We're on Medica 2023, come say "hi" and connect in Hall 12, Booth E53-03!

Back to blog

How To Choose The Right EHR Software Part 1

Selecting the ideal Electronic Health Record (EHR) software is a pivotal choice for healthcare providers, one that bears immense consequences for the quality of patient care, the overall efficiency of your medical practice, and your ability to remain compliant with stringent healthcare regulations.

post illustration

This comprehensive guide has been designed to walk you through the essential steps involved in making this crucial decision, ensuring that you choose the EHR software that aligns seamlessly with your healthcare organization’s unique needs.

1. Define Your Goals and Objectives

The first step in this intricate process is clearly outlining your organization’s goals and objectives.

This initial step serves as the foundation upon which you will build the rest of your decision-making process. Begin by identifying and specifying the exact outcomes you wish to achieve through the implementation of your EHR system.

These objectives may encompass a wide range of facets within your healthcare practice, such as:

  • Enhancing Patient Care: Consider how the EHR software can improve patient care, such as facilitating quicker access to medical records, reducing errors in diagnosis, and enabling more effective communication among healthcare providers.
  • Boosting Efficiency: Evaluate how the chosen EHR software can streamline your daily operations, from appointment scheduling to billing and claims processing. Look for features that can save time, reduce paperwork, and minimize administrative burdens.
  • Cost Reduction: Assess the potential for cost savings, including reduced administrative expenses, improved inventory management, and decreased billing errors. An EHR system should be an investment and provide long-term financial benefits.
  • Regulatory Compliance: Recognize the importance of adhering to healthcare regulations and standards, such as GDPR. Ensure that your EHR software can help you meet these compliance requirements effectively and without undue effort.

As you dive into defining your goals and objectives, involve key stakeholders within your organization, including healthcare providers, administrators, and IT professionals. Their input and insights will be invaluable in shaping a comprehensive and well-rounded understanding of what your healthcare organization aims to achieve with its EHR system.

2. Assess Your Practice Needs

Moving forward in your journey to select the perfect Electronic Health Record software, deeply understanding your healthcare practice’s specific needs is essential. These needs are like the pieces of a puzzle, each contributing to the overall picture of how your EHR system should be tailored to meet your unique circumstances.

A comprehensive assessment should encompass various aspects, including:

  • Organization Size: Begin by considering the size and scale of your healthcare organization. Are you a solo practitioner, a small clinic, a large hospital, or perhaps a multi-site healthcare network? The scope of your practice plays a significant role in determining the EHR software that will suit you best. Smaller practices may require a simpler, more cost-effective solution, while larger institutions may need a robust, enterprise-level system capable of handling substantial data volumes and complex workflows.
  • Specialty Focus: Take into account the specialty of your practice. Different medical specialties often have unique requirements when it comes to patient data, documentation, and billing. For example, the needs of a primary care practice will differ from those of a radiology center or a mental health clinic. Ensure that the EHR software you select can accommodate the specific demands of your medical specialty.
  • Workflow Analysis: Perform a detailed analysis of your current workflow. Map out each step involved in the patient journey, from appointment scheduling to diagnosis and treatment, from billing and claims processing to follow-up care. Identify bottlenecks, inefficiencies, and areas where an EHR system could streamline your processes and reduce manual tasks. The goal is to align the software with your workflow, enhancing productivity and patient care.
  • Patient Demographics: Consider the demographics of your patient population. Different patient groups may have varying needs and expectations. For example, pediatric patients may require specialized pediatric templates and growth charts, while geriatric patients may need integrated medication management tools. An EHR system should cater to these diverse patient demographics to ensure comprehensive and tailored care.
  • Integration Requirements: Evaluate your practice’s existing software and systems. Determine whether the EHR software can seamlessly integrate with other healthcare applications, such as billing and scheduling software, laboratory information systems, and electronic prescribing platforms. Integration capabilities are crucial for achieving a cohesive and efficient healthcare ecosystem.
  • Data Security and Privacy: Given the sensitive nature of healthcare data, assess your practice’s data security and privacy requirements. Understand the regulatory landscape in your region, such as HIPAA in the US and GDPR in the EU, and ensure that the EHR software complies with these regulations. Data encryption, access controls, and audit trails are vital components to safeguard patient information.
  • Scalability: Consider the potential growth of your practice. Can the chosen EHR system scale alongside your organization? It’s crucial to invest in software that can accommodate an expanding patient base, additional providers, and evolving healthcare services without major disruptions.
  • Mobile and Remote Access: Today, the ability to access patient information remotely and through mobile devices is increasingly important. Evaluate whether the EHR software offers secure and user-friendly mobile access, which can improve efficiency and patient care, especially in scenarios like telemedicine.
  • Patient Engagement and Communication: Consider how the EHR system facilitates patient engagement and communication. Features like patient portals, secure messaging, and telehealth capabilities can enhance patient-provider interactions and contribute to a more patient-centered approach.

