Certification by COFRAC, the French Accreditation Body for Healthcare Data Hosts (HDS), ensures full compliance with the rules governing the protection of personal data in healthcare establishments.
Appearing during 2018, this certification is now mandatory for all organizations that host or operate the Healthcare Institutes Information System. What’s it really for?
HDS compliance: improving patient care and safety
The main advantage of HDS compliance is that it improves the performance of healthcare establishments and guarantees the confidentiality of patients’ personal data.
Indeed, at a time when personal data is worth its weight in gold and in constant demand, HDS compliance is a difficult hurdle to overcome. Thanks to the standards and obligations it imposes on hosting providers, it ensures better protection of patients’ personal health information. This is all the more important when you consider that hospital IT systems are not considered impregnable.
Similarly, successive health crises have significantly altered the way hospitals and health institutes operate. These care centers now have a greater need for available data, and real-time updates. HDS compliance, through partners such as https://www.netexplorer.fr/ for example, improves the availability of IT system data.
What are the challenges of HDS compliance?
Despite its advantages, HDS compliance still has its challenges. The most important of these concerns health centers, which look after their own IT systems. As a reminder, HDS standards are only mandatory for healthcare centers that delegate the hosting of their IT systems. Those who take care of it themselves are under no obligation.
And yet, just like any other business, these centers can fall victim to attacks or loss of sensitive data. The challenge of this certification is to include all hospitals in order to better ensure the security of patients’ personal data.
HDS standards also face another major challenge. Today, some healthcare centers evade HDS standards by anonymizing the data they hold. The solution is relatively simple. If you can’t put names to data, there’s no point in stealing it.
The downside of this option is that it is technically impossible to achieve strict data anonymization. In many cases, re-identification techniques are used, undermining the process and exposing patient data.
What solutions can healthcare establishments put in place?
To ensure full compliance with HDS certification standards and requirements, the best option is to use a certified hosting provider. This enables us to benefit from the expertise of professionals who have the skills needed to organize and secure IT systems for healthcare establishments.
That said, with so many players on the market, it’s hard to choose the one that’s right for you. To make the right choice, healthcare establishments should only opt for hosting providers that meet HDS security criteria. They must therefore meet ISO 27001 and ISO 20000 standards. They must also demonstrate compliance with basic data protection requirements.