Demonstrate that your health ICT system complies with the highest information governance standards

We assess the privacy, security and data protection compliance of processes, tools and practices in health ICT systems

Assure your GDPR compliance

The arrival of the General Data Protection Regulation (GDPR) has revolutionized how the digital economy handles and governs data and its uses. GDPR requires all organisations to handle accurate data for lawful purposes transparently and accountably – and to prioritise the rights of data subjects. Organisations who have purchased ICT solutions must be confident that they can access and analyse data in full compliance with GDPR. With so many data breach scandals, cyber risks and high penalties, assurance of compliance has never been more vital for clients, research organisations, regulators, patients and the public.

Boost confidence in the integrity of a digital health solution

IDHIS – Information Governance & Data Privacy Programme for Health ICT systems:
specifically designed conformity assessments

IDHIS, i~HD’s new Information Governance Certification Programme, audits the conformity of data flows in health ICT systems against a unique set of international ISO-accredited(*) criteria relating to privacy, ethics, security and data protection. We do so by examining the processes, tools and practices that are in force and by testing the resulting ICT system.

Our IDHIS assessment framework covers the specific needs of each sector in the health care data ecosystem, including pharma, research institutions, hospitals, health authorities, developers and vendors of health ICT systems and medical devices.

Organisations with an IDHIS-compliant system will be awarded an ISO-accredited Certificate and thereby grow market confidence and scale up the use of health data to improve care and accelerate research

Prove the integrity of your health ICT system,
gain the trust of your partners

Trustworthy health data: we are all involved!


are willing

  • to share health data provided they trust that their data is secure.
Female doctor using tablet
health ict system users

want to

  • maintain accuracy and reliability of their data
  • demonstrate the GDPR compliance of their health ICT system practices
  • ensure robust and clear security and privacy policies, standard operating procedures and codes of practice
  • react quickly and effectively to failures and breaches
  • avoid bad press and reputational risk due to data controversies
  • face the rapid pace of change in terms of tooling and computing capability versus new and emerging cyber threats

Many stakeholder groups have more specific motivations to evidence their trustworthy health data use.

  • reassure all stakeholders (including ethics committees, Data Protection Officers, industry partners, regulatory authorities) and data providers (citizens, participants in clinical studies, hospitals) of the robustness of your data security measures and the trustworthiness of your health ICT system
  • balance the need to minimise the use of personal data with the risks to data utility and undermining research.
  • trust the data quality and reliability within hospitals and their ICT systems and processes

  • convince pharma and other research and innovation partners of your eligibility to participate in clinical research
  • be ready to meet governmental requirements with regards to data protection
  • be convinced of the trustworthiness of the growing number and diversity of health ICT systems you connect to

  • check the security and data protection health of your systems and products
  • learn from a rigorous process run by independent experts to enhance your approach to security, data protection and ethics
  • demonstrate to your current and prospective clients that your systems and services are reliable, secure, robust and trustworthy
  • be instantly viewed as a trusted partner and operator by commissioners, funders, governments, health service providers and industry partners
  • earn wider public recognition as a trustworthy supplier

  • rapidly and readily assess the assurance of tools, their vendors and the processes surrounding their use
  • align the process of data protection, security and ethics assurances with existing oversight needs and requirements on a case by case basis
  • provide a greater assurance to citizens that their data is handled carefully, securely and effectively
  • uphold your responsibilities to safeguard and promote safe health care delivery, e.g. by endorsing health apps, checking hospital quality etc.
  • achieve greater assurance that public health registries comply with data security, protection and ethical requirements, regulations and expectations.

Convince all stakeholders that your data handling is accountable, transparent, reliable and secure

Why i~HD?

i~HD has been working with European public and private bodies for over five years to understand best information governance and GDPR compliance and how to assure it. We have substantially advanced our initial Certification Programme for Research Platforms. Through our many R&D programmes, public and commercial partnerships we have cutting edge experience of GDPR in practice, now also with a reinvigorated focus on the importance of health data in the light of the COVID-19 Pandemic.

Our team of experts has developed a comprehensive new portfolio of criteria and an assessment process that are being prepared for ISO Accreditation.

A unique and comprehensive portfolio of criteria

Our IDHIS programme contains a total of 177 criteria, substantiating the width and depth of the domains we cover:
  • Accountability (37)
  • Transparency (23)
  • Information Security Management and Implementation (31)
  • Audit Readiness (14)
  • Data Processing (Ethical Practice, Impact Assessments, Minimization, Accuracy and Retention) (26)
  • Enforcement and Corrective Action Capability (19)
  • Documentary Compliance (27)

We ensure a smooth certification process

Interested? Get in touch!

Are you interested to learn more about our IDHIS Programme?

Contact our Audit Manager 
Christophe Maes for a free intake meeting.

(*) i~HD is in the final stage of preparation to apply for an ISO accreditation.