CLIENT TESTIMONIAL

1- Could you briefly introduce yourself: your company, your position and your responsibilities?

​

" Hello, my name is Quentin Paulik. I'm a general practitioner in Lyon, and I'm also the co-founder and chairman of Marti, a company whose aim is to make it easier to care for patients with whom there are communication difficulties in the world of healthcare, particularly in emergency departments.

 

Marti is an application that enables these people to express their symptoms and health problems (including antecedents, allergies, their social situation, etc.) before the consultation (i.e. in the waiting room) and from their smartphone. The application is currently available in 12 languages, and it also uses pictograms to make it easier for healthcare staff and patients to understand each other. I co-founded this tool with Ilies Haddou, who is also a doctor, and I am currently the Chairman.

 

So I'm in charge of business management, medical development of the tree structures, sales development to make us better known, and I'm also in charge of testing the tool in various hospitals."

 

 

​

2- For what type of need did you call on CyberSecura? What was the trigger?

​

"The Marti solution collects and processes a huge amount of health data. Patients arrive in the emergency department and answer medical questions using our application. Up until then, we had carried out some initial experiments, and while we had thought about a solution that was compatible with the GDPR, because we were familiar with the issues, we hadn't surrounded ourselves with a DPO or experts in the field.

 

I quickly realised that we were legally obliged to carry out an Privacy Impact Assessment (PIA) with the CNIL. I didn't feel able to do this work on my own, so I started looking at companies offering GDPR expertise. That's how I came across CyberSecura, a company that had also been recommended to me by Romain Porcheron of Ahdoc."

 

 

​

3- Why did you choose to entrust these missions to CyberSecura rather than to someone else?

​

"We chose to entrust these tasks to CyberSecura for a number of reasons. Firstly, because the company had been recommended to us. Secondly, I was aware of the many customer testimonials the company had produced, and the initial contact with David also went very well. I wanted to work with professionals who were familiar with the world of healthcare, and David has a wealth of experience in the hospital sector. For these reasons, CyberSecura ticked all the boxes. What's more, you weren't too far away physically."

 

 

​

4- Did you have any fears before setting up the project?

​

"Yes, some of them, and in particular fears that I didn't have a sufficient grasp of these issues, that I wasn't in a position to understand this somewhat technical expertise. This could have complicated our collaboration and made it less effective. In the end, the fear turned out not to be correct! David and Marine are very good at simplifying the various elements when necessary, while at the same time having a perfect grasp of the subject of the GDPR. Everything seemed very professional to me! "

 

 

​

5- In your opinion, what are the challenges facing your business today?

​

"To be honest, the main challenge is to create. We are offering a rather innovative product, which is not currently available. 

It's a real challenge to introduce somewhat structural innovations into healthcare systems that are not used to them. 

It's also a real economic challenge, in terms of finding a viable economic model for our tool.

And then, of course, there's also the real issue (all the more so today) of the confidentiality of medical data, with the risks of leaks that exist. 

These are increasingly regulated areas in the healthcare sector, so we had to comply with the legislative and regulatory framework from the outset."

 

 

​

6- How would you describe the work carried out by CyberSecura and its team, in just a few words?

 

"I'll describe CyberSecura's work by talking about the quarterly meetings that have been organised, by video, and I'll also talk about the regular exchanges by email (exchanges in which CyberSecura sends us the documents we ask them for, etc.)."

 

 

​

7- What are the results of this collaboration?

 

"The main result of the collaboration, at present, is that we already have two large privacy impact assessment documents (PIA): one for the patient side, and one for the carer side. These documents will enable us to comply with the GDPR legislation progressively. 

 

In terms of results, I would also talk about the team's awareness of the issues surrounding cybersecurity, data confidentiality, how to guarantee data confidentiality, and how to structure our application in line with these elements. 

 

What's more, having CyberSecura as our outsourced DPO meant that whenever we had a question from a customer or a patient using our tool, we could refer it to the DPO. We really appreciated this, because the CyberSecura teams are used to managing and dealing with requests of this kind. We were therefore pleased to be able to delegate this aspect of responding to requests from customers and users of the application."

 

 

​

8- What did you appreciate the most in the solution provided by CyberSecura?

 

"I'd say proximity, because you can feel that they're really interested in what we're doing and where we're at. We felt a real interest in the project, and a real desire to understand and get to the bottom of things. We also really appreciated the exchange, which was transparent and instantaneous. 

​

The collaboration was both fluid and pleasant."

​

​

​

9- Conversely, were there any elements that you missed, any solutions that you didn't find in our offerings? How could we have improved?

​

"I think I'd probably have appreciated it if we'd been challenged a bit more about our application and its architecture. But in the end, I think we would have appreciated advice that was a little more technical, a little more technological, about "how to make our solution secure and locked".

So maybe that was lacking a little bit, but that wasn't why we called on CyberSecura this year."

​

​

​

10- What advice would you give to companies facing the same problem / having the same project as you? 

 

"I would advise them to take an early interest in cybersecurity and GDPR issues, because if these challenges are not integrated into the solution architecture from the outset, it can be very complicated to go back on them later.

 

It's true that we very quickly felt this regulatory barrier when we started wanting to test our application. For example, we're testing our application with the AP-HP (i.e. Assistance Publique - Hôpitaux de Paris, AP-HP is a university hospital centre with an international dimension), and we really feel that CyberSecura's support makes a difference, it's reassuring. It's because we call on CyberSecura and because we've put in place concrete things that we've been able to experiment with.

 

This regulatory aspect can very quickly become an obstacle. So even if it generates costs at the outset, it's still essential to do it as early as possible, so as not to find yourself blocked, forced to backtrack on certain technical aspects, simply because you haven't taken these regulatory constraints into account."

​

 

 

​

11- Would you recommend CyberSecura to others? Yes / No, for what reason(s)?

​

"After all I've said yes, obviously. Although I don't have many references in this field from IT security and digital compliance professionals, I was in any case very satisfied with this support. I'd recommend their services 100%, for their professional approach, for their proximity to the customer, for their ability to adapt to people who aren't necessarily very familiar with these issues: they know how to be technical and go into detail when they need to, but they also know how to explain things in simple terms, so yes, I'd recommend them!"