Euris Health Cloud is certified for Healthcare Data Hosting (HDS) & ISO 27001
Euris Health Cloud is certified for Health data infrastructure hosting activities and managed services, which consists in secure hosting and managing services in its datacenters and in hybrid cloud (for instance in AWS and MS Azure datacenters) of personal health data, collected or produced by editors, services providers or patients. More precisely, Euris Health Cloud achieved certification in the following areas:
1. the provision and maintenance in operational condition of physical sites for hosting the hardware infrastructure of the information system used to process health information;
2. the provision and maintenance in operational condition of the hardware infrastructure of the information system used to process health information;
3. the provision and maintenance in operational condition of the virtual infrastructure of the information system used to process health information;
4. the provision and maintenance in operational condition of the platform for hosting information system applications;
5. the management and operation of the information system containing health information;
6. the backup of the health information
This is in accordance with the statement of applicability v1.1 of 15/04/2019
HIPAA compliance (USA)
HIPAA (Health Insurance Portability and Accountability Act) is a US federal law related to privacy and protection of physical health information (PHI). Adopted in 1996, it has been completed several times, as in 2009 with HITECH (Health Information Technology for Economy and Clinical Health) and in 2013 with the Finale Omnibus Rule, creating new obligation such as shared liability or data breach notification.
The purpose of this legislation, commonly known as HIPAA, is to ensure that health providers, as well as companies working with them, are aware of the importance of health data and have an environment that is conducive to their protection, both at the level of privacy and security. It also recognizes a shared responsibility between Cover Entities and their Business Associates, and also with their Subcontractors. That’s why the use and disclosure of this data are defined by this legislation.
One of Euris Health Cloud’s priorities is to maintain our various conformities in order to meet the demands of our customers.
This is why we regularly realize risk analysis and privacy impact assessments, to ensure that we are continuously in compliance with legal and technical frameworks we are subject to as a health data service provider.
Thus, Euris Health Cloud complies with the provisions imposed by the HIPAA, both in terms of “Privacy” (strictly controlled use of personal health data, no unauthorized disclosure, respect for confidentiality, limited access to a certain number of people only for cases defined by law or contract, etc.) than “Security” (“Physical, Administrative and Technical safeguards” above, in addition to “HDS” (Hébergement de Données de Santé – “Health Data Service Provider) French law and ISO / CEI 27001 security standards).
CSL compliance (China’s Cybersecurity Law)
The Cybersecurity Law of the People’s Republic of China was officially implemented on June 1, 2017. The CSL is an evolution of the previously existent cybersecurity rules and regulations from various levels and fields, assimilating them to create a structured law at the macro-level.
The Cybersecurity Law also provides elaborate regulations and definitions on legal liability. For different types of illegal conduct, the Law sets a variety of punishments, such as fines, suspension for rectification, revocation of permits and business licenses, and others.
Although the new Cybersecurity Law is not a centralized law that regulates all aspects of data and privacy protection across all businesses, it gives clearer legal guidance on the issues related to cybersecurity and privacy protection in China.