What is PGSSI-S?
The PGSSI-S (General Security Policy for Health Information Systems) documentation sets out a framework of eHealth security guidelines, standards and good practices.
Digitising the health sector has globally improved the patient care process. However, the State has put into place a policy of risk management to prevent potential threats. The ANS has issued a framework to secure eHealth practices, both for patients and professionals. It has several goals:
- Set out a framework project leaders can refer to when setting the required security standards;
- Enable industrial companies to specify the security levels in their products or services;
- Support healthcare facilities in defining and implementing their own information system security policies.
There are many benefits in abiding to the PGSSI-S guidelines when you create your products or services for the health, social-health and social work sectors:
- Making sure the security compliance requirements approved by the Ministry of Health are respected;
- Following the good practice guidelines, using the PGSSI-S guidebooks at your disposal, to meet the general security rules set out by the public health code, the "Informatique and Liberté” bill (Computing & Freedom) and the GDPR;
- Meeting the criteria required to receive a label or certification in these sectors;
- Encouraging your clients to follow their own good practice obligations in terms of health Information System security;
- Contributing to improving user data security, the image of health industrials, and client satisfaction.
PGSSI-S in 1 click
The PGSSI-S Documentation Corpus in 3 Steps

Step 1
Read the toolkits (opposability) and guides (recommendations) that apply to the product or service being developed or distributed

Step 2
Apply the requirements of the relevant toolkit and take into account the guides recommendations on your proposed product or service’s life cycle, from its conception to the end of its use.

Step 3
Should the product be eligible, apply for the Ségur label
Key service dates
Frequently Asked Questions
The ANS answers the most common questions about PGSSI-S
There is a specific FAQ on this topic, accessible here:
Generally speaking, the PGSSI-S needs to be applied as soon as personal health data are being handled. It is relevant to the public sector as well as the private sector, health professionals, workers of the social-health and social sectors, healthcare establishments and service providers.
As a patient, the PGSSI-S is a seal of guarantee on the accountability of digital health ecosystems.
Complying with the PGSSI-S frames of reference is either required by law (if the documents have been approved by a ministerial decree) or meant to be followed on a short-term basis until the documents are approved by the ministry.
The PGSSI-S guides are not meant to be opposable. However, it is strongly recommended to meet as many of the criteria as possible, in order to create secure enough products and services, and stay in line with the general guidelines set out by the public health code and the GDPR. Moreover, it makes the compliance requirements easier to meet when you apply for a label or a certification, or request to be listed in the health professionals directories.