General Health Information Systems Security Policy (PGSSI-S)

The PGSSI-S proposes a common framework for securing information systems in the healthcare sector.

Getting started

The rapid development of the use of informationtechnologies in the healthcare field is accompanied by a significant increase in the threats and risksof harm to information stored in electronic form.

Faced with these risks, the French government has drawn up a politique générale de sécurité des systèmes d'information de santé(PGSSI-S), in consultation with all stakeholders, to set the framework for securing SIS.
These documents are the fruit of working groups made up of institutions, representatives of establishments, healthcare professionals and industry.

It provides a framework for:

  • Assisting project sponsors in defining the expected levels of security,
  • Enabling manufacturers to precise the levels of security proposed in their offers,
  • Accompanying healthcare structures in defining and implementing their IS security policy.

Pragmatic and realistic, most of the practical guides are presented with a notion of tiers: a minimum tier and progressive tiers, enabling project managers to progressively improve the security of their projects.

The PGSSI-S also defines enforceable repositories, such as the repository for electronic identification of healthcare players and users.

It is regularly updated to adapt to industrial and technological developments, uses and regulatory changes.

In practice

Any person or entity involved in the development and/or maintenance in operational condition of health information systems must keep themselves informed of the security requirements to be implemented.

When ?

As early as the design phase of a project or solution involving a healthcare information system (or as early as the call for tenders if applicable), sector-specific security requirements must be taken into account by consulting the PGSSI-S.

.

Healthcare organizations must also take into account the principles of the PGSSI-S when drawing up their information systems security policy, and keep themselves regularly informed of developments.

Compliance

Article L1110-4 Public Health Code

The scope of application of the PGSSI-S is defined in articles L1470-1 to L1470-6 of the Public Health Code.

Consult articles L1470-1 to L1470-6 of the public health code

Frequently asked questions

Link to the PGSSI-S FAQ

Documentation

All the documents making up the General Security Policy for Health Information Systems (PGSSI-S). Go to doctrine, page 21

Our experts on the subject

Alain Espinoux,

Agence du Numérique en Santé

Vincent Croisile,

Agence du numérique en santé

Contact our experts

G_NIUS saves you time

Tools to help you with your project.

Finding your way around technical doctrine

The technical doctrine presents the actions of the ministerial roadmap for the digital shift.

Access the doctrine compass