By thoroughly assessing these facets of your practice, you will gain a comprehensive understanding of your unique needs and requirements. This knowledge will serve as a guiding light throughout the selection process, ensuring that the EHR software you ultimately choose is a perfect fit for your specific healthcare environment.

3. Budget Allocation

One of the pivotal steps in your journey toward acquiring EHR software is the careful allocation of your financial resources. This process goes beyond merely setting aside funds — it involves a meticulous examination of the immediate and long-term costs of your EHR implementation.

Here’s a comprehensive perspective on how to handle this critical aspect:

  • Initial Purchase Cost: Begin by estimating the initial purchase cost of the EHR software itself. This includes licensing fees, setup costs, and any additional modules or features you might require for a fully functional system. Keep in mind that the upfront expense can vary significantly depending on the vendor, the complexity of your needs, and the size of your healthcare organization.
  • Hardware and Infrastructure: Consider the hardware and infrastructure required to run the EHR software efficiently. This encompasses servers, workstations, networking equipment, and any other technology components necessary to support the system. Factor in the costs of purchasing, upgrading, or maintaining these components as part of your budget.
  • Implementation and Training: Allocating resources for the implementation phase is critical. You’ll need to account for the expenses associated with data migration, software configuration, and staff training. Adequate training is essential to ensure that your healthcare providers and administrative staff can use the EHR system effectively and maximize its benefits.
  • Ongoing Maintenance and Support: Remember that the journey doesn’t end once the EHR system is up and running. Include provisions for ongoing maintenance, software updates, and technical support in your budget. This will help you address any issues that arise, keep the software compliant with changing regulations, and ensure its smooth operation over time.
  • Data Migration: If you are transitioning from a legacy system or paper-based records, budget for data migration. Converting existing patient data into a digital format is a crucial step, and it may involve data cleansing, mapping, and verification to maintain data accuracy.
  • Integration Costs: Consider integration costs if you need to connect the EHR software with other healthcare systems, such as billing, laboratory, or radiology systems. Integration may require custom development or third-party integration tools, which can add to your expenses.
  • Vendor Fees and Licensing: Some EHR vendors charge ongoing fees, such as monthly or annual licensing fees, maintenance fees, or per-user charges. Ensure that you understand the vendor’s pricing model and factor these costs into your budget projection.
  • Contingency Funds: Setting aside a portion of your budget for unexpected expenses or contingencies is important. These funds can serve as a safety net in case you encounter unforeseen challenges or require additional resources during the implementation process.
  • Return on Investment (ROI): Consider the potential return on investment that the EHR system can offer. Calculate how cost savings, increased efficiency, and improved patient care could offset your initial investment over time. This analysis can help you justify your budget allocation and demonstrate the value of the EHR system to stakeholders.
  • Long-Term Planning: Think beyond the immediate budget cycle and engage in long-term financial planning. Understand how your EHR-related expenses may evolve over the years, including costs associated with system upgrades, expansion, and compliance with evolving healthcare regulations.
  • Vendor Negotiation: Keep in mind that vendors may be open to negotiation, especially for larger healthcare organizations. Don’t hesitate to discuss pricing options, discounts, and payment terms with EHR vendors to ensure that you are getting the best value for your budget.

By thoughtfully considering these financial aspects and allocating your budget strategically, you can confidently embark on your EHR implementation, knowing that you have accounted for all essential costs and are prepared for a successful transition to a more efficient and technologically advanced healthcare practice.

4. Regulatory Compliance

When selecting Electronic Health Record software, your commitment to adhering to these regulations is a legal requirement and a crucial aspect of patient data security and the overall quality of care you provide.

Here, we explore the multifaceted considerations involved in ensuring that your chosen EHR software aligns seamlessly with the complex web of healthcare regulations, such as GDPR or HIPAA, and Meaningful Use requirements where applicable:

  • HIPAA Compliance: HIPAA stands as one of the cornerstones of healthcare data protection in the United States. Ensure that the EHR software you choose is fully compliant with the HIPAA Privacy, Security, and Breach Notification Rules.

This entails safeguarding protected health information (PHI) with robust encryption, access controls, audit trails, and data backup procedures. Furthermore, the software should facilitate compliance with the HIPAA Security Rule by ensuring patient data’s confidentiality, integrity, and availability.

  • GDPR Compliance: The General Data Protection Regulation (GDPR) is a pivotal piece of legislation governing data protection and privacy in the European Union. Verifying that the EHR software you select aligns rigorously with GDPR requirements is imperative.

