Your patients' data are secured
High-quality hosting
Our application is hosted on RGPD & HDS compliant hosting, certified ISO 27001. All data are transmitted securely via HTTPS and TLS 1.3.
Strong passwords & double authentication
To ensure the highest levels of protection for your account and data, we maintain a strict password policy, with a double authentication mechanism that can be activated on demand
Compliant solution
Our solutions are natively compliant with the GDPR, at any time you can from your user portal request to exercise your rights, including to delete specific data from certain patients
User preferences
You have control over your patient data storage mode: no storage, anonymous storage, non-anonymous historical storage. In all cases, the highest level of security is applied to your data
.
🇪🇺 GDPR compliance
We fully comply with the European General Data Protection Regulation.
Patient data are never transferred outside the European Union.
The GDPR is a European Union regulation that establishes a new framework for the processing and protection of personal data of EU residents. It came into effect on 25 May 2018. It provides EU residents with better control over their personal data and the assurance that their information is protected securely throughout Europe.
PraxySanté allows you to exercise your rights (access to data, deletion) and also gives you the possibility to manage patient requests regarding personal data.
🔐 Security by design
✔ Certified health servers with ISO 27001 and Health Data Host (HDS) compliance
✔ NIST SP800-63B Password Policy
✔ Access control with granular user-level permissions
✔ Prevention of simultaneous connections and automatic logout in case of inactivity
✔ Secure communication via TLS 1.3 protocol
✔ Database encryption with multiple 32-bit rotating keys
✔ Salting and hashing of identity data with SHA-256 hash function
✔ Automated backup every 24 hours with 30-day storage
✔ Automated pseudonymisation of identification data
✔ Patient data anonymisation/pseudonymisation tool (transcripts, reports, audio files)
* The CNIL (Commission Nationale de l'Informatique et des Libertés) is a French independent administrative authority whose mission is to ensure the application of legislation related to the protection of personal data during collection, storage and use of personal data ** The HDS (Hébergeur de Données de Santé certification) is a French certification that provides a framework to strengthen the security and protection of Personal Health Information.