Please send an e-mail to fire@usz.ch

Important: If you participate in the FIRE project, there is no effort on your part, as the export of the data takes place automatically in the background and coding of your diagnoses is not necessary.

The Institute of Primary Care of the University of Zurich attaches great importance to compliance with the relevant applicable data protection provisions, in particular in the Federal Data Protection Act (DPA), the Cantonal Information and Data Protection Act (IDA) and the Federal Human Research Act (HRA) as well as their associated ordinances at federal and cantonal level.

The Institute of Primary Care undertakes all necessary information security efforts to protect the data through appropriate organizational and technical measures. In particular, it provides a secure database server at the University of Zurich (based on ISO 27001 certification), to which the data from the electronic health record of the FIRE participants are automatically exported and uploaded. Further processing of the FIRE data takes place on servers at the University Hospital of Zurich (also based on ISO 27001 certification) as well as on a server at the Institute of Primary Care (within the University Hospital Zurich network) specifically designated for this project. The Institute of Primary Care also ensures that access to the FIRE data is only possible for researchers, staff and medical personnel involved in the FIRE project. It informs the FIRE participants immediately about special incidents (e.g. data loss, hacker attack, unauthorized access).

The FIRE project has been reviewed by the Cantonal Ethics Committee of the Canton of Zurich (BASEC No. Req-2017-00797) and by the Data Protection Law Department of the University of Zurich. Due to the automatic anonymization of the data during extraction («hashing» of the patient ID, a mathematical procedure to encrypt the patient ID), it is not possible to draw conclusions about the patients. The data are thus irreversibly anonymized. Consequently, in application of the HRA, the patients' consent to the export of the data sets is not required.

In addition, all requirements of art. 31 para. 2 lit. e of the revised DPA are met (so-called research privilege: processing of personal data for non-personal purposes for research/patients affected cannot be identified by the Insitute of Primary Care).

Find out who is behind the FIRE team here.