Healthcare Digital Glossary 2026 : 30 key terms for Hospital CIOs and CEOs

At a Glance

‍

Introduction

Hospitals operate in an increasingly demanding regulatory environment. Mandatory certifications, interoperability standards, cybersecurity obligations, HAS accreditation — hospital decision-makers need to master a dense technical vocabulary to manage digital projects, evaluate vendors and protect their institutions.

This glossary brings together the 30 essential terms used daily by CIOs, CEOs and medical directors across Galeon's 19 partner hospitals, including 2 university hospital centres (CHU). It covers clinical systems, mandatory certifications and hospital standards with no overlap with the Blockchain Healthcare Glossary 2026.

A hospital that masters its certifications protects its patients, secures its funding and attracts the most serious technology partners.

1. Hospital Systems and Structures

EHR : Electronic Health Record

Software that centralises all medical and administrative data for a patient within a hospital. DPI (Dossier Patient Informatisé) is the French equivalent used in domestic deployments. The daily working interface for all clinical staff, its quality directly determines patient safety, PMSI coding accuracy and the value of data for research.

✅ Galeon offers an AI-powered EHR, certified HDS and LAP, deployed in 19 French public hospitals including 2 CHUs. Inter-system exchanges use the HL7 standard.

HIS : Hospital Information System (SIH)

The full set of software managing the medical, administrative and logistical activities of a hospital. It includes the EHR, laboratory systems, imaging software, pharmacy and billing. Interoperability between these components is one of the core challenges for hospital CIOs — and the condition for data to flow between departments without re-entry.

SHR : Shared Health Record (DMP)

A national digital record managed by the French Health Insurance (Assurance Maladie), accessible to any healthcare professional authorised by the patient. Distinct from the EHR (which is internal to one institution), the SHR follows the patient throughout their life regardless of which hospital they attend. Over 40 million SHRs were created in France in 2024.

THG : Territorial Hospital Group (GHT)

A mandatory cooperation structure between public hospitals in the same territory, introduced by the 2016 Health Act. The THG pools medical, administrative and digital resources across its members. It is often the decision-making framework for shared EHR projects — a THG CIO manages the information system for several hospitals simultaneously.

RHA : Regional Health Agency (ARS)

The State body that oversees health policy in each French region. The RHA funds, regulates and plans hospital services. It validates digital investment projects and can impose compliance requirements — interoperability standards, HDS certification, cybersecurity — on the hospitals under its authority.

AMO : Acute Medicine and Obstetrics (MCO)

Refers to a hospital's acute care activities, as opposed to rehabilitation (SSR) or psychiatry. AMO funding is subject to activity-based billing (T2A) and depends on PMSI coding of hospital stays. It is the primary revenue source for a general hospital — and the area where EHR quality has the most direct financial impact.

Patient Pathway

The full sequence of a patient's care journey, from admission to follow-up at home. A smooth pathway relies on data continuity between every care actor. Breakdowns — information not transmitted between departments, incomplete records — are a documented cause of medical errors and avoidable readmissions.

Patient Identity Vigilance

Practices to ensure the exact identification of a patient in information systems at every step of care. An identification error can lead to medical acts being performed on the wrong patient. It is a key quality indicator monitored by the HAS as part of hospital accreditation.

2. Mandatory Certifications

‍

HDS : Health Data Hosting Certification

Mandatory certification for any provider hosting personal health data on behalf of a third party. Issued by bodies accredited by COFRAC under the ANS framework. The hospital is legally responsible for verifying its vendors' HDS certification before signing any contract. The absence of HDS certification at a hosting provider exposes the hospital to CNIL sanctions of up to €20M.

✅ Galeon is HDS certified. Verification is publicly available at esante.gouv.fr.

ISO 27001 : Information Security

International standard certifying that a provider manages information security in a rigorous and documented way. It covers IT risk management, access controls, physical server security, business continuity and incident response. Very often required alongside HDS certification in hospital public tenders.

