Why talk about security?
Malicious attacks on hospitals, health insurance hacks and email “phishing” attempts, our sensitive data can seem weak and desirable! So how do we position ourselves when we are offered to store our documents and health data online?
If this question bothers you, know that you are not alone and of course these questions are completely legitimate. In the “French People and E-Health” survey conducted by France Assos Santé and the CSA Institute, 35% of French people expressed a lack of confidence in the safety of their health data, although this figure was lower among patients/caregivers (30%). The explosion in the use of teleconsultation during the health crisis has demonstrated this as well, as in this survey one user in two believed there was a security shortfall in teleconsultation platforms.
Accommodation: My Health Space uses legacy DMP features to store your documents online and share them with healthcare professionals. This information can only be accessed by you and your health journey professionals who have authorized it (more details in our infographic, at monespacesante.fr and in our next article on this profile).
To ensure this computer storage, also called data hosting, two French operators have been selected by public authorities to host Mon Espace Santé data and ensure a high level of trust for users. These two companies, Atos and Santeos, use servers that meet the “Health Data Host” certification, a standard that must be respected. This certification, which will be renewed every 3 years, is the result of several audits, particularly on-site, which may lead to requests to correct any problems discovered, leading to additional audits. The Health Insurance (CNAM) and the Ministry of Health and Solidarity are responsible for the processing of My Health Space, that is, they have a data security obligation, under the control of CNIL, without access to them. CNAM feeds My Health Space, but does not have a view of its content.
My Health Space does not replace the medical records that professionals and organizations must maintain, but rather collects a digital copy of the documents. In the exact case where an organization is the target of a malicious attack, users and professionals will always have a copy of the data via this tool. So My Health Space can be for users who will use it as a way to secure their documents and avoid them getting lost or scattered with their traditional paper files.
Dual access: However, it would be an illusion to think that no IT solution is immune to malicious attacks, because other health data-focused My Health Space structures cannot permanently escape this danger.
To reduce any risk, when creating or opposing the account, the user’s journey is secured with their Social Security number, as well as the biometric card serial number (accessible by phone at 3422 if the ci has been erased) and the temporary connection code sent by the health insurance (in the mail notification / e-mail, or by creating it online from monespacesante.fr at any time). Likewise, each time you log into your account, a double check is set up with a single-use code sent via text message or email, like systems used to identify professionals via a CPS card or certain bank connections.
In addition to these securities, all access to My Health Space is tracked. Every addition or modification to the document is noted as well as the documents consulted by your professionals. Each of these procedures is time-stamped (the time of the procedure) and identifies the relevant professional by name. Your actions are also tracked on your account for complete transparency. Only the user has access to this access log.
Safe messages: One of Mon Espace Santé’s core services is also a tool that can contribute to the security of our health data. Healthcare professionals have multiple years of access to secure healthcare messaging to share sensitive information and healthcare data about their patients. From now on, all users will be able to access this service for free in My Health Space. This tool avoids using messaging services that are open to everyone and not suitable for spreading health information, such as Gmail, Yahoo, WhatsApp, etc. These letters will allow you to respond to your health professionals, to send preparatory documents before the consultation, receive their referral letters to specialist doctors, etc.
“Food trailblazer. Passionate troublemaker. Coffee fanatic. General analyst. Certified creator. Lifelong music expert. Alcohol specialist.”