Votre question concerne quel type d'offre ?
Votre question concerne quel couloir Ségur ?
Votre question concerne quel dispositif Ségur ?
Votre question concerne quel produit ou service produit?
Votre question concerne quelle thématique ?
All the rules are set out in the HDS certification – Accreditation reference system and the COFRAC’s "Exigences spécifiques pour l’accréditation des organismes procédant à la certification de systèmes de management dans le domaine des technologies de l’information" (Specific requirements for structures that certify management systems in the information technology sector), available in our Documentation section.
To find out more about the list of certified and accredited bodies, click on the links below.
Cette réponse vous a-t-elle été utile ?
There are 6 types of activities that make you eligible as a health data host:
- providing and monitoring the operations of a physical site that hosts the material infrastructure of the IS used to treat health data;
- providing and maintaining the structural material used by the IS to host health data;
- providing and maintaining a platform that hosts the IS applications;
- providing and maintaining a digital structure for the IS which hosts health data;
- the administration and exploitation of the IS which contains the health data;
- health data backup services.
The full list of HDS-certified activities is available here:
Cette réponse vous a-t-elle été utile ?
To make sure your software complies with the guidelines required to implement INS into software, several documents are available:
Cette réponse vous a-t-elle été utile ?
Health CERT operates on weekdays between 9am and 6pm. Aside from these working hours, it is possible to contact the ANSSI to signal risks.
CERT Santé
+33 (0)9 72 43 91 25
Agence du Numérique en Santé
9 rue George Pitard, 75015 Paris
Cette réponse vous a-t-elle été utile ?
Yes. The ANS has a video platform with training material, including cybersecurity support. You will find information about cybersuveillance auditing, how to signal a security risk, how to increase your password security, and how to identity malicious email.
Cette réponse vous a-t-elle été utile ?
The evaluation is done in two phases. It is conducted by the certifying body, which must verify the compliance with the certification requirements set out in the HDS Certification document (available below).
The audit also verifies the specific requirements for health data hosting are being met.
Cette réponse vous a-t-elle été utile ?
Our partner, the GIE Sesam-Vitale, is here to provide you with support and answer your questions about your software project, how to integrate INSi, or solve any potential technical setbacks.
The helpdesk is available by phone at +33 (0)2 43 57 42 88, from 9am to 12noon, and from 2pm to 6pm, Monday to Friday. You may also send an email to centre-de-service@sesam-vitale.fr.
Cette réponse vous a-t-elle été utile ?
In order to make the check lists more transparent and reduce the risk of seeing your Ségur application denied, we have published a document listing common mistakes, which is available below:
Cette réponse vous a-t-elle été utile ?
Healthcare industrials and software publishers are encouraged to contact Health CERT if they discover a security incident or potential malware. CERT provides assistance and support to resolve such issues. CERT also assists you in your communications to health structures.
Cette réponse vous a-t-elle été utile ?
Upgrading your products allows you to offer your customers a solution that complies with current regulations. Failure to meet this requirement will have several impacts:
-
Your customers will not incorporate the INS into their software, which will entail possible penalties with regard to several systems (Ségur Wave 1, HOPEN, portal listing in Mon Espace Santé, etc.) ;
-
Your customers will not be in compliance with the law. They will therefore be responsible for any errors in the identification of their patients and users ;
-
Sharing health data by your customers will be more time consuming ;
-
The identity used by your customers may not be the right one, for instance if a patient uses their married name or if the patient is a child registered under their parent’s social security number.
Cette réponse vous a-t-elle été utile ?