Patient Identification Process
Agora Care SA enforces strict procedures to verify the identity of patients using its platform. These protocols are designed to protect sensitive medical data and ensure institutions can rely on the legitimacy of patient instructions.
Scope
This page outlines identification methods used when a patient creates a new account or provides consent for data retrieval. Identification is carried out with rigor, ensuring patient data is handled securely and transparently.
Identification Use Cases
Case 1: Self-Registration on agoracare.ch
When a patient chooses to register independently:
- They enter their personal information, including full name, date of birth, postal address, email, phone number, and a chosen password.
- They must agree to the Agora Care Privacy Policy.
- A two-factor authentication (2FA) code is sent via SMS or WhatsApp, which the patient must input to proceed.
- The platform ensures consent is explicitly collected for the processing of personal data.
- A third-party identity verification provider then performs:
- A video scan of an official identity document (front and back)
- A selfie video for biometric matching with the ID document
- Once verification is complete, the account is activated, and access to the Agora Care platform is granted.
Case 2: Registration in a Partner Center
If a patient is physically present at a certified partner institution:
- An Agora Care or center staff member initiates registration.
- The patient is issued a temporary password on a sealed printed form.
- Their phone number from the center’s internal patient record is linked to their new Agora Care account for 2FA.
If remote registration is needed:
- The patient is contacted via phone or during intake.
- Upon consent, a temporary password is mailed to their home address.
- The phone number already on file is used for 2FA during account setup.
Case 3: Request by a Mandated Healthcare Professional (Agora Care PRO)
- A healthcare professional, operating under a signed subcontracting agreement with Agora Care, may request access to a patient’s medical data in preparation for a consultation.
- The agreement mandates Agora Care to collect and upload the patient’s medical images and reports to the healthcare professional’s Agora Care PRO account.
- The patient is informed of the request and selects the institutions from which their data should be retrieved.
- A power of attorney (POA) is generated and digitally signed by the patient to confirm their informed consent.
- This POA is tied to the patient’s verified phone number to maintain traceability and security.
- Once the POA is validated, the healthcare professional gains access to the requested medical records through the Agora Care PRO interface.
- Patients must register independently on the Agora Care platform and complete full identity verification in order to access the same records.
- Core personal details provided by the professional, such as the patient’s name and birthdate, are locked and cannot be altered during self-registration.
- Until the patient completes identity verification, access to the records remains exclusively available to the professional who initiated the request.
Governance and Security
Agora Care maintains ISO/IEC 27001 certification and ensures full compliance with the Swiss nLPD and the European GDPR.
Security measures include:
- Annual internal and external audits
- Regular penetration testing by third-party specialists
- Continuous staff training on data protection
A qualified and independent external Data Protection Officer (DPO):
- Monitors data practices
- Advises on legal obligations
- Communicates with authorities and affected users