Personal Health Data Hosting Provider

EpiConcept has put into place a data security policy that fulfils the legal and ethical requirements associated with hosting personal health information.

EpiConcept operates IT systems originating from Information Security Management System (ISMS) practices in order to guaranty the availability, completeness, and the confidentiality of data to whom it is entrusted.

Since 11 May 2012, EpiConcept has been a state-certified “Personal health data hosting provider.” The certification has been granted by the ministry of health, after a substantiated recommendation by a CNIL (National Commission for informatics and personal liberties) certification committee for a  duration of three years. This certification was reinstated for another three years in May of 2015. The limits of this certification for EpiConcept concern the applications developed based on the Voozanoo framework. The technical requirements in terms of security, risk analysis, and an established Information Systems Security Policy to obtain this certification are very close to those required for the ISO 27001 norm. (Link to the ASIP health agency)   

Organizing the security system

EpiConcept has adopted the following measures:

  • steering committee creation
  • security diagnosis at each level (development platform, development, hosting)
  • definition of a workgroup to cover the risks (practices formalization , security management processes, employee training plan)
  • accompaniment by security experts (some of whom from HS Consultants)

Hosting platform architecture

All development at EpiConcept starts with the Voozanoo framework. Security measures include:

  • systematic use of encryption
  • network segmentation by use of distinct sub-networks
  • choice of operating systems known for their robust nature and then optimised by experts
  • immediate security updating of open source tools
  • security training for software developers

For more information please contact our chief information security officer at