✅ Galeon is ISO 27001 certified.

LAP : Prescription Support Software

Certification issued by the HAS for software integrated into the EHR that assists physicians at the point of medication prescribing. A certified LAP must display alerts on contraindications, drug interactions and inappropriate dosages based on the patient's profile. LAP certification is mandatory for any prescribing software used in a hospital. It is regularly re-evaluated by the HAS.

✅ Galeon's EHR is LAP certified by the HAS, ensuring the compliance of the medication alerts integrated into the patient record.

LADS : Clinical Decision Support Software

A broader category than LAP: any digital tool that analyses clinical data to alert a caregiver or suggest a decision — diagnosis, dosage, care pathway. The HAS has published a specific evaluation framework, mandatory before any routine hospital deployment. Medical responsibility remains entirely with the clinician — the LADS is a support tool, never a substitute for clinical judgement.

HAS Accreditation : Haute Autorité de Santé

The mandatory external evaluation procedure for the quality and safety of care, conducted by the HAS every 4 to 6 years in each institution. It draws on quality indicators, many of which depend directly on the EHR: record completeness, act traceability, patient identity vigilance, prescription appropriateness. A well-structured EHR mechanically improves accreditation scores.

NIS2 : European Cybersecurity Directive

European directive transposed into French law in 2024, classifying public hospitals as essential entities. It requires documented cybersecurity governance, minimum technical measures — strong authentication, backups, encryption — and the obligation to notify any significant incident to the ANSSI within 24 hours. Senior management is personally responsible for compliance.

💡 In 2022, a ransomware attack on the Centre Hospitalier de Versailles paralysed its systems for several weeks. NIS2 is a direct response to this type of incident. Non-compliant hospitals face financial penalties and personal liability for their leadership.

Ségur du Numérique en Santé

French government programme led by the ANS, launched in 2021 with over €2 billion committed. It funds the modernisation of hospital software and mandates interoperability standards, including FHIR for new software. An editor's Ségur listing can be verified at esante.gouv.fr. Unlisted software cannot claim public upgrade funding.

‍

3. Interoperability Standards

Interoperability

The ability of different IT systems to exchange and use data coherently. In a hospital, it determines whether a lab result appears in the EHR, whether a prescription automatically reaches the pharmacy, whether a discharge letter updates the SHR. Without interoperability, caregivers re-enter the same information into multiple systems — and the data produced cannot feed research or AI tools.

HL7 : Health Level Seven

The international standard for health data exchange between hospital systems, developed by HL7 International. It defines the format and structure of messages exchanged between the different software in a HIS — between the EHR, laboratory, pharmacy and imaging systems. HL7 is the established standard deployed in the vast majority of French and European hospitals. It exists in several versions: HL7 v2, still widely used in live environments, and HL7 FHIR, the more recent version based on web technologies.

✅ Galeon uses HL7 to ensure interoperability between its EHR and partner hospital systems.

FHIR : Fast Healthcare Interoperability Resources

The modern evolution of the HL7 standard, based on web technologies (REST API, JSON). FHIR simplifies data exchanges between systems and is mandated by the Ségur du Numérique programme for new software. In practice, the majority of French hospitals still run on HL7 v2 and are progressively migrating to FHIR. Both standards coexist in most institutions in 2026.

✅ Galeon is HL7 v2 compliant in its current deployments, in line with the infrastructure in production across its 19 partner hospitals.

MSS : Secure Health Messaging (MSSanté)

A secure email service reserved for French healthcare professionals, for exchanging confidential patient data. Mandated by the Ségur programme, it replaces fax and unsecured email. A Ségur-compliant EHR must allow sending and receiving patient documents via MSS directly from within the record, without leaving the software.

EHDS : European Health Data Space

European regulation being progressively deployed, creating a common framework for sharing health data between EU member states. It will progressively require hospitals to be able to transmit data in a harmonised FHIR format for cross-border patient care. It strengthens GDPR obligations and will apply to all healthcare institutions across the European Union.