This entails securing personal data with robust encryption, access controls, audit trails, and data backup procedures to ensure compliance with GDPR’s stringent privacy and security standards. The software should facilitate GDPR compliance by safeguarding personal data’s confidentiality, integrity, and availability.

  • Meaningful Use (MU): If your healthcare organization is eligible for Meaningful Use incentives through programs like the Medicare and Medicaid EHR Incentive Programs, verify that the EHR software meets the relevant MU criteria. These criteria are designed to encourage the meaningful use of electronic health records to improve patient care, enhance care coordination, and maintain patient data privacy and security.
  • Interoperability Standards: In addition to GDPR, HIPAA, and Meaningful Use, consider the EHR software’s adherence to interoperability standards, such as Fast Healthcare Interoperability Resources (FHIR) and Consolidated Clinical Document Architecture (C-CDA). These standards facilitate the seamless exchange of patient data between different healthcare systems and providers while ensuring data integrity and privacy.
  • State and Local Regulations: If you’re in the US, beyond federal regulations, be aware of any state and local healthcare data privacy and security regulations that may apply to your practice. If you’re in the EU, consider if any countries you market have specific local regulations in place. EHR software should be adaptable to meet these regional requirements, ensuring compliance at all levels.
  • Regulatory Updates: Stay informed about changes and updates to healthcare regulations. The EHR software should have a track record of timely updates and responsiveness to evolving regulatory requirements. This includes data exchange standards, security protocols, and reporting requirements updates.
  • Auditing and Reporting: Evaluate the EHR software’s ability to generate audit logs and reports that document user activity and data access. This is crucial for compliance monitoring and investigations in the event of a security incident or regulatory audit.
  • User Training and Awareness: Compliance with regulations often hinges on the behavior and awareness of your staff. Ensure that the EHR software includes training modules and resources that educate users about their responsibilities regarding patient data privacy and security.
  • Data Backup and Recovery: Part of regulatory compliance involves having robust data backup and recovery mechanisms in place. Verify that the EHR software has a reliable backup system to protect against data loss and establish procedures for data recovery in case of unexpected events like system failures or cyberattacks.
  • Business Associate Agreements (BAAs): If your EHR vendor processes or stores PHI on your behalf, ensure they are willing to sign a HIPAA-compliant Business Associate Agreement (BAA). This legal contract outlines their responsibilities in safeguarding patient data and complying with HIPAA requirements.

In summary, regulatory compliance is a fundamental aspect of EHR software selection.

Your chosen software should meet current regulations and provide the flexibility to adapt to future changes in the healthcare regulatory landscape. This proactive approach ensures that your healthcare organization remains legally sound, maintains patient trust, and upholds the highest data security and patient care standards.

5. User-Friendliness

The user-friendliness of your chosen Electronic Health Record software is a pivotal factor that can significantly impact the effectiveness and efficiency of your healthcare practice.

A user-friendly EHR system is not just about ease of use; it’s about empowering your healthcare providers and staff to deliver the best possible care.

Here, we dive into the various dimensions of user-friendliness and its profound influence on productivity and adoption rates within your practice:

  • Intuitive Interface: Opt for EHR software that boasts an intuitive user interface. This means that navigating through the system should feel natural and require minimal training. Icons, buttons, and menu structures should be logically organized, allowing users to locate the features and information they need quickly.
  • Efficient Workflows: A user-friendly EHR system streamlines workflows, minimizing the time and effort required for administrative tasks. Look for software that automates routine processes, offers customizable templates, and enables easy data entry, reducing the burden on healthcare providers and staff.
  • Training and Onboarding: While user-friendliness is essential, it’s also crucial that the EHR vendor provides comprehensive training and onboarding support. Ensure that your team receives the necessary training to become proficient with the software and that ongoing support is readily available to address any questions or challenges that arise.
  • Accessibility: Accessibility is a critical aspect of user-friendliness. Confirm that the EHR software is accessible to all users, including those with disabilities. Compliance with accessibility standards, such as the Web Content Accessibility Guidelines (WCAG), is essential for ensuring that everyone in your healthcare practice can use the software.
  • Customization: The ability to customize the EHR software to match your specific workflow is a significant advantage. A user-friendly system should allow you to tailor templates, forms, and processes to align seamlessly with your practice’s unique needs.
  • Mobile and Remote Access: In today’s dynamic healthcare environment, the ability to access the EHR system remotely and via mobile devices is vital. A user-friendly EHR should provide secure and user-friendly mobile access, enabling healthcare providers to view patient information and perform essential tasks wherever they are.
  • User Feedback and Involvement: Actively involve your healthcare providers and staff in the selection process. Solicit their input and feedback on the usability of the EHR software during vendor demonstrations and trials. Their perspectives can offer valuable insights into whether the software aligns with their daily tasks and preferences.
  • Efficient Data Retrieval: A user-friendly EHR system should facilitate quick and efficient data retrieval. Providers should be able to access patient records, test results, and relevant information with minimal clicks, allowing them to focus on patient care rather than navigating complex menus.
  • Reduced Learning Curve: Minimizing the learning curve is essential for a smooth transition to the new EHR system. User-friendly software enables healthcare providers and staff to adapt quickly, ensuring a swift and successful adoption process.
  • User Satisfaction: Ultimately, user satisfaction is a key indicator of user-friendliness. Pay attention to feedback from your team after the software is implemented. A positive response indicates that the software meets their needs and contributes to a more efficient and satisfying work environment.

