General Security Policy for HIS
The General Security Policy for Health Information Systems (PGSSI-S) provides a common framework for securing information systems in the health sector.
The rapid development of the use of information technologies in the field of health has been accompanied by a significant increase in the threats and risks to information stored in electronic form.
In response to these risks, the French government is developing a general security policy for health information systems (PGSSI-S), in consultation with all stakeholders, in order to define the framework for securing HISs.
These documents are the fruit of working groups consisting of representatives from institutions, healthcare establishments and industrial companies as well as healthcare professionals.
It provides a framework for:
- helping project leaders define the expected security levels
- enabling manufacturers to specify the security levels proposed in their offers
- supporting health structures in defining and implementing their IS security policy
Pragmatic and realistic, the guidelines and most of the practical guides are broken down into levels: A minimum level and progressive levels, allowing project leaders to gradually improve the security of their projects.
It is regularly updated to take account of industrial, technological and regulatory developments as well as changing patterns of use.
Any person or entity involved in the development and/or maintenance of health information systems must keep themselves informed of the security requirements to be implemented.
As early as the design phase of a project or a solution involving a health information system (or as early as the call for tenders if there is one), the security requirements specific to the sector must be taken into account by consulting the PGSSI-S.
Healthcare organisations must also take into account the principles of the PGSSI-S when developing their information system security policy and keep themselves regularly informed of new developments.