Healthcare data hosting (HDS)

Health data hosting (HDS) must be carried out under security conditions appropriate to their criticality.

Getting started

Any natural or legal person who hosts health data on behalf of persons responsible for the production or collection of such data, or on behalf of the patient himself or herself, must have the necessary and sufficient features to guarantee its security, and in particular its confidentiality.

.

The health data concerned are the personal health data, collected on the occasion of health or medico-social care.

A certificate of compliance, HDS certificate, issued by certification bodies attests to the compliance of hosting providers with the security requirements defined in the HDS referential.

This control is in the spirit of RGPD.

In practice

Check out the list of HDS certified hosts, and select one that suits your needs

When ?

When you are going to process données de santé à caractère personnel réel it will be necessary to have an operational "HDS" certified host

Compliance

Public Health Code

The legal framework governing the hosting of personal health data applies regardless of the nature of the actor, as soon as that actor offers a personal health data hosting service to third parties.

March 12, 2020 - Article R1111-8-8

The activity of hosting personal health data mentioned in I of article L. 1111-8 consists of hosting personal health data collected in the course of prevention, diagnosis, care or social and medico-social monitoring activities

.

Consult Art R1111-8-8

March 12, 2020 - Article R1111-9

The hosting of personal health data on digital media is considered to be the carrying out of all or part of the following activities on behalf of the data controller:

.

1/ The provision and maintenance in operational condition of physical sites;
2/ The provision and maintenance in operational condition of hardware infrastructure;
3/ Provision and maintenance of virtual infrastructure;
4/ Provision and maintenance of the application hosting platform;
5/ Administration and operation of the information system containing health data;
6/ Backup of health data.

Consult Art R1111-9

RGPD

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (RGPD)

Consult Regulation (EU) 2016/679

HDS certification guidelines

Check out the Certification Reference Guide

Frequently asked questions

FAQ

Training

Link to the e-santé-formation platform

Documentation

Decree 2018-137 of February 26, 2018 defines the certification procedure and organizes the transition between accreditation and certification. The order approving the accreditation and certification reference systems published on June 29, 2018 opens up the HDS accreditation scheme. Hosters will be able to apply for an HDS certificate from any certification body that has completed the accreditation procedures with COFRAC (Comité Français d'Accréditation).

Decree 2018-137 of February 26, 2018 Go to doctrine, page 22 HDS presentation sheet Ministry clarifies HDS scope of application

Our experts on the subject

Frédéric Law Dune,

Agence du numérique en santé

Contact our experts

G_NIUS saves you time

Tools to help you with your project.

Finding your way around technical doctrine

The technical doctrine presents the actions of the ministerial roadmap for the digital shift.

Access the doctrine compass