General Security Policy for HIS

The General Security Policy for Health Information Systems (PGSSI-S) provides a common framework for securing information systems in the health sector.

Getting started

The rapid development of the use of information technologies in the field of health has been accompanied by a significant increase in the threats and risks to information stored in electronic form.

In response to these risks, the French government is developing a general security policy for health information systems (PGSSI-S), in consultation with all stakeholders, in order to define the framework for securing HISs.
These documents are the fruit of working groups consisting of representatives from institutions, healthcare establishments and industrial companies as well as healthcare professionals.

It provides a framework for:

  • helping project leaders define the expected security levels
  • enabling manufacturers to specify the security levels proposed in their offers
  • supporting health structures in defining and implementing their IS security policy

Pragmatic and realistic, the guidelines and most of the practical guides are broken down into levels: A minimum level and progressive levels, allowing project leaders to gradually improve the security of their projects.

It is regularly updated to take account of industrial, technological and regulatory developments as well as changing patterns of use.

In practice

Any person or entity involved in the development and/or maintenance of health information systems must keep themselves informed of the security requirements to be implemented.

When ?

As early as the design phase of a project or a solution involving a health information system (or as early as the call for tenders if there is one), the security requirements specific to the sector must be taken into account by consulting the PGSSI-S.

Healthcare organisations must also take into account the principles of the PGSSI-S when developing their information system security policy and keep themselves regularly informed of new developments.


Article L1110-4 of the Public Health Code

The scope of the PGSSI-S is defined in article L1110-4-1 of the Public Health Code.

Read article L1110-4-1 of the Public Health Code

Questions fréquentes


Our experts on the subject

Alain Espinoux,

Agence du Numérique en Santé

Vincent Croisile,

Agence du numérique en santé

G_NIUS saves you time

Tools to help you with your project.

Finding your way around the technical framework

The technical framework describes the actions in the ministerial roadmap for the eHealth shift.

Access the Framework Compass