4. Health Data and Hospital Funding

Structured vs unstructured data

Structured data is codified in a standardised format directly usable by software — diagnostic code, biological value, dosage. Unstructured data is free text — a discharge letter, a clinical note — whose information must be extracted before it can be used. According to the ANS, 80% of hospital medical data is unstructured. Galeon structures data at the point of clinical entry by the caregiver, without any additional step.

Unstructured data exists but cannot communicate. Structuring data at the source is the prerequisite for any AI-based exploitation.

PMSI : Hospital Activity Coding Programme

France's hospital medical activity coding system, managed by ATIH. Each stay is summarised in an anonymised discharge summary (RSA) that determines the GHM classification and therefore its funding. It is the foundation of T2A billing. PMSI coding quality depends directly on the richness and structure of data in the EHR.

T2A and GHM : Activity-Based Funding

T2A is the funding model for French public hospitals: revenue depends on activity coded into GHM groups (Groupes Homogènes de Malades — patient groups of comparable clinical complexity and cost). Inaccurate coding in the EHR classifies stays into under-valued GHMs, directly reducing revenue. For a hospital with an AMO budget of €60M, undercoding represents on average €1.2M to €3M in unclaimed revenue per year.

Medical billing

Every act performed in a hospital — consultation, surgical procedure, imaging examination, nursing act — must be documented in the EHR and transmitted to payers to be funded. In France, billing is based on official nomenclatures (CCAM for technical acts, NGAP for clinical acts) and flows through the PMSI for hospital stays. An act that is poorly documented or missing from the EHR is simply not billed — a direct revenue loss. The quality of data entry in the EHR directly determines the hospital's income.

Automated medical coding

An AI feature integrated into the EHR that analyses the clinical data entered during a stay to automatically suggest the most accurate codes at the point of billing. It reduces the manual workload of the medical information department (DIM) and improves stay valuation. Equipped institutions report recovering on average 2 to 5% of AMO revenue previously lost to undercoding.

💡 Automated coding is not a shortcut — it is a precision improvement. A DIM that validates algorithm suggestions is more accurate than one coding manually from partially completed records.

Health Data Warehouse (EDS)

Infrastructure that centralises and structures the clinical data of an institution to make it usable for research, operational management or AI algorithm training. The quality of a data warehouse depends entirely on the structure of data in the source EHR. A poorly structured EHR produces an unusable data warehouse, regardless of the warehouse tool chosen.

GDPR : General Data Protection Regulation

European regulation in force since 2018 governing the processing of personal data. Health data is a special category: mandatory legal basis, enhanced patient rights — access, erasure, portability — sanctions of up to €20M or 4% of global turnover. Any EHR project must be accompanied by a documented Data Protection Impact Assessment (DPIA) before deployment.

Privacy by Design

A GDPR principle requiring data protection to be built into a system from the design stage, not added at the end of a project. Any tender for an EHR or health software must require documented Privacy by Design architecture. Galeon was built on this principle: every feature is assessed for its data impact at the specification stage, before any development begins.

5. Operational Priorities for Hospital Leadership

Administrative burden

Time spent by caregivers on data entry and documentation in hospital software, at the expense of direct patient care. According to the Fédération Hospitalière de France, it accounts for 30 to 40% of physicians' working time. It is the number one digital problem cited by caregivers — and the first improvement any intelligent EHR must deliver.

PHM : Population Health Management

A tool for managing health at the scale of a territory or a hospital group. PHM analyses aggregated data to identify at-risk groups, anticipate resource needs and measure the effectiveness of health policies. Galeon offers a sovereign PHM solution, directly connected to its EHR, enabling RHAs and hospitals to manage their territory through data — without transferring any data to a third party.

Hospital cybersecurity

The full set of technical and organisational measures that protect the HIS from cyberattacks. Hospitals have become a priority target for ransomware: several French university hospitals have suffered major attacks in recent years. HDS certification, ISO 27001 compliance and NIS2 adherence are the three pillars of hospital cybersecurity. An attack can cost tens of millions of euros and paralyse care for weeks.