By prioritizing user-friendliness in your EHR software selection, you empower your healthcare providers and staff to embrace technology as a tool that enhances their daily work rather than hinders it. This, in turn, leads to improved productivity, increased adoption rates, and, ultimately, better patient care within your practice.

6. Interoperability

The ability of your chosen Electronic Health Record (EHR) software to seamlessly exchange patient data with other healthcare providers and systems is a pivotal consideration in the modern healthcare landscape. Interoperability isn’t just a convenience — it’s essential for achieving coordinated care, enhancing patient safety, and improving overall healthcare outcomes.

Here, we explore the multifaceted dimensions of interoperability and why it’s integral to your EHR software selection:

  • Coordinated Care: Interoperability fosters coordinated care by enabling healthcare providers across different specialties and settings to access and share patient information effortlessly. This facilitates a comprehensive view of a patient’s medical history, treatments, and diagnostic results, leading to more informed decisions and holistic patient care.
  • Reduced Data Silos: An interoperable EHR system breaks down data silos, where patient information is isolated within specific healthcare facilities or departments. This ensures that crucial medical data can flow freely among primary care physicians, specialists, hospitals, laboratories, and other healthcare entities, eliminating redundancy and potential errors.
  • Enhanced Patient Safety: Interoperability enhances patient safety by reducing the risk of medical errors. When healthcare providers have access to a patient’s complete medical history and relevant clinical data, they can make more accurate diagnoses, prescribe appropriate treatments, and avoid adverse drug interactions.
  • Efficient Referrals and Transitions: For patients who require referrals to specialists or transitions between care settings (e.g., from hospital to primary care), interoperability ensures a smooth handoff of patient information. This prevents delays, miscommunications, and gaps in care that can negatively impact patient outcomes.
  • Streamlined Administrative Processes: Interoperable systems streamline administrative processes, such as billing and insurance claims, by enabling automated data exchange. This reduces paperwork, minimizes administrative errors, and accelerates reimbursement processes.
  • Patient Engagement: Interoperability extends to patient engagement as well. Patients can access their health records through secure portals, view test results, schedule appointments, and communicate with their healthcare providers. This involvement in their care enhances patient satisfaction and adherence to treatment plans.
  • Standardized Data Formats: Interoperable EHR systems often adhere to standardized data formats and protocols, such as Fast Healthcare Interoperability Resources (FHIR) and Health Level Seven (HL7). These standards ensure that data can be exchanged consistently and securely across different systems.
  • Compliance with Regulations: Many healthcare regulations, such as HIPAA and GDPR, emphasize the importance of secure data exchange. Interoperable EHR software helps your healthcare organization remain compliant with these regulations by safeguarding patient data during transmission.
  • Scalability and Future-Proofing: Interoperability is vital for your EHR system’s long-term scalability and adaptability. As your healthcare practice evolves and integrates new technologies, an interoperable foundation ensures you can connect seamlessly with emerging healthcare systems and technologies.
  • Reduced Duplication of Tests: With interoperable EHRs, duplicate tests and procedures can be minimized, saving time and resources. When a patient’s medical history and test results are readily available, providers can make more informed decisions about ordering additional tests.
  • Patient-Centered Care: Ultimately, interoperability supports a patient-centered approach to healthcare. It empowers patients with greater control over their health information, enables them to seek care from a broader network of providers, and enhances their overall quality of care.

By prioritizing interoperability in your EHR software selection, you pave the way for a healthcare ecosystem where information flows seamlessly, healthcare providers collaborate effectively, and patients experience more coordinated, safer, and patient-centered care.

7. Integration with Existing Systems

When embarking on the journey to select the right EHR software for your healthcare practice, one of the pivotal considerations is the software’s ability to integrate with your existing systems seamlessly. This integration capability is essential for maintaining a cohesive and efficient healthcare ecosystem.

