Mapping a Hospital Information System

#architecture #healthcare #opensource

1 — About me

I’m a software engineer who spent more than a decade designing application architectures in banking.

Since 2022 I’ve served as transversal architect for several public hospitals (~ 300 apps, 500 data flows). My role: give CIOs and operations a dual view—strategic and hands-on—of their digital ecosystem.

2 — Starting point

No global map – every silo had its own PowerPoint.
No flow matrix – impossible to size cyber-exposure or dependencies.
Sparse documentation on many off-the-shelf products.

Impact: governance suffered from limited visibility, slowing territorial convergence and compliance work (PGSSI-S, HAS 2025).

3 — Method: follow the ANSSI playbook

The French cyber-agency guide “Mapping an Information System in Five Steps” provides the backbone:

establish the stakes,
collect reality,
pick tooling,
produce the views,
keep the map alive.

4 — Micro view: an ANSSI-aligned cartography engine

To capture the nuts-and-bolts layer—processes, applications, assets, flows, criticality—I rely on an open-source engine built around the ANSSI meta-model.

Strengths

multi-user workflow & JSON API
out-of-the-box alignment with EBIOS risk analysis
easy to script exports for DevSecOps pipelines

Trade-offs

substantial first data load (time + people)
information-dense diagrams: perfect for engineers, too detailed for an executive “big picture”

5 — Macro view: a Draw.io schema

To bridge that big-picture gap, I built a Domain → Process → Application diagram (criticality, hosting model, mutualisation). Great for the C-suite—even if it can’t generate KPIs on its own.

6 — Dual tooling & data pipeline

Angle	Tooling choice	Purpose
Granular / operational	ANSSI-aligned cartography engine	Live knowledge base; validates new flows; links to biomedical assets
Macro / indicators	it-lanscape (my OSS repo)	Nightly JSON → static dashboards: process similarity, mutualisation rate, etc.