Telemedicine

Medical practice at a distance, regulated by law in France since 2009. It includes teleconsultation, teleexpertise — specialist advice at a distance — telemonitoring and teleassistance. Telemedicine must be integrated into the EHR so that data from remote acts is automatically recorded in the patient record and updates the SHR. More than 20 million teleconsultations were carried out in France in 2022.

FAQ

What is the difference between HDS and ISO 27001?

‍HDS is specific to France and covers health data hosting: it certifies that the technical infrastructure meets the requirements for hosting patient data. ISO 27001 is a broader international standard certifying overall information security governance across an organisation. The two are complementary : most French hospital public tenders require both together.

Is LAP certification different from LADS certification ?

‍Yes. LAP is specific to medication prescribing: it certifies the alerts displayed when a physician prescribes. LADS is a broader category covering all clinical decision support tools — diagnostic, prognostic, care pathway algorithms. Software can be LAP certified without being a LADS in the broader sense.
‍

How do I check whether software is listed on the Ségur catalogue ?

‍The ANS Ségur software catalogue is publicly available at esante.gouv.fr. Check that the vendor is listed and that the modules for which you are requesting funding are covered. A vendor may be partially listed, always ask for the exact scope.

What does NIS2 specifically require from a public hospital in 2026 ?

‍NIS2 requires documented cybersecurity governance under senior management responsibility, minimum technical measures — strong authentication, encryption, tested backups — and notification of any significant incident to the ANSSI within 24 hours. Senior management is personally responsible for compliance.

Does automated coding replace the medical information department (DIM) ?

‍No. Automated coding is a support tool: it suggests PMSI codes by analysing the clinical data in the record. The DIM validates, corrects and approves the suggestions. Institutions using it report that their DIM teams work from better pre-completed records with fewer errors and more time for complex cases.

Key Takeaways

Thirty terms, five families. Hospital systems (EHR, HIS, THG, SHR) form the organisational foundation. Mandatory certifications (HDS, ISO 27001, LAP, LADS, NIS2, HAS accreditation) define the legal and quality framework. Interoperability standards (HL7, FHIR, Ségur, MSS, EHDS) determine eligibility for public funding. Data and funding topics (PMSI, GHM, automated coding, data warehouse, GDPR) drive both care quality and hospital revenue. Operational priorities (administrative burden, cybersecurity, PHM, telemedicine) structure leadership decision-making.

Galeon : HDS, ISO 27001 and LAP certified, 3-time CES Las Vegas award winner, deployed in 19 French public hospitals including 2 CHUs with 3 million structured patient records applies all of these standards in live production.

A hospital whose EHR is LAP certified, hosted by an HDS and ISO 27001 provider, and whose inter-system exchanges comply with HL7 standards, has resolved three quarters of its digital regulatory obligations. That is the standard Galeon maintains across each of its 19 partner hospitals.

Read also: Blockchain Healthcare Glossary 2026

‍

Sources

• ANS : Agence du Numérique en Santé - HDS certification framework, Ségur du Numérique catalogue
• HAS : Haute Autorité de Santé - LAP and LADS evaluation frameworks, hospital certification procedure
• ATIH : Agence Technique de l'Information sur l'Hospitalisation - PMSI, GHM and T2A documentation
• ANSSI : French National Cybersecurity Agency - NIS2 guide for healthcare institutions
• CNIL : French Data Protection Authority - 2023 data breach report, health data framework
• HL7 International : HL7 v2 and FHIR R4 documentation
• European Commission : GDPR Regulation (EU) 2016/679 and European Health Data Space (EHDS)
• Fédération Hospitalière de France (FHF) : Survey on administrative burden for hospital physicians
• Assurance Maladie : Shared Health Record (DMP) 2024 report
• Galeon : Blockchain Swarm Learning® white paper, deployment data (19 hospitals, 3M records, 10,000 caregivers)

‍