Here’s a detailed exploration of why integration matters and how it can transform your practice:

  • Seamless Data Flow: Integration enables the seamless flow of data between different systems within your healthcare practice. This means that patient information, appointments, billing data, laboratory results, imaging reports, and other critical data can move effortlessly between your EHR software and other key systems, eliminating the need for manual data entry and reducing the risk of errors.
  • Billing and Revenue Cycle Management: Integration with billing software is crucial for efficient revenue cycle management. It ensures that patient encounters, diagnoses, and treatment information from the EHR system can be directly translated into billing codes and claims without duplication or transcription errors. This streamlines the billing process and accelerates reimbursement.
  • Laboratory Information Systems (LIS): Integration with laboratory systems allows for the automatic transmission of lab orders and results. This means that test orders can be placed directly from the EHR, and once completed, the results are transmitted back to the EHR system, enhancing the speed and accuracy of diagnosis and treatment decisions.
  • Imaging Solutions: Integration with imaging solutions, such as Picture Archiving and Communication Systems (PACS), enables healthcare providers to access radiology and imaging reports directly from the EHR. This facilitates timely diagnosis and treatment planning by allowing healthcare providers to view X-rays, MRIs, and other images alongside patient records.
  • Enhanced Efficiency: By avoiding redundant data entry and manual transfer of information, integration enhances overall operational efficiency. Healthcare providers and administrative staff can spend less time on administrative tasks and more time on patient care and clinical activities.
  • Error Reduction: Integration reduces the risk of data entry errors and inconsistencies that can occur when information is manually transcribed from one system to another. This, in turn, enhances patient safety by ensuring healthcare providers access accurate and up-to-date patient data.
  • Compliance and Reporting: Integrated systems can facilitate compliance with regulatory reporting requirements. Data collected in the EHR can be automatically compiled and transmitted to relevant authorities, simplifying the reporting process and reducing the administrative burden associated with compliance.
  • Patient Experience: Integration also benefits the patient experience. Patients can have a more streamlined and coordinated healthcare journey when their information flows seamlessly between different parts of the healthcare system, from scheduling appointments to receiving test results and billing information.
  • Data Security: Integration should be carried out with a strong emphasis on data security. Ensure that patient data remains confidential and protected throughout the integration process, adhering to regulatory standards like HIPAA or GDPR.

By prioritizing integration capabilities in your EHR software selection, you lay the foundation for a well-connected and efficient healthcare practice that can deliver high-quality care while streamlining administrative processes and enhancing patient satisfaction.


In this first part of our series on choosing the right EHR system, we’ve laid the groundwork for your journey toward making an informed and strategic decision. We’ve explored critical factors such as defining your goals, assessing practice needs, budget allocation, regulatory compliance, user-friendliness, interoperability, customization, and integration with existing systems.

But our quest for the perfect EHR system doesn’t end here. In Part 2, we will dive deeper into the selection process. We’ll discuss the importance of evaluating vendors, conducting comprehensive demos, considering scalability, and involving your healthcare team in decision-making.

So, as you embark on this transformative journey to enhance patient care, streamline operations, and elevate your healthcare practice, stay tuned for Part 2, where we’ll guide you through the finer details of selecting an EHR system that truly aligns with your unique needs and aspirations.


Ready for more?

or stop by our instagram icon or linkedin icon to say hello =)

Terms of use



ICure SA is incorporated in Geneva, Switzerland, with a registered office at Rue de la Fontaine 7, 1211 Geneva, Switzerland registered in the commercial registry under CHE-270.492.477 (“iCure”).

These Terms of Use constitute a legally binding agreement made between you, whether personally or on behalf of an entity (“you”) and iCure SA (“we,” “us” or “our”), concerning your access to and use of the https://www.icure.com website as well as any other media form, media channel, mobile website or mobile application related, linked, or otherwise connected thereto (collectively, the “Website”).

When you accept, these Terms form a legally binding agreement between you and iCure. If you are entering into these Terms on behalf of an entity, such as your employer or the company you work for, you represent that you have the legal authority to bind that entity.


iCure may, in its sole discretion, elect to suspend or terminate access to, or use of the iCure to anyone who violates these Terms.

All users who are minors in the jurisdiction in which they reside (generally under the age of 18) must have the permission of, and be directly supervised by, their parent or guardian to use the Website. If you are a minor, you must have your parent or guardian read and agree to these Terms of Use prior to you using the Website.

The original language of these Terms and Use is English. In case of other translations provided by iCure, the English version shall prevail.


The Content of the documentation stated on this Website is ours. All Marks, Content that concern iCure cannot be copied, reproduced, aggregated, republished, uploaded, posted, publicly displayed, encoded, translated, transmitted, distributed, sold, licensed, or otherwise exploited for any commercial purpose whatsoever, without our express prior written permission.

Provided that you are eligible to use the Website, you are granted a limited license to access and use the Website and to download or print a copy of any portion of the Content to which you have properly gained access solely for your personal, non-commercial use. We reserve all rights not expressly granted to you in and to the Website, the Content, and the Marks.


