents, and any document proving that you are the data subject.

In general, where applicable, you also have the right to withdraw consent to the processing at any time. This withdrawal does not affect the lawfulness of processing based on consent made prior to such withdrawal. In certain cases, you also have the right to data portability. Those rights can be exercised by following the abovementioned procedure.

You have the right to lodge a complaint with a supervisory authority, in the Member State of the European Union of your usual place of residence, your place of work, or the place where the violation occurred, if you consider that the processing of personal data relating to you infringes Data Protection Law.

Please, note that the term of processing of such request can take up to one month. Contact: privacy@icure.com

6. Modification

iCure expressly reserves the right to modify this Privacy Policy and you undertake to regularly review the Privacy Policy. By amending the Privacy Policy, iCure will consider your legitimate interests. You will receive a notification if the Privacy Policy is modified. By continuing to actively use the iCure Services after such notification, you acknowledge that you have read the modifications to the Privacy Policy.

7. Information Sharing

Our employees and/or authorized contractors are the people in charge of the Data Processing.

iCure does not sell, rent, or lease any individual’s personal information or lists of email addresses to anyone for marketing purposes, and we take commercially reasonable steps to maintain the security of this information.

However, iCure reserves the right to supply any such information to any organization into which iCure may merge in the future or to which it may make any transfer in order to enable a third party to continue part or all of its mission.

We also reserve the right to release personal information to protect our systems or business when we reasonably believe you to be in violation of our Terms of Use and Privacy Policy or if we reasonably believe you to have initiated or participated in any illegal activity.

In addition, please be aware that in certain circumstances, iCure may be obligated to release your personal information pursuant to judicial or other government subpoenas, warrants, or other orders.

8. Links to other Websites

This Website may provide links to third-party websites (Instagram and Linkedin) for the convenience of our users. If you access those links, you will leave this website. iCure does not control these third-party websites and cannot represent that their policies and practices will be consistent with this Privacy Policy. For example, other websites may collect or use personal information about you in a manner different from that described in this document. Therefore, you should use other websites with caution and do so at your own risk. We encourage you to review the privacy policy of any website before submitting personal information.

9. Cookies

To get more information on how iCure uses Matomo’s cookies, please check our Cookie Notice.

10. Contact

Please contact us with any questions or comments about this Policy, your Personal Data, and our use and disclosure practices by email at privacy@icure.com If you have any concerns or complaints about this Policy or your Personal Data, you may contact our DPO at privacy@icure.com.

Please, note that the term of processing of such request can take up to one month.

iCure SA

Contact : privacy@icure.com

Last update: July the 26th, 2023.

Information Security Policy


1. Introduction

The iCure universe is built on trust. Guaranteeing the confidentiality of the data that are entrusted to us is our highest priority.

The Information Security Policy of iCure abstracts the security concept that permeates every activity and abides by the ISO 27001:2013 requirements for Information Security, so that we ensure the security of the data that iCure and its clients manage.

Every employee, contractor, consultant, supplier and client of iCure is bound by our Information Security Policy.

2. Our Policy

iCure is committed to protecting the confidentiality, integrity and availability of the service it provides and the data it manages. iCure also considers protecting the privacy of its employees, partners, suppliers, clients and their customers as a fundamental security aspect.

iCure complies with all applicable laws and regulations regarding the protection of information assets and voluntarily commits itself to the provisions of the ISO 27001:2013.

3. Information Security Definitions

Confidentiality refers to iCure’s ability to protect information against disclosure. Attacks, such as network reconnaissance, database breaches or electronic eavesdropping or inadvertent information revealing through poor practices.

Integrity is about ensuring that information is not tampered with during or after submission. Data integrity can be compromised by accident or on purpose, by evading intrusion detection or changing file configurations to allow unwanted access.

Availability requires organizations to have up-and-running systems, networks, and applications to guarantee authorized users’ access to information without any interruption or waiting. The nature of data entrusted to us requires a higher-than-average availability.

Privacy is the right of individuals to control the collection, use, and disclosure of their personal information. Our privacy policies are based on the GDPR(https://gdpr-info.eu/) and can be augmented by added requirements of specific clients or law areas.

4. Risk Assessment

The main threats iCure is facing as a company are:

  1. Data Theft;
  2. Data Deletion;
  3. Denial of Service attacks;
  4. Malware;
  5. Blackmail and Extortion.

As providers of a solution used by developers active in Healthcare, we also have to anticipate the risks of:

  1. Attacks on our clients’ data, which could lead to major social damages and a loss of trust in our solution;
  2. Abuse of our solution by ill-intentioned clients, that could impact the quality of the service provided to the rest of our clients.

The motivation of the attackers in the latter cases can range from financial gain to political or ideological motivations.

A last risk is linked to the nature of the healthcare data we handle. We must ensure, that the data we handle are not used for purposes other than those for which they were collected:

A piece of data collected from a patient for the purpose of a medical consultation should not be available to third parties, not even a government agency.

5. Risk Management

The main principles we apply to manage the risks we face are:

  1. Confidentiality by design: All sensitive data is encrypted end-to-end before being stored in our databases. We do not have any access to the data we store. Our client’s customers are the only ones who can decrypt the data we store.
  2. Anonymization by design: Healthcare information that has to be stored unencrypted is always anonymized using end-to-end encryption scheme. This means that the link between the healthcare and administrative information must be encrypted.

Those two principles allow us to minimize the risks of data theft, blackmail, extortion, and coercion by government agency.

  1. Multiple real-time replicas, with automatic failover: We use a distributed database architecture to ensure that our data is available at all times. We use a master-master architecture, each data is replicated at least 3 times. Snapshots are taken every day to ensure that we can restore the data in case of a malevolent deletion event.
  2. Automatic password rotations: no single password can be used for more than 48 hours. Passwords are automatically rotated every 24 hours. In case of a password leak, we can limit the window of opportunity for an attack.

Those two principles allow us to minimise the risks of data deletion, denial of service attacks, and malware.

  1. Minimization of the attack surface: we deploy our systems in the most minimal way. We only expose the network services that are strictly necessary.
  2. Strict dependency management: we only use open-source software that is regularly updated and audited by the community. We favor dependency management software and providers that minimize the risk of supply chain poisoning.

Those two principles allow iCure to minimise the risks of intrusion by vulnerability exploit or supply chain attacks, two risks that could lead to data theft or data deletion.

6. Further Information

This policy is valid as of November 10th, 2022. For futher information please connect with us at privacy@icure.com


iCure SA

Rue de la Fontaine 7, 1204 Geneva, Switzerland


This website uses cookies

We use only one cookie application for internal research on how to improve our service for all users. It is called Matomo, and it stores the information in Europe, anonymized and for limited time. For more details, please refer to our and .