HDS (Hébergeur de Données de Santé)

French hosting framework for Personal Health Information.

The French Public Health Code (Article L.1111-8) requires that service providers which host certain types of personal health information (PHI) receive HDS (Hébergeur de Données de Santé) certification. Introduced by the French governmental agency for health, ASIP Santé (Agence Française de la Santé Numérique), HDS provides a framework to strengthen the security and protection of PHI.

To achieve HDS certification, providers must achieve a detailed list of activities, referred to as “perimeters.” These requirements apply no matter where the data is stored.

BrightInsight’s HDS certification covers all of the perimeters:

The provision and maintenance in operational condition of the application platform hosting the information system.
The provision and maintenance in operational condition of the virtual infrastructure of the information system used for the processing of health data.
The administration and operation of the information system containing the health data.
Backup of health data.

You can view our HDS official certificate here in English or French.

Business name of the actor	BrightInsight
Role in the hosting service (Host / Processor of the Host)	Processor
HDS certified (yes/no/exempted)	Yes
SecNumCloud 3.2 qualified	No
Hosting activities in which the player is involved	Documented in Client Master Agreement (CMA)
Access to personal health data from countries outside the European Economic Area, by the Host or one of its processors	Yes — covered by an adequacy decision within the meaning of Article 45 of the GDPR. Countries involved are documented in the client-specific CMA Appendix I.
Host or processor subject to a risk of access to personal health data from countries outside the EEA, imposed by the legislation of a third-party country in breach of EU law	No