To make sure your software complies with the guidelines required to implement INS into software, several documents are available:

Health CERT operates on weekdays between 9am and 6pm. Aside from these working hours, it is possible to contact the ANSSI to signal risks. 

CERT Santé 
+33 (0)9 72 43 91 25 
Agence du Numérique en Santé 
9 rue George Pitard, 75015 Paris

Yes. The ANS has a video platform with training material, including cybersecurity support. You will find information about cybersuveillance auditing, how to signal a security risk, how to increase your password security, and how to identity malicious email.

Our partner, the GIE Sesam-Vitale, is here to provide you with support and answer your questions about your software project, how to integrate INSi, or solve any potential technical setbacks. 

The helpdesk is available by phone at +33 (0)2 43 57 42 88, from 9am to 12noon, and from 2pm to 6pm, Monday to Friday. You may also send an email to centre-de-service@sesam-vitale.fr.

In order to make the check lists more transparent and reduce the risk of seeing your Ségur application denied, we have published a document listing common mistakes, which is available below:

Healthcare industrials and software publishers are encouraged to contact Health CERT if they discover a security incident or potential malware. CERT provides assistance and support to resolve such issues. CERT also assists you in your communications to health structures.

Generally speaking, the PGSSI-S needs to be applied as soon as personal health data are being handled. It is relevant to the public sector as well as the private sector, health professionals, workers of the social-health and social sectors, healthcare establishments and service providers. 

As a patient, the PGSSI-S is a seal of guarantee on the accountability of digital health ecosystems.

Complying with the PGSSI-S frames of reference is either required by law (if the documents have been approved by a ministerial decree) or meant to be followed on a short-term basis until the documents are approved by the ministry.

Upgrading your products allows you to offer your customers a solution that complies with current regulations. Failure to meet this requirement will have several impacts: 

• Your customers will not incorporate the INS into their software, which will entail possible penalties with regard to several systems (Ségur Wave 1, HOPEN, portal listing in Mon Espace Santé, etc.) ; 

• Your customers will not be in compliance with the law. They will therefore be responsible for any errors in the identification of their patients and users ; 

• Sharing health data by your customers will be more time consuming ; 

• The identity used by your customers may not be the right one, for instance if a patient uses their married name or if the patient is a child registered under their parent’s social security number.