Secure Health Messaging
Secure Health Messaging is an electronic messaging system reserved for authorized health professionals. It is a “trusted space” reserved for health professionals, enabling them to exchange data in a dematerialized, secure and confidential way.
Interest of secure health messaging
The secure health messaging system aims to accelerate, strengthen and modernize exchanges between health professionals in the outpatient sector and health facilities. It represents an opportunity of gain, efficiency and productivity thanks to the reduction, or even the elimination, of mailings in paper form, the speed of transmission of information and documents, the time saved by the medical secretariats
Conditions for the implementation of secure health messaging systems
1- The messaging service must guarantee the identity of the sender and the recipient
For the creation of an email account, the controller is responsible for ensuring the identity of the end-user and his legal practice of the profession. This is why the controller must ensure that the access traces to email accounts can identify the natural person who accessed the application or organizational account.
For health professionals, authentication must be done by means of a health professional card or an equivalent device approved by the body issuing the health professional card ;
For other authorized professionals, the end user must authenticate strongly, that is, by a process that requires at least two distinct authentication factors from what is known (a password for example), what we have (for example a smart card or an electronic certificate) and a characteristic of our own (for example a fingerprint).
2- The messaging service must ensure the security of messages and attachments
The system must ensure the security of messages and attachments, including the confidentiality and integrity of the data during their transfer between the authorized professionals’ station (the end user-sender and the end-user-recipient).
For this purpose, the use of encryption means in accordance with ANSSI recommendations to secure the transfer of messages and attachments is mandatory.
3- The secure health messaging service must ensure the secure storage of messages and attachments
When the treatment manager develops the secure health messaging device by himself and keeps the secure health messaging servers on his own, he is obliged to put in place the appropriate organizational and technical means.
On the other hand, when the controller is using a secure health messaging service developed and provided by a provider, he must ensure that the provider complies with all the provisions governing the use of the secure health messaging service.
Existing health secure messaging solutions
Several secure health messaging solutions like ProMess, Mailiz, and ApicryptV2 are now on the market. Some Hospitals have also developed their own secure health messaging service. This is the case of, for example, Poitiers, Limoges and Bordeaux hospitals.