By using the Website, you represent and warrant that:

  1. All registration information you submit will be true, accurate, current, and complete; you will maintain the accuracy of such information and promptly update such registration information as necessary.
  2. You have the legal capacity, and you agree to comply with these Terms of Use.
  3. You are not under the age of 13.
  4. Not a minor in the jurisdiction in which you reside, or if a minor, you have received parental permission to use the Website.
  5. You will not access the Website through automated or non-human means, whether through a bot, script, or otherwise.
  6. You will not use the Website for any illegal or unauthorized purpose.
  7. Your use of the Website will not violate any applicable law or regulation.


You may not access or use the Website for any purpose other than that for which we make the Website available. The Website may not be used in connection with any commercial endeavors except those that are specifically endorsed or approved between you and iCure.

As a user of the Website, you agree not to:

  1. Publishing any Website material in any other media.
  2. Selling, sublicensing, and or otherwise commercializing any Website material.
  3. Publicly performing and or showing any Website material.
  4. Using this Website in any way that is or may be damaging to this Website.
  5. Using this Website in any way that impacts user access to this Website.
  6. Using this Website contrary to applicable laws and regulations, or in any way may cause harm to the Website, or to any person or business entity.
  7. Engaging in any data mining, data harvesting, data extracting, or any other similar activity in relation to this Website.
  8. Using this Website to engage in any advertising or marketing.


This Website is provided “as is,” with all faults, and iCure expresses no representations or warranties, of any kind related to this Website or the materials contained on this Website. Also, nothing contained on this Website shall be interpreted as advising you.


In no event shall iCure, nor any of its officers, directors, and employees shall be held liable for anything arising out of or in any way connected with your use of this Website whether such liability is under this agreement. iCure, including its officers, directors, and employees shall not be held liable for any indirect, consequential, or special liability arising out of or in any way related to your use of this Website.


You hereby fully indemnify iCure from and against any and/or all liabilities, costs, demands, causes of action, damages, and expenses arising in any way related to your breach of any of the provisions of these Terms.


If any provision of these Terms is found to be invalid under any applicable law, such provisions shall be deleted without affecting the remaining provisions herein.


iCure is permitted to revise these Terms at any time as it sees fit, and by using this Website you are expected to review these Terms on a regular basis.


iCure is allowed to assign, transfer, and subcontract its rights and/or obligations under these Terms without any notification. However, you are not allowed to assign, transfer, or subcontract any of your rights and/or obligations under these Terms.


These Terms constitute the entire agreement between iCure and you in relation to your use of this Website and supersede all prior agreements and understandings.


These Terms shall be governed by and construed in accordance with the laws of Switzerland, without regard to its conflict of law provisions.

The parties shall attempt to solve the matter amicably in mutual negotiations. In case of a non-amicable settlement that has been found between the parties, the Court of Geneva will be competent.


Please refer to our Privacy Policy and Cookie Notice for the Data that we collected from the contact form and the Matomo cookie.

iCure SA

Contact: contact@icure.com

Last update: November 2nd, 2022.

Privacy Policy


iCure SA (iCure) is incorporated in Geneva, Switzerland, with a registered office at Rue de la Fontaine 7, 1204 Geneva, Switzerland registered in the commercial registry under CHE-270.492.477.

This Privacy Policy describes the information that we collect through our Website (https://www.icure.com), how we use such information, and the steps we take to protect such information. We strongly recommend that you read the Privacy Policy carefully.


The original language of this Privacy Policy is English. In the case of other translations provided by iCure, the English version shall prevail.

This Privacy Policy is incorporated into and is subject to, the iCure Terms of Use.

1. Definitions

Administrative Data: means Personal Data such as the Name, Email, and Phone in order to perform administrative tasks like Invoicing or contacting the Client (if support is needed).

Cookies: means text files placed on a computer to collect standard internet log information and visitor behavior information. When you visit a website, they may collect information from a computer automatically through cookies or similar technology (for further information please refer to our Cookies Notice, visit allaboutcookies.org.).

Data controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Data processor: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Personal Data: means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Visitor: means the natural person that submits their Personal Data through our contact form; and/or sends us an email; and/or cookies have been implemented.

All other undefined terms used in this Agreement have the meaning from our Terms and Conditions and the General Data Protection Regulation of the Regulation (EU) 2016/679 of 27 April 2016 (GDPR).

2. Concerning your Personal Data

For this website, iCure collects and determines the use and the purpose of any Personal Data uploaded by the visitor, therefore iCure is defined as the Data Controller according to the GDPR.

2.1 Contact Form

iCure collects Administrative Data that the Visitor completed in our contact form available through our Website.

