Your patient data is safe
High quality accommodation
Our application is hosted on GDPR and HDS compliant hosting, ISO 27001 certified. All data is transmitted securely via HTTPS and TLS 1.3.
Strong passwords and two-factor authentication
To ensure the highest levels of protection for your account and data, we maintain a strict password policy, with a two-factor authentication mechanism that can be activated upon request.
Compatible solution
Our solutions are natively GDPR compliant, you can request to exercise your rights at any time from your user portal, including the right to delete specific data for certain patients.
User preferences
You have control over your method of storing patient data: no storage, anonymous storage, non-anonymized historical storage. In all cases, the highest level of security is applied to your data.
.
🇪🇺 GDPR Compliance
We fully comply with the European General Data Protection Regulation.
Patient data is never transferred outside the European Union.
The GDPR is a European Union regulation that establishes a new framework for the processing and protection of personal data of EU residents. It came into effect on May 25, 2018. It provides EU residents with greater control over their personal data and the assurance that their information is securely protected across Europe.
PraxySanté allows you to exercise your rights (access to data, deletion) and also gives you the possibility to manage patient requests regarding their personal data.
🔐 Security by design
✔ Certified healthcare servers with ISO 27001 compliance and Health Data Host (HDS)
✔ NIST SP800-63B Password Policy
✔ Access control with granular permissions at the user level
✔ Prevention of simultaneous connections and automatic disconnection in case of inactivity
✔ Secure communication using TLS 1.3 protocol
✔ Database encryption with multiple 32-bit rotating keys
✔ Salt hash of identity data with SHA-256 hash function
✔ Automated backup every 24 hours with 30 days of storage
✔ Automated pseudonymization of identification data
✔ Tool to anonymize or pseudonymize patient data (transcripts, reports, audio files)
* The CNIL (National Commission for Information Technology and Liberties) is an independent French administrative authority whose mission is to ensure the application of the legislation relating to the protection of personal data during the collection, storage, use and distribution of personal data. ** The HDS (Health Data Certification Host) is a French certification that provides a framework to strengthen the security and protection of personal health information.