Health data hosting (HDS) must be carried out under security conditions appropriate to the data's criticality.
Any natural or legal person who hosts health data on behalf of the persons who produced or collected the data, or on behalf of the patients themselves, must have the necessary and sufficient characteristics to guarantee the security of the data, and in particular its confidentiality
The health data in question are personal health details collected in the course of health care or social care
A certificate of compliance, called an HDS certificate, issued by certification bodies attests to the hosting companies’ compliance with the security requirements defined in the HDS standard.
This control is done in the spirit of the GDPR.
Consult the list of HDS-certified hosts, and select one that meets your needs
When you are going to process real personal health data, it will be necessary to have an operational "HDS"-certified host
Public Health Code
The legal framework governing personal health data hosting applies to any stakeholder, regardless of its type, that offers a service of personal health data hosting to third parties.
12 March 2020 - Article R1111-8-8
The activity of personal health data hosting mentioned in paragraph I of Article L. 1111-8 consists of hosting personal health data collected during prevention, diagnosis, and medical or social care monitoring activities.
12 March 2020 - Article R1111-9
Hosting personal health data on a digital medium is defined as carrying out of all or some of the following activities on behalf of the data controller:
1. Providing the physical sites and keeping them in operational condition
2. Providing the hardware infrastructure and keeping it in operational condition
3. Providing the virtual infrastructure and keeping it in operational condition
4. Providing the application hosting platform and keeping it in operational condition
5. Administration and operation of the information system containing the health data
6. Backing up the health data.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (GDPR)
HDS certification standard
Frequently Asked Questions
Decree 2018-137 of 26 February 2018 stipulates the certification procedure and modalities of transition from the old accreditation to the new certification. The decree approving the accreditation and certification reference texts published on 29 June 2018 signalled the introduction of the Health Data Hosting (HDS) certification system. Hosts can request a Health Data Hosting (HDS) certificate from any certifying body that has obtained accreditation from COFRAC.
Our experts on the subject
Finding your way around the technical framework
The technical framework describes the actions in the ministerial roadmap for the eHealth shift.