eQualis is a department of the Agence eSanté that issues conformity attestations for interoperability and information security

The objective of the eQualis project is to strengthen and industrialise the process of testing and conformity assessment in the field of eHealth, by developing a laboratory-type environment for testing and conformity assessment on interoperability and information security. Since this topic concerns various actors of the healthcare, IT and public sector, we develop and implement all our actions in close collaboration with the relevant stakeholders.

Our first actions

As a first step, we have defined a governance model and templates for test plans and conformity assessment schemes. These have meanwhile been used and executed for the tests and reporting of results for the service “eAdministrative”, a platform for the secure electronic exchange of structured medical invoices that was launched in September 2021.

Secondly, we have signed a Memorandum of Understanding with LHC (Luxembourg House of Cybersecurity) to cooperate in the field of information security in the eHealth domain, with the aim to raise awareness about information security risks within the healthcare sector and to improve the state of practice of information security in the local healthcare ecosystem.

The first joint project initiated is CESAR (Cybersecurity Assessment Reporting in Healthcare), which aims to build a framework for cybersecurity assessments in the healthcare domain in Luxembourg.

About the CESAR project

The project started with the development of questionnaires for healthcare professionals and software vendors & IT service providers, allowing to collect information related to their information security state of play and awareness. These questionnaires have served as a tool to assess - during interactive sessions with representatives from both parties - the following topics: information security in the context of service provision, contracts, data protection, development, maintenance and support.

The analysis and outcome of these assessment sessions have served as a basis to produce:

  • a brochure and website page to share key information on information security recommendations and best practices for software vendors and IT integrators;
  • a self-assessment survey for healthcare professionals, which can be filled out anonymously via the online assessment tool “Fit4eHealth”, which is available in English, French and German. Once completed, the survey provides a score and, based on the answers given, individual recommendations for improving the level of information security maturity.

Next actions foreseen within the CESAR project:

  • Analysis and reporting on Fit4eHealth
  • Improvement of guidelines and recommendations
  • Webinars
  • Development of conformity assessment scheme for Information Security for software vendors and IT service providers

Ongoing activities of our eQualis team:

  • Definition of conformity assessment scheme and test plan for new eSanté platform services
  • Execution of test plan and of interoperability and security conformity assessment schemes