Doctolib has obtained the ISO 27001 certification in information security and health data host (HDS), we can read in a press release published on November 17, 2021. It is the BSI certification body that has issued these certificates for a period of three years. . A surveillance audit must be conducted every year.
A priority for Doctolib
“Protecting health data is a top priority for Doctolib. Our teams continually work to ensure that we implement good security practices and that Doctolib solutions meet the highest regulatory requirements in terms of Doctolib data protection. En With this in mind, Doctolib has decided to obtain ISO 27001 certification and Health Data Hosting, ”explains Gaspard du Jeu, Doctolib Product Marketing Manager, in a blog post.
The ISO 27001 standard is related to the security of information systems. Obtaining it shows that the company has implemented “an effective information security management system”, we read on the website of the French Association for Standardization (Afnor). It defines a methodology for the identification of “cyber threats”, controlling the risks associated with “crucial information”, implementing the appropriate protection measures to ensure the confidentiality, availability and integrity of the information.
For its part, the evaluation of the health data host is the result of a two-phase audit by the certification body: ISO 27001 and ISO 20000 on “the service quality management system”. The audit also includes some specific requirements for the hosting of health data, specifies the Agence du numérique en santé.
Doctolib criticized for its data management
The decision to get certified was made “in 2020 for various reasons,” explains Gaspard du Jeu. The first aims to “perpetuate the development of” Doctolib “services for both patients and professionals.” The start-up also wants to anchor “in a lasting way the transversal aspect of security and respect for the protection of personal health data” in the company.
This announcement is part of a very tense context for the company with 60 million users. In June 2021, it was accused of using two cookies in order to collect data from its German users, such as the specialty of medicine, treatment and the sector (public or private) searched, as well as the IP address of the device used to investigate. They were then sent to Facebook and Outbrain, two advertising giants.
In reaction, the unicorn assured that it had not collected health data with these cookies and added that it “never transmitted medical data to a third party, neither in France nor in Germany.” It claimed to have requested consent from users, as required by the General Data Protection Regulation (GDPR).
Data hosting in court
In France, Doctolib has been accused of poorly protecting user data because Amazon, as the host, and the company itself would have access to this information, according to a survey published by Franceinter published in March 2021. accusations rejected by Stanislas Niox-Château , CEO and founder of Doctolib, in a blog post.
The choice of a US cloud provider, in this case Amazon Web Services (AWS), has also been contested by physician and patient associations that have taken over the State Council. They believed that health data was poorly protected as it is hosted on Amazon Web Services, which is subject, as a US-based company, to the arbitrary power of US intelligence services.
The administrative judge rejected this request. He affirmed that the data was sufficiently protected thanks to modifications to the hosting contract that establishes a precise procedure in the event of access requests by a public authority. He also noted that Doctolib had implemented an encryption procedure, designed by Tanker, of which only Atos had the key. This would prevent a third party from reading the data, promises Doctolib, which recently swallowed up its Italian competitor.
Woodmart Theme Nulled, WP Reset Pro, Newspaper 11.2, Newspaper – News & WooCommerce WordPress Theme, Premium Addons for Elementor, Rank Math Seo Pro Weadown, WeaPlay, WordPress Theme, Plugins, PHP Script, Jannah Nulled, Elementor Pro Weadown, Woocommerce Custom Product Ad, Business Consulting Nulled, Jnews 8.1.0 Nulled, Avada 7.4 Nulled, Nulledfire, Dokan Pro Nulled, Yoast Nulled, Flatsome Nulled, PW WooCommerce Gift Cards Pro Nulled, Astra Pro Nulled, Woodmart Theme Nulled, Slider Revolution Nulled, Wordfence Premium Nulled, Elementor Pro Weadown, Wpml Nulled, Consulting 6.1.4 Nulled, Fs Poster Plugin Nulled