GUARANTEED GLOBAL COMPLIANCE AT THE SERVICE OF YOUR E-HEALTH PROJECTS

GOVERNANCE OF PERSONAL HEALTH DATA

At the time of the digital transformation of health, the exponential growth of data volumes requires ever more powerful and agile technological resources in order to exploit them at their fair economic and scientific value. Global data governance is therefore essential in order to oversee the valuation and processing of data.

Aware of the security issues for health manufacturers, we support our clients in defining a global governance of personal health data, based on compliance with AICA criteria:

  • Availability: The data is accessible at all times by authorized users.
  • Integrity: The data is protected against any alteration or involuntary destruction or accidental deletion during their collection, processing, backups, restitutions. Data must be uncorrupted and from trusted sources.
  • Confidentiality: Only authorized persons have access to the data. A rights and access management policy according to the level of legal authorization must be followed.
  • Auditability: Logging of actions must be implemented at the application level (logs of actions executed at the application level).
Certified Health Data Host

Our data governance practices allow our clients to optimize the efficiency of the exploitation of health data in compliance with international regulatory requirements: HDS certification: 2018, ISO 27001 and GDPR regulatory framework in Europe; HIPAA in the United States; CSL and PIPL in China.
Learn more about our certifications

Euris allows you to build your healthcare IT project from start to finish, from the design phase to the industrialization phase. Our expertise in digital health allows us to best support you in the development of your e-health service, by following the concepts of “Privacy by Design” and “Privacy by Default“. Indeed, it is essential to integrate the protection of health data from the design of new e-health services, while guaranteeing by default the highest possible level of security.

Dr Benoît Lamblin, doctor hosting the Health Cloud offer, explains his role and the challenges in the exploitation of health data for practitioners and patients.

CONNECTED HEALTH OPERATOR

For more than 20 years, Euris has supported healthcare manufacturers in their hosting and 24/7 outsourcing projects for their platform. Euris facilitates the development of e-health services while ensuring compliance with health data constraints.

Our multi-territory hosting infrastructure allows us to support our customers around the world for the implementation of industrialized digital health services.

Thus, Euris creates and operates a set of IT services to meet the challenges of the digital transformation of health. Through a marketplace of e-health services unique in Europe, Euris provides its customers with turnkey technological and digital bricks in HDS compliance. Under a global and unique contract, our customers can very easily develop their e-health project for the
deployment and development of their solution, without having to resort to external service providers.

GXP Compliance

COMPLIANCE WITH GXP REQUIREMENTS

The term GxP is a general abbreviation for “good practice” recommendations and regulations referring to regulations and guidelines that apply to life science organizations producing food and medical products, such as drugs, medical devices and medical software applications. The overall objective of the GxP requirements is to ensure that medical and food products are safe for consumers and to ensure the integrity of data used to make product safety decisions.

Since GxP certification for healthcare data hosting providers does not exist, Cloud Santé® has established a GxP compliance control approach, based on the requirements determined in Title 21 part 11 of the FDA’s CFR for United States of America which contains requirements for computerized systems that create, modify, maintain, archive, retrieve, or distribute electronic records to support GxP-regulated activities. This approach is also based on the various certifications and compliances obtained by Cloud Santé (ISO 27001, HDS, HIPAA, RGPD, etc.).

Part 11 was created to enable the adoption of new computing technologies by FDA-regulated life science organizations, while at the same time providing a framework to ensure that electronic GxP data is reliable.

These requirements relate, in general, to the authenticity, integrity and confidentiality of electronic data. Euris Cloud Santé has based its Information System security system on the DICA criteria (Availability, Integrity, Confidentiality and Auditability)

Exigences
Mesures
Responsibilities and Organization  An organization based on management’s commitment to IS security and data protection with a security committee

 Identified responsibilities, a regulatory watch and compliance approach, a strict recruitment process with identification

System management  A system managed through risk analysis and continuous improvement

 Infrastructure monitoring (network, hardware and operating system)

Staff management  A strict recruitment process with an identification of the required skills, qualifications, checks, assessments are carried out throughout the recruitment process

 Business and IT security training is provided

Recordings and reports  A centralized logging system, on dedicated equipment

 Access logs, infrastructure, accounts, applications, etc.

 A monitoring system allowing the supervision of the infrastructure (network, hardware and operating system)

Quality Audits  An information systems management system is in place, our policies oversee operational processes. These are reviewed annually during compliance checks

 The system is audited (externally) at least 3 times a year

 4 PCA tests per year

Supplier Ratings  An assessment of suppliers

 A verification of the required qualifications

Limited access system  Identified and separated responsibilities (empowerment and rights matrix) as well as a validation and control process
Change control  All infrastructure changes are validated as part of the monitoring process

 All changes to services made to our customers are validated via processes appropriate to safety within the HDS framework via recipes

Backup and Restore  Redundant backup system

 Monthly restore test

Security management  A totally redundant system (infrastructure, data, backup)

 Secure, tracked and controlled physical access

 Two-factor logical access, defined restrictions to sensitive data and controlled

 Encrypted data

 Authentication mechanisms

 Backups and restore test

 24/7 monitoring supplemented by event logging

Incident management  A totally redundant system (infrastructure, data, backup)

 Crisis management organization

 Following the identification of an incident, a qualification stage is opened to allow processing, the closure of the incident will be formalized by a feedback document and follow-up of the action plan

As part of our Hybrid Cloud offer, Cloud Santé® has ensured that our partners, in order to complete our compliance, carry out this process.

AWS Hybrid Cloud – GxP resources available here

Azure Hybrid Cloud: GxP resources available here

DEPLOY YOUR E-HEALTH SOLUTION ON AN HDS CERTIFIED PRIVATE CLOUD IN FRANCE AND ABROAD