Netsoins is a computerized user file software (DUI) that centralizes the administrative, medical, and paramedical data of residents in nursing homes (EHPAD). When deployed within the Domusvi group, the login procedure directly engages the security of health data subject to GDPR and HDS hosting requirements. Understanding the technical mechanisms that protect this information allows care teams to measure their own role in the compliance chain.
National Health Identity and DMP: What the Ségur Requires for Netsoins Connection
Competing articles treat the connection as an issue of identifier or browser. The real recent change is elsewhere: the deployment of the DMP (shared medical file) and the INS (national health identity) in Domusvi establishments changes the very nature of authentication.
See also : Discover how to easily simplify the management of your association online
The Clos Lafitte residence, part of the Domusvi group, has documented this DMP-INS deployment. This integration requires a strong authentication of healthcare professionals and a secure data circuit to the Health Insurance. The simple username/password combination is no longer sufficient: the professional must prove their identity through a means compliant with the Ségur digital health frameworks.
Specifically, when logging into Netsoins Domusvi, the software checks that the user has the authorizations corresponding to their role (nurse, coordinating doctor, nursing assistant). Each action is tracked in a timestamped history, which feeds the processing register required by the GDPR.
Read also : How to Choose the Best Method to Estimate the Value of Your Property?
HDS Hosting and Server Location: A Often Ignored Constraint
The majority of connection guides do not mention the infrastructure that stores the data once entered. The CNIL reminds that medico-social establishments must verify the location of the servers and the guarantees offered by their subcontractors, especially since the invalidation of the Privacy Shield and the adoption of the Data Privacy Framework in 2023.
Netsoins displays compliance with HDS standards (health data hosting). This certification guarantees that residents’ data remains on servers that meet strict criteria for availability, integrity, and confidentiality. For a Domusvi establishment, verifying that the host is HDS qualified and located in Europe is a prerequisite before any software production deployment.
Transfers Outside the EU: A Point of Vigilance
The CNIL emphasizes the preference for European hosts when it comes to health data hosted in the cloud. If a technical subcontractor (maintenance, backup) transfers data to American servers, the establishment must ensure that standard contractual clauses or equivalent guarantees are in place. This control falls under the Data Protection Officer (DPO), whose appointment is mandatory for a group like Domusvi that processes sensitive data on a large scale.
Role of the DPO and Processing Register in a Multi-Site Group
Domusvi operates several hundred residences. This scale makes the processing register particularly complex: each establishment uses Netsoins with tailored settings (prescription modules, nursing care tracking, telemedicine), and each configuration generates distinct data flows.
The group’s DPO must maintain a register describing, for each processing:
- The precise purpose (care coordination, billing, transmission to Health Insurance via the DMP)
- The categories of data collected (resident identity, medical history, prescriptions, nursing observations)
- Internal and external recipients, including technical subcontractors ensuring HDS hosting
- The retention periods applied, which vary according to the nature of the document (medical file, administrative data)
Each professional who connects to Netsoins contributes to this register through their daily actions. Tracking a care, modifying a prescription, consulting a file: all these operations are recorded and must be auditable.
Good Security Practices for EHPAD Teams
Regulatory compliance relies on technical mechanisms, but also on the actions of teams at their workstations. Several reflexes significantly reduce the risk of leaks or unauthorized access.
- Lock the session as soon as the workstation is left, even for a few minutes. In nursing homes, shared workstations among caregivers multiply the risk of access under a third-party identity.
- Never share your Netsoins credentials with a colleague, even in an emergency. Individual traceability of actions is a legal obligation, not a recommendation.
- Immediately report any suspicion of abnormal access (login from an unknown device, modification not made by the account holder) to the IT referent or the DPO.
- Prefer the browser recommended by the establishment and keep it updated, as an outdated browser can expose data to known vulnerabilities.
These actions may seem simple. Their non-compliance represents the leading cause of reports to the CNIL in the medico-social sector. The security of health data is as much at stake on the screen as at the server level.
Ongoing Training and Awareness
A compliant software does not protect anything if users bypass its mechanisms out of habit or lack of time. Domusvi establishments that integrate regular GDPR awareness into their training plan notice a decrease in incidents related to poor connection practices.
Protecting residents involves a complete chain: HDS certification of the server, strong authentication imposed by the Ségur, processing register maintained by the DPO, and daily vigilance of each caregiver who opens Netsoins. No link compensates for the failure of another.