The Administrative Data that Visitor provides to iCure on this contact form are the First name, the last name, the working e-mail address, the name of your organization, and other Personal Data that the Visitor included in the description of its work.

iCure processes these Administrative Data on the lawful basis of the Visitor’s consent (Article 6, 1. a) of the GDPR).

iCure uses these Administrative Data to perform administrative tasks like contacting the Visitor who completed the contact form, to better understand your needs and interests, and to provide you with better service.

2.2 Email

The Visitor can contact iCure through contact@icure.com to get any information about the Company or new job positions. In this email, the Visitor includes his Name, mail address, and any other Personal Data.

iCure processes these Personal Data on the lawful basis of the Visitor’s consent (Article 6, 1. a) of the GDPR).

iCure uses these Personal Data to answer any request from the Visitor and to consider the Visitor’s job application that they sent us by email.

2.3 Newsletters

iCure offers newsletters to provide you with updates, promotional communications, and offers related to our products and services. If you wish to receive our newsletters, we will collect and process your Personal Data for this specific purpose.

iCure processes these Personal Data on the lawful basis of the Visitor’s consent (Article 6, 1. a) of the GDPR). By subscribing to our Newsletters, you explicitly consent to the use of your Personal Data for direct marketing purposes, including the sending of promotional communications and offers by email.

If you do not want your Personal Data to be further processed for direct marketing purposes, you have the right to withdraw your consent at any time, free of charge and without having to provide any justification, by contacting iCure.

3. Security

iCure has implemented appropriate technical and organizational measures to safeguard your Personal Data against any accidental or illicit destruction, loss, modification, deterioration, usage, access, divulgation, and any other unauthorized processing of your Personal Data. We make every effort to protect personal information. However, you should always be careful when you submit personal or confidential information about yourself on any website, including our website.

4. The data retention period and the conditions for deletion

iCure will not retain your Personal Data, as collected, and processed in accordance with this Privacy Policy, for a period longer than necessary to fulfill the purposes described above.

For the Administrative Data from the contact form completed by the Visitor (as described in section 2.1 of this Privacy Policy), these Data shall be stored for a maximum period of 1 month from the completion of the form.

For the Personal Data from the Email completed by the Visitor (as described in section 2.2 of this Privacy Policy), these Data shall be stored for a maximum period of 2 months from the completion of the form.

For the Personal Data from the Newsletters completed by the Visitor (as described in section 2.3 of this Privacy Policy), these Data shall be stored for a maximum period of 11 months from the date of your consent or until you withdraw it.

5. Your rights

You are entitled to access your Personal Data processed by iCure and request their modification or erasure if it is incorrect or unnecessary. To exercise your rights, you may get in touch with iCure by using the electronic contact form available on our website or send a written and signed request to iCure at the email address privacy@icure.com with a copy of your ID or other identification documents, and any document proving that you are the data subject.

In general, where applicable, you also have the right to withdraw consent to the processing at any time. This withdrawal does not affect the lawfulness of processing based on consent made prior to such withdrawal. In certain cases, you also have the right to data portability. Those rights can be exercised by following the abovementioned procedure.

You have the right to lodge a complaint with a supervisory authority, in the Member State of the European Union of your usual place of residence, your place of work, or the place where the violation occurred, if you consider that the processing of personal data relating to you infringes Data Protection Law.

Please, note that the term of processing of such request can take up to one month. Contact: privacy@icure.com

6. Modification

iCure expressly reserves the right to modify this Privacy Policy and you undertake to regularly review the Privacy Policy. By amending the Privacy Policy, iCure will consider your legitimate interests. You will receive a notification if the Privacy Policy is modified. By continuing to actively use the iCure Services after such notification, you acknowledge that you have read the modifications to the Privacy Policy.

7. Information Sharing

Our employees and/or authorized contractors are the people in charge of the Data Processing.

iCure does not sell, rent, or lease any individual’s personal information or lists of email addresses to anyone for marketing purposes, and we take commercially reasonable steps to maintain the security of this information.

However, iCure reserves the right to supply any such information to any organization into which iCure may merge in the future or to which it may make any transfer in order to enable a third party to continue part or all of its mission.

We also reserve the right to release personal information to protect our systems or business when we reasonably believe you to be in violation of our Terms of Use and Privacy Policy or if we reasonably believe you to have initiated or participated in any illegal activity.

In addition, please be aware that in certain circumstances, iCure may be obligated to release your personal information pursuant to judicial or other government subpoenas, warrants, or other orders.

8. Links to other Websites

This Website may provide links to third-party websites (Instagram and Linkedin) for the convenience of our users. If you access those links, you will leave this website. iCure does not control these third-party websites and cannot represent that their policies and practices will be consistent with this Privacy Policy. For example, other websites may collect or use personal information about you in a manner different from that described in this document. Therefore, you should use other websites with caution and do so at your own risk. We encourage you to review the privacy policy of any website before submitting personal information.

