The French Public Health Code (Article L.1111-8) requires that service providers which host
certain types of personal health information (PHI) receive HDS (Hébergeur de Données de Santé)
certification.
The HDS certification framework is based on international certifying standards as well as on
additional requirements such as:
- • the entire ISO 27001:2013 standard relating to
information security management,
- • ISO 20000-1:2012 requirements standard dedicated to
service quality management system,
- • Personal Identification Information (PII) requirements
standard ISO 27018:2014
- • Specific requirements for hosting health data
The requirements to be implemented differ depending on whether you provide an outsourcing
service (a SaaS application publisher for example) and/or an infrastructure hosting service (a
data center provider for example).
Accreditation is divided into 6 main families of services, described as below, it can have in
its scope a single service, several or all.
