Your family-friendly general practice in the Tyrolean Unterland.

✉ Medflex
☎ Phone Assistant
? Frequently Asked Questions
✦ Satisfaction
⇄ Travel Medicine ✈

Data protection at Familienpraxis Tirol

🛡️ Data protection & data security at Familienpraxis Tirol

As a medical practice, we work every day with particularly sensitive information: your health data. We can only live up to this responsibility if data protection is understood not as a tiresome obligation, but as the foundation of our work. That is why we invest consistently in infrastructure that goes far beyond what is usual in a general practice – with self-hosted systems, European providers and modern encryption methods.

📉 1. Data minimisation as a core principle

We only collect and store information that we actually need for your medical care. No data stockpiling “just in case”, no disclosure without your explicit consent. This principle of data minimisation is anchored in the GDPR – and we apply it consistently.

🔐 2. Patient management with multiple layers of protection

Our practice software CGM Maxx is operated via a certified, end-to-end encrypted data centre in Germany. Access to your data is secured in several ways:

  • Access only from a small number of named, registered devices within the practice
  • Every device carries an individual client certificate – unknown devices are rejected even with the correct password
  • Personal login for every staff member and physician – every action is logged and traceable

💬 3. Secure communication across all channels

Classic email is not suitable for medical communication – it is unencrypted and routed through numerous servers without us being able to control who gains access. That is why we use specialised, secure solutions for every communication channel:

  • Patient communication: via Medflex – a German, GDPR-compliant platform specifically designed for medical data exchange with end-to-end encryption. Available at kontakt.familienpraxis.tirol.
  • Internal team communication: via Threema Work from Switzerland – fully anonymous, without phone number or email association, end-to-end encrypted.
  • Email traffic (administration, some internal communication, ordering, NO patient-related communication): via Proton Mail from Switzerland with zero-access encryption.

🧠 4. Zero-access encryption: what it really means

With conventional email providers such as Gmail or Outlook, your messages sit readable on the provider’s servers. In theory and in practice, the operator can read along – or be forced to grant access.

Zero-access encryption means: messages are encrypted already on your device and can only be decrypted by the recipient. The provider itself – in our case Proton – has no access. Even if a court were to order disclosure, no readable content could be handed over, because it simply does not exist.

🏠 5. Self-hosted infrastructure – control stays within the practice

Many modern practices rely on cloud services from American providers for appointment scheduling, document storage or team communication. We take a different path: many of our central digital systems we operate ourselves – on hardware located in Austria, under our direct control.

  • Our own firewall with strict network segmentation: practice network, guest network and management are fully separated from one another
  • Encrypted VPN connections for external access – no device gets in unchecked
  • Daily, encrypted backups to redundant systems – additionally secured offsite

Services we do not operate ourselves we source exclusively from European companies bound by GDPR.

📊 6. Website statistics without data leakage

We deliberately do without Google Analytics, Facebook Pixel and similar trackers. Instead, we use Matomo – a privacy-friendly statistics tool that we run on our own servers. Visitor data never leaves our infrastructure, and we only collect what is necessary to improve the website.

🌍 7. Consistently European providers

When selecting every single service provider, we prefer – in this order – Austrian, European and, where unavoidable, trustworthy international providers with European data centres. The so-called US Cloud Act, which gives US authorities access to data held by American companies, plays no role for us – because we simply do not use such services for patient-related content.

❤️ Modern medicine and consistent data protection belong together

All of these measures are demanding. They cost time, money and ongoing engagement with new developments. We consider this effort self-evident – because your health data is among the most sensitive information there is.

At the same time, we want to be honest: technical data protection is one side of the coin. The other is discretion in everyday practice life – at reception, in the waiting area, in conversation. We are aware that a busy public-insurance general practice faces particular challenges here, and we continuously work to handle these aspects as well as possible.

If you have questions about how we handle your data, or concrete observations you would like to share with us, please do not hesitate to get in touch. We will take the time. We promise.