9. Cookies

To get more information on how iCure uses Matomo’s cookies, please check our Cookie Notice.

10. Contact

Please contact us with any questions or comments about this Policy, your Personal Data, and our use and disclosure practices by email at privacy@icure.com If you have any concerns or complaints about this Policy or your Personal Data, you may contact our DPO at privacy@icure.com.

Please, note that the term of processing of such request can take up to one month.

iCure SA

Contact : privacy@icure.com

Last update: July the 26th, 2023.

Information Security Policy


1. Introduction

The iCure universe is built on trust. Guaranteeing the confidentiality of the data that are entrusted to us is our highest priority.

The Information Security Policy of iCure abstracts the security concept that permeates every activity and abides by the ISO 27001:2013 requirements for Information Security, so that we ensure the security of the data that iCure and its clients manage.

Every employee, contractor, consultant, supplier and client of iCure is bound by our Information Security Policy.

2. Our Policy

iCure is committed to protecting the confidentiality, integrity and availability of the service it provides and the data it manages. iCure also considers protecting the privacy of its employees, partners, suppliers, clients and their customers as a fundamental security aspect.

iCure complies with all applicable laws and regulations regarding the protection of information assets and voluntarily commits itself to the provisions of the ISO 27001:2013.

3. Information Security Definitions

Confidentiality refers to iCure’s ability to protect information against disclosure. Attacks, such as network reconnaissance, database breaches or electronic eavesdropping or inadvertent information revealing through poor practices.

Integrity is about ensuring that information is not tampered with during or after submission. Data integrity can be compromised by accident or on purpose, by evading intrusion detection or changing file configurations to allow unwanted access.

Availability requires organizations to have up-and-running systems, networks, and applications to guarantee authorized users’ access to information without any interruption or waiting. The nature of data entrusted to us requires a higher-than-average availability.

Privacy is the right of individuals to control the collection, use, and disclosure of their personal information. Our privacy policies are based on the GDPR(https://gdpr-info.eu/) and can be augmented by added requirements of specific clients or law areas.

4. Risk Assessment

The main threats iCure is facing as a company are:

  1. Data Theft;
  2. Data Deletion;
  3. Denial of Service attacks;
  4. Malware;
  5. Blackmail and Extortion.

As providers of a solution used by developers active in Healthcare, we also have to anticipate the risks of:

  1. Attacks on our clients’ data, which could lead to major social damages and a loss of trust in our solution;
  2. Abuse of our solution by ill-intentioned clients, that could impact the quality of the service provided to the rest of our clients.

The motivation of the attackers in the latter cases can range from financial gain to political or ideological motivations.

A last risk is linked to the nature of the healthcare data we handle. We must ensure, that the data we handle are not used for purposes other than those for which they were collected:

A piece of data collected from a patient for the purpose of a medical consultation should not be available to third parties, not even a government agency.

5. Risk Management

The main principles we apply to manage the risks we face are:

  1. Confidentiality by design: All sensitive data is encrypted end-to-end before being stored in our databases. We do not have any access to the data we store. Our client’s customers are the only ones who can decrypt the data we store.
  2. Anonymization by design: Healthcare information that has to be stored unencrypted is always anonymized using end-to-end encryption scheme. This means that the link between the healthcare and administrative information must be encrypted.

Those two principles allow us to minimize the risks of data theft, blackmail, extortion, and coercion by government agency.

  1. Multiple real-time replicas, with automatic failover: We use a distributed database architecture to ensure that our data is available at all times. We use a master-master architecture, each data is replicated at least 3 times. Snapshots are taken every day to ensure that we can restore the data in case of a malevolent deletion event.
  2. Automatic password rotations: no single password can be used for more than 48 hours. Passwords are automatically rotated every 24 hours. In case of a password leak, we can limit the window of opportunity for an attack.

Those two principles allow us to minimise the risks of data deletion, denial of service attacks, and malware.

  1. Minimization of the attack surface: we deploy our systems in the most minimal way. We only expose the network services that are strictly necessary.
  2. Strict dependency management: we only use open-source software that is regularly updated and audited by the community. We favor dependency management software and providers that minimize the risk of supply chain poisoning.

Those two principles allow iCure to minimise the risks of intrusion by vulnerability exploit or supply chain attacks, two risks that could lead to data theft or data deletion.

6. Further Information

This policy is valid as of November 10th, 2022. For futher information please connect with us at privacy@icure.com


iCure SA

Rue de la Fontaine 7, 1204 Geneva, Switzerland


This website uses cookies

We use only one cookie application for internal research on how to improve our service for all users. It is called Matomo, and it stores the information in Europe, anonymized and for limited time. For more details, please refer to our and .