Toutes nos fiches > The new HDS
Published on 04/22/2024
The new HDS, in plain English
The facts

A revised version of the Health Data Hosting (HDS) standard has been drawn up by the Agence du Numérique en Santé (ANS) and is currently being examined by the European Commission. The new HDS should come into force by the summer of 2024.

The context

The aim of HDS certification is to strengthen the protection of French healthcare data and build an environment of trust around eHealth and patient monitoring. It applies to all public or private entities that host, use or back up health data. In response to the growing cyber threat, the ANS launched an overhaul of the HDS standards in 2023, calling on users and service providers. The new text introduces more demanding criteria in terms of sovereignty and transparency.

What's new?What impact will this have on the hosting of health data?
European locationThe data will have to be stored on the territory of a member state of the European Economic Area. Organisations processing health data and/or their hosting provider will therefore need to ensure that they comply with this new requirement. If they do not, they will have to consider changing their cloud provider or offering.
Transfer and remote accessOrganisations and/or their hosting provider will have to contractually inform their customers of any transfers or remote access to data from a country that does not comply with the RGPD, specifying the associated risks. They must also detail the technical and legal measures implemented to limit these risks.
Immunity from the law
non-European		If hosting providers are not SecNumCloud-qualified, they will have to be transparent about their vulnerability to non-European laws. If they rely on a third-party hosting provider that is not SecNumCloud-qualified, organisations processing health data will have to ensure that the provider is transparent.
ISO 27001As the ANS requires certain changes to the ISO 27001 standard to be incorporated into the new HDS certification framework, organisations processing health data and/or their hosting provider will have to comply with these changes when renewing their HDS certification.
Analysis
Giuliano Ippoliti, Director of Compliance at Cloud Temple

"While the new standards do not provide for immediate alignment with the requirements in terms of immunity to extraterritorial laws in the famous article 19.6 of the SecNumCloud standards, this convergence is planned for 2027".

Who needs to be HDS certified?

If the organisation hosts the health data itself, it must obtain HDS certification.

On the other hand, if it subcontracts hosting to a third party, it is the host that must be certified.

Regulatory sheet
Previous sheet
Next page
Receive the latest cloud news
Subscribe to our newsletter
Cookie policy

We use cookies to give you the best possible experience on our site, but we do not collect any personal data.

Audience measurement services, which are necessary for the operation and improvement of our site, do not allow you to be identified personally. However, you have the option of objecting to their use.

For more information, see our privacy policy.

Authorise Refuse