IDHIS
Information Governance & Data Privacy for Health ICT Systems
For data facilitators, there is a new certification scheme to ensure trust in your organisation and to boost your business
Huge challenges in the re-use of health data are building and retaining trust and demonstrating GDPR compliance, amongst data providers, data facilitators and data users.
This lack of trust may slow down your business, namely as a data facilitator connecting health data sources, bridging from data providers to data users. With so many data breach scandals, cybersecurity risks and high penalties in the public eye, assurance of compliance has never been more vital for all stakeholders.
Without (accredited) certification, the market for these ICT platforms (data facilitators) will grow slowly and opportunities to conduct real-world data research, to respond to the needs within clinical research and health care, will be lost.
Prove the integrity of your health ICT system, gain trust, increase efficiency and boost your business
Need for an Independent Information Governance Assessment
Are these your organisation’s concerns?
In order to give confidence to all interested parties that a product, process or service is compliant to specified requirements such as GDPR, certification is essential.
The value of certification is the degree of confidence and trust that is established by an impartial and competent demonstration of fulfilment of specified requirements by a third party.
Secure, protected and ethical health data flows must be demonstrated in order to foster trust and generate value.
There is a growing demand to demonstrate that ICT systems comply with the highest information governance standards.
IDHIS is the first information governance certification programme of its kind
IDHIS audits the conformity of data flows throughout the health ICT systems against a unique set of international criteria relating to privacy, ethics, security and data protection.
Independent auditors examine how the organisations govern their staff, processes, tools and procedures by assessing their information governance.
IDHIS certification programme awards those organisations that have an information governance-compliant health ICT system with a Certificate (IG1-2020).
The certificate owner shows to their customers that their data governance is trustworthy and conforms to the highest international standards.
Increase trustworthiness
Who may apply for IDHIS?
The IDHIS certification programme is a must-have for ICT companies that are facilitating (re)-use of health data via their ICT platform.
These ICT platforms act as a bridge, retrieving data from data providers, generating added value to this data and make it available to data users, e.g. research, A.I. , Learning Health Systems.
IDHIS, a journey together
Why i~HD?
- Experienced assessment & certifying body – ISO 17065.
- Complementary approach to relevant ISO standards.
- Unique framework using scripts based on the uniqueness of your organisation.
- Authors of Codes of practice, standard operation procedures and DPIA templates.
- International knowledge with local interpretation and guidance.
- Over 20 years of experience.
- International experts in i~HD’s dedicated task force.
Positive impact for your organisation
External
- Re-assure your stakeholders that your health data handling is accountable, transparent, reliable and secure.
- Demonstrate your data is ready to be safely re-used for innovation and research.
- Boost your branding and market impact.
INTERNAL
- Boost your service quality throughout your business.
- Increase the quality of your organisation’s governance.
- Improve your time efficacy at all levels.
- Improve confidence in your health data flows.
- Improve your services towards the expectations and needs of your clients and business partners, by improved operation flows.
IDHIS Criteria Sets
Europe’s first Information Governance & Data privacy for Healthcare ICT Systems Certification scheme is based on a set of 142 criteria focusing on:
Example of a criterion (accountability)
The organisation has an updated and version-managed policy for the agreements/contracts that organises and properly identifies them so that the policy comprehensively covers any data processing within the baseline agreements.
Description of IDHIS Criteria Sets
The first subset of criteria checks if the organisation’s health data flow and health data handling comply with the international and national GDPR regulations. Risk-based policies, procedures, codes of practice, data assets, data processing tools, internal audits and corrective actions and consequent updating must be in place.
- Are definitions clear in your contracts? How do you check the ethical concerns, the execution of the data privacy rules, informed consent procedures, data handling responsibilities, the applicability of the contract and the duration of the contract?
- Data handling is never without risks! How do you manage your company’s risks on your databases, data formats, middleware, API’s…?
How can you ensure robust data protection whilst re-using health data?
Discover the journey of the first-ever IG1-2020 awardee
Novellas Healthcare NV has been awarded the GDPR certification after the IDHIS audit.
Interested? Get in touch!
Are you interested to learn more about our IDHIS Programme?
Contact our Audit Manager
Christophe Maes for a free intake meeting.
We ensure a smooth certification process