What is PGSSI-S?
The PGSSI-S (General Security Policy for Health Information Systems) documentation sets out a framework of eHealth security guidelines, standards and good practices.
Digitising the health sector has globally improved the patient care process. However, the State has put into place a policy of risk management to prevent potential threats. The ANS has issued a framework to secure eHealth practices, both for patients and professionals. It has several goals:
- Set out a framework project leaders can refer to when setting the required security standards;
- Enable industrial companies to specify the security levels in their products or services;
- Support healthcare facilities in defining and implementing their own information system security policies.
There are many benefits in abiding to the PGSSI-S guidelines when you create your products or services for the health, social-health and social work sectors:
- Making sure the security compliance requirements approved by the Ministry of Health are respected;
- Following the good practice guidelines, using the PGSSI-S guidebooks at your disposal, to meet the general security rules set out by the public health code, the "Informatique and Liberté” bill (Computing & Freedom) and the GDPR;
- Meeting the criteria required to receive a label or certification in these sectors;
- Encouraging your clients to follow their own good practice obligations in terms of health Information System security;
- Contributing to improving user data security, the image of health industrials, and client satisfaction.
Discover and use the PGSSI-S in 2 Minutes
The PGSSI-S is made of reference toolkits and opposable documents that set out the requirements involved in all aspects of health Information System security, as well as guides and practical support material which include guidelines about data protection.
These toolkits and practical guides are divided into levels: a minimal level and progressive levels. The aim of these documents is to make it easier for you to improve gradually the security level of your projects.
The PGSSI-S is updated frequently to adapt to industrial and technological evolutions, usage, and regulatory changes.
The PGSSI-S Documentation Corpus in 3 Steps
Read the toolkits (opposability) and guides (recommendations) that apply to the product or service being developed or distributed
Apply the requirements of the relevant toolkit and take into account the guides recommendations on your proposed product or service’s life cycle, from its conception to the end of its use.
Should the product be eligible, apply for the Ségur label
Key service dates
The Accountability Framework is updated
The e-Identification Toolkits for professionals of the health, medico-social, and social work sectors (for both moral and personal entities) are published
The e-Identification Toolkit for Users is published
The Access Control Toolkit is published
Frequently Asked Questions
The ANS answers the most common questions about PGSSI-S
There is a specific FAQ on this topic, accessible here:
Generally speaking, the PGSSI-S needs to be applied as soon as personal health data are being handled. It is relevant to the public sector as well as the private sector, health professionals, workers of the social-health and social sectors, healthcare establishments and service providers.
As a patient, the PGSSI-S is a seal of guarantee on the accountability of digital health ecosystems.
Complying with the PGSSI-S frames of reference is either required by law (if the documents have been approved by a ministerial decree) or meant to be followed on a short-term basis until the documents are approved by the ministry.
The PGSSI-S guides are not meant to be opposable. However, it is strongly recommended to meet as many of the criteria as possible, in order to create secure enough products and services, and stay in line with the general guidelines set out by the public health code and the GDPR. Moreover, it makes the compliance requirements easier to meet when you apply for a label or a certification, or request to be listed in the health professionals directories.