GUARANTEED GLOBAL COMPLIANCE AT THE SERVICE OF YOUR E-HEALTH PROJECTS
GOVERNANCE OF PERSONAL HEALTH DATA
At the time of the digital transformation of health, the exponential growth of data volumes requires ever more powerful and agile technological resources in order to exploit them at their fair economic and scientific value. Global data governance is therefore essential in order to oversee the valuation and processing of data.
Aware of the security issues for health manufacturers, we support our clients in defining a global governance of personal health data, based on compliance with AICA criteria:
- Availability: The data is accessible at all times by authorized users.
- Integrity: The data is protected against any alteration or involuntary destruction or accidental deletion during their collection, processing, backups, restitutions. Data must be uncorrupted and from trusted sources.
- Confidentiality: Only authorized persons have access to the data. A rights and access management policy according to the level of legal authorization must be followed.
- Auditability: Logging of actions must be implemented at the application level (logs of actions executed at the application level).
Our data governance practices allow our clients to optimize the efficiency of the exploitation of health data in compliance with international regulatory requirements: HDS certification: 2018, ISO 27001 and GDPR regulatory framework in Europe; HIPAA in the United States; CSL and PIPL in China.
Learn more about our certifications
Euris allows you to build your healthcare IT project from start to finish, from the design phase to the industrialization phase. Our expertise in digital health allows us to best support you in the development of your e-health service, by following the concepts of “Privacy by Design” and “Privacy by Default“. Indeed, it is essential to integrate the protection of health data from the design of new e-health services, while guaranteeing by default the highest possible level of security.
Dr Benoît Lamblin, doctor hosting the Health Cloud offer, explains his role and the challenges in the exploitation of health data for practitioners and patients.
CONNECTED HEALTH OPERATOR
For more than 20 years, Euris has supported healthcare manufacturers in their hosting and 24/7 outsourcing projects for their platform. Euris facilitates the development of e-health services while ensuring compliance with health data constraints.
Our multi-territory hosting infrastructure allows us to support our customers around the world for the implementation of industrialized digital health services.
Thus, Euris creates and operates a set of IT services to meet the challenges of the digital transformation of health. Through a marketplace of e-health services unique in Europe, Euris provides its customers with turnkey technological and digital bricks in HDS compliance. Under a global and unique contract, our customers can very easily develop their e-health project for the
deployment and development of their solution, without having to resort to external service providers.
COMPLIANCE WITH GXP REQUIREMENTS
The term GxP is a general abbreviation for “good practice” recommendations and regulations referring to regulations and guidelines that apply to life science organizations producing food and medical products, such as drugs, medical devices and medical software applications. The overall objective of the GxP requirements is to ensure that medical and food products are safe for consumers and to ensure the integrity of data used to make product safety decisions.
Since GxP certification for healthcare data hosting providers does not exist, Cloud Santé® has established a GxP compliance control approach, based on the requirements determined in Title 21 part 11 of the FDA’s CFR for United States of America which contains requirements for computerized systems that create, modify, maintain, archive, retrieve, or distribute electronic records to support GxP-regulated activities. This approach is also based on the various certifications and compliances obtained by Cloud Santé (ISO 27001, HDS, HIPAA, RGPD, etc.).
Part 11 was created to enable the adoption of new computing technologies by FDA-regulated life science organizations, while at the same time providing a framework to ensure that electronic GxP data is reliable.
These requirements relate, in general, to the authenticity, integrity and confidentiality of electronic data. Euris Cloud Santé has based its Information System security system on the DICA criteria (Availability, Integrity, Confidentiality and Auditability)
|Responsibilities and Organization|| An organization based on management’s commitment to IS security and data protection with a security committee
Identified responsibilities, a regulatory watch and compliance approach, a strict recruitment process with identification
|System management|| A system managed through risk analysis and continuous improvement
Infrastructure monitoring (network, hardware and operating system)
|Staff management|| A strict recruitment process with an identification of the required skills, qualifications, checks, assessments are carried out throughout the recruitment process
Business and IT security training is provided
|Recordings and reports|| A centralized logging system, on dedicated equipment
Access logs, infrastructure, accounts, applications, etc.
A monitoring system allowing the supervision of the infrastructure (network, hardware and operating system)
|Quality Audits|| An information systems management system is in place, our policies oversee operational processes. These are reviewed annually during compliance checks
The system is audited (externally) at least 3 times a year
4 PCA tests per year
|Supplier Ratings|| An assessment of suppliers
A verification of the required qualifications
|Limited access system||Identified and separated responsibilities (empowerment and rights matrix) as well as a validation and control process|
|Change control|| All infrastructure changes are validated as part of the monitoring process
All changes to services made to our customers are validated via processes appropriate to safety within the HDS framework via recipes
|Backup and Restore|| Redundant backup system
Monthly restore test
|Security management|| A totally redundant system (infrastructure, data, backup)
Secure, tracked and controlled physical access
Two-factor logical access, defined restrictions to sensitive data and controlled
Backups and restore test
24/7 monitoring supplemented by event logging
|Incident management|| A totally redundant system (infrastructure, data, backup)
Crisis management organization
Following the identification of an incident, a qualification stage is opened to allow processing, the closure of the incident will be formalized by a feedback document and follow-up of the action plan