Health Data Hosts certification
On 1st April 2018, the health institution have been confronted to a new certification that is called « health data hosting » (HDS) which replaces accreditation issued by ASIP santé.
The HDS certification allows to guarantee the security of health data which are considered as sensitive data and guarantee the quality of service of health hosts. All public and private organizations that process health data must be certified, in contrary, the hospitals that treat themselves patient data, they don’t need this certification. There are two types of certification, depending on the activity:
- Host physical infrastructure: concerning the activities who have the physical infrastructure.
- Host managed services: for activities that have a virtual storage infrastructure or software platform.
What are the advantages of this certification?
Today, all health facilities choose a certified host to store their data as that presents several advantages. For example, allows the patient not only to secure his data but to know the purpose of their treatment. This certification, guarantees that the host complies with standards such as ISO 27001 which specifies management information security, ISO 20000 which requires management quality of service and other international standards. In total, there are more than 86 000 standards.
What is the HDS certification process?
Before the host has the certification and after the validation of the HDS project with the perimeter, it goes through several phases:
- The host must participate in several training courses, which allows to understand the HDS project and process.
- The health data host must implement an information security management system (SMSI) conform to certification HDS.
- They must control the deviation measurements of this SMSI compared to the certifications, and this is done 2 months before the certification audit.
- The implementation of the documentary audit as well as compliance audit, in order to know the points to rectify.
- The audit verifies the conformity of the audit and the application file.
- Finally, the health data host obtains HDS and ISO027001 certification, while the perimetre the Host physical infrastructure or Host managed service.