Votre question concerne quel type d'offre ?
Votre question concerne quel couloir Ségur ?
Votre question concerne quel dispositif Ségur ?
Votre question concerne quel produit ou service produit?
Votre question concerne quelle thématique ?
The list of connected services is available online.
Cette réponse vous a-t-elle été utile ?
Guarantees are set out on the dedicated page.
Cette réponse vous a-t-elle été utile ?
Health CERT operates on weekdays between 9am and 6pm. Aside from these working hours, it is possible to contact the ANSSI to signal risks.
CERT Santé
+33 (0)9 72 43 91 25
Agence du Numérique en Santé
9 rue George Pitard, 75015 Paris
Cette réponse vous a-t-elle été utile ?
Yes. The ANS has a video platform with training material, including cybersecurity support. You will find information about cybersuveillance auditing, how to signal a security risk, how to increase your password security, and how to identity malicious email.
Cette réponse vous a-t-elle été utile ?
In order to request test products for certificates (CPS cards and test software certificates) issued by the IGC-Santé, go to our service page for the IGC-Santé.
Cette réponse vous a-t-elle été utile ?
It is compulsory to have an individual CPx-type card to log in to the INSi teleservice. Three types of cards are supported: CPS, CPE, CPF.
Cette réponse vous a-t-elle été utile ?
CPx cards issued before December 2020 have a contactless chip that prevents from overwriting its code.
The new CPS R3V3 cards that are now in circulation have a Mifare Desfire chip. These cards can stock crypto-secret keys that work with the Mifare Desfire protocol.
All the information about this feature is available in the Manual to deploy contactless CPx cards (available to download below). One must be cautious about the data inserted in the chip’s writing code.
We strongly advise against using this section of the chip to stock access rights. The ANS recommends you to use the ANSSI guidelines on using a "transparent" reader in connected mode. This does not involve a cryptographic protocol during a badge authentication – only the UTL (logic treatment unit) takes part in the cryptographic protocol.
ANSSI advises against setting up a “smart” badge allowing a double authentication breaking from the UTL.
All the recommendations on securing systems for physical access and video projection are available in the document below, "Recommendations on securing systems for physical and video projection access".
Cette réponse vous a-t-elle été utile ?
Healthcare industrials and software publishers are encouraged to contact Health CERT if they discover a security incident or potential malware. CERT provides assistance and support to resolve such issues. CERT also assists you in your communications to health structures.
Cette réponse vous a-t-elle été utile ?
Generally speaking, the PGSSI-S needs to be applied as soon as personal health data are being handled. It is relevant to the public sector as well as the private sector, health professionals, workers of the social-health and social sectors, healthcare establishments and service providers.
As a patient, the PGSSI-S is a seal of guarantee on the accountability of digital health ecosystems.
Cette réponse vous a-t-elle été utile ?
Complying with the PGSSI-S frames of reference is either required by law (if the documents have been approved by a ministerial decree) or meant to be followed on a short-term basis until the documents are approved by the ministry.
Cette réponse vous a-t-elle été utile ?
There are several levels of requirements for a module’s integration into the Hospital Information System.
The main requirements set out by the referential are:
- Interfacing, control, security guidelines;
- Prescription process requirements;
- National prescription thesaurus integration requirements;
- Requirements regarding medico-economic and decision processes;
- Guidelines for ergonomics, functions, and notification alerts;
- Settings function requirements.
In total, 139 requirements are used to reach the minimal level of security needed for a solution’s integration into the hospital information system.
Cette réponse vous a-t-elle été utile ?
The current referential (2017) was written with industry experts. It introduces the particular context of this mission and the goals to reach in order to improve safety measures in neonatology and paediatric reanimation. The referential walks you through the fundamental concepts you need to grasp to understand the several requirements and protocols involved with software development for this sector.
Cette réponse vous a-t-elle été utile ?
Neonatology is a high-risk practice for two main reasons:
- The patients are extremely fragile (premature babies)
- 50% of the drugs used in the sector have yet to receive a marketing authorisation.
A survey conducted in 2014 evidenced a risk in the prescription process across the sector. The digitalisation of prescription is among the 41 recommendations that the report issued in order to increase safety levels.
Cette réponse vous a-t-elle été utile ?
The certificates that the ANS issues are an official means to identify the players of the health sector, persons and organisations. Certificates also act as a seal of quality, making sure that the issuing cryptographic key infrastructures (CKP) are conform to the sector’s best practice standards. Certificates can be revoked in case of failure to comply.
Cette réponse vous a-t-elle été utile ?
No, a person may only have one e-CPS card at a time.
Cette réponse vous a-t-elle été utile ?
The CPS card and e-CPS are two complementary means of authentication. A person may use both at the same time, or one or the other according to their preference.
Cette réponse vous a-t-elle été utile ?
The ANS offers 4 types of software certificates:
- Legal person (Organisation)
- Legal person (Server)
- Natural person (Professional)
- Natural person (Health Professional)
Cette réponse vous a-t-elle été utile ?
This midware allows the interfacing between computer applications, such as the Vivoptim doctors portal and the CPS card.
Cette réponse vous a-t-elle été utile ?