Personal Health Data Hosting Provider
EpiConcept has put into place a data security policy that fulfils the legal and ethical requirements associated with hosting personal medical files.
EpiConcept operates IT systems originating from Information Security Management System (ISMS) practices in order to guaranty the availability, completeness, and the confidentiality of data to whom it is entrusted.
Since 11 May 2012, EpiConcept has been a state-certified “Personal health data hosting provider.” The certification has been granted by the ministry of health, after a substantiated recommendation by a CNIL (National Commission for informatics and personal liberties) certification committee for a duration of three years. The limits of this certification for EpiConcept concern the applications developed based on the Voozanoo framework. The technical requirements in terms of security, risk analysis, and an established Information Systems Security Policy to obtain this certification are very close to those required for the ISO 27001 norm. (Link to the ASIP health agency)
Organizing the security system
EpiConcept has adopted the following measures:
- steering committee creation
- security diagnosis at each level (development platform, development, hosting)
- definition of a workgroup to cover the risks (practices formalization , security management processes, employee training plan)
- accompaniment by security experts (some of whom from HS Consultants)
Hosting platform architecture
All development at EpiConcept starts with the Voozanoo framework. Security measures include:
- systematic use of encryption
- network segmentation by use of distinct sub-networks
- choice of operating systems known for their robust nature and then optimised by experts
- immediate security updating of open source tools
- security training for software developers
For more information please contact our chief information security officer at contact-pssi@epiconcept.fr.