Win 1 year's access to Information Security E-Learning at our 50th Cyberzone(register)

What is HDS?

HDS certification is a legal requirement for any third-party organization that hosts personal health data on behalf of healthcare providers—including cloud service providers, IT companies, and software vendors. Beyond regulatory compliance, it is a key component of Europe's digital sovereignty strategy. By promoting cybersecurity best practices and alignment with GDPR and international standards, HDS fosters a secure, competitive, and resilient digital healthcare ecosystem.

Contact an consultant
HDS logo
Find out more about :
ISO 27001
ISO 9001
HDS
TISAX
SECNUMCLOUD
SOC 2
GDPR
NIS 2
ISO 20000
ISO 13485
Contents
1. What is HDS?2. Why is HDS essential?3. HDS key points 4. Certification5. FeelAgile tips for HDS6. The benefits of HDS compliance7. Frequently asked questions
HDS resources
More content on HDS
- ⏯️ Feedback on HDS support
Contact an consultant

What is HDS?

The HDS standard is a certification framework that defines the requirements for secure hosting of healthcare data in France. It is based on the international ISO 27001 standard, which governs information systems security management, and adds obligations specific to the healthcare sector.

HDS certification is legally required for any third-party organization that hosts health data on behalf of healthcare professionals or institutions.

Why is HDS a must?

HDS certification guarantees the security of healthcare data, protecting it against cyber-attacks, unauthorized access and accidental loss. It also ensures respect for medical confidentiality and patients' rights to privacy. By imposing strict requirements, it guarantees the reliability, availability and integrity of hosting services, thereby reinforcing trust between industry players.

Beyond data protection, HDS certification is part of a strategic approach to strengthening digital sovereignty in Europe. It fosters a competitive and secure digital healthcare ecosystem by encouraging organizations to adopt cybersecurity best practices, while ensuring their compliance with regulations such as the GDPR and international standards.

A new version of the HDS repository

The new version of the HDS certification standard was published in the Journal Officiel on May 16, 2024, and is applicable from November 16, 2024.

For more content, visit our YouTube page

HDS key points

To obtain HDS certification, organizations must comply with ISO 27001:2022 by implementing an Information Security Management System (ISMS). This system must include requirements specific to healthcare data, including:

  • Identifying stakeholders, such as customers and subcontractors.
  • Managing the risks associated with the subcontracting chain, to ensure optimum protection of sensitive data.

Certification is also based on a number of essential safety checks:

  • Strict partitioning of environments (development, test, production) to limit the risk of error or data leakage.
  • Rigorous access management, applying the principle of least privilege to limit rights to authorized users.
  • Secure change management, to adapt infrastructures without compromising data integrity.

In terms of digital sovereignty, certification requires that :

  • Data must be hosted in the European Economic Area (EEA).
  • All international data transfers are documented, with precise mapping and appropriate protection measures.

HDS certification focuses on the availability and continuity of data access. Certified infrastructures must ensure permanent access to healthcare information, even in the event of an emergency or breakdown, to avoid any critical interruption in patient care.

For further details on the standard, our experts are at your disposal.

Contact an consultant

Certification

The HDS certification cycle begins with preparation for the audit: choice of a certification body and implementation of an ISO 27001-compliant ISMS.

The audit takes place in two phases: a document review of policies and procedures, followed by an on-site audit of infrastructures and systems.

If the assessment is positive, a committee validates HDS certification for three years, often in conjunction with ISO 27001. Annual audits ensure compliance, and a renewal audit is required after three years.

1. Documentary audit

Review of documents to ensure compliance with standards.

2. On-site audit

On-site technical and organizational assessment.
Office

3. Certificate award

Committee review and award of certificate (valid for 3 years)

Tips from FeelAgile

Achieving HDS certification is a complex process, requiring a thorough understanding of security and compliance requirements. Expert support can help you avoid common mistakes, optimize compliance and prepare for the audit with confidence.

Here are the most important tips for successful HDS certification:

Raising employee awareness

To ensure effective application of HDS requirements.

Defining the scope

Avoid errors during the audit and structure your compliance approach.

Avoiding data transfers outside the EU

Alternatively, they can be carried out under strict conditions, such as standard contractual clauses (SCC) or equivalent, so as not to complicate the certification process.

Secure technical environment

With sufficient traceability of DSCP access.

The benefits

HDS certification offers a major competitive advantage, enabling companies to enter a regulated market, enhance their reputation and build lasting trust with customers and partners, while guaranteeing optimum security for sensitive data.

Access to the regulated market

HDS certification is mandatory for hosting healthcare data in France, and is a prerequisite for access to this fast-growing market. It enables companies to offer their services in a highly regulated sector, particularly for healthcare providers and digital solutions.

Enhancing credibility and reputation

Being HDS-certified demonstrates a commitment to security and legal compliance, reinforcing the company's reputation with customers, partners and healthcare institutions.

Competitive positioning

HDS certification enables companies to stand out in national and international markets by demonstrating their ability to manage sensitive data to the highest standards. This is a strategic advantage when bidding for tenders or collaborating with players in the medical sector.

FAQ

Frequently asked questions

All you need to know about the HDS standard

Who is concerned by HDS certification?

Which organizations issue this certification?

Do I need to be ISO 27001 certified before I can apply for HDS certification?

Should I call in an external consultant?

Our experts will get back to you within 24 hours.

Do you have any questions? Would you like a quote for certification or support?

+33 01 84 80 83 47
commerce@feelagile.com
+ More than 180 companies place their trust in us
jamespot logo
auqfood logo
SBS Interactive logo
Logo seqino
Logo aniah
Logo airon telematica
Join our newsletter
1 email/month

Cybersecurity tips, analyses and news delivered to your inbox every month! 

Services
Certification support
Compliance
Maintaining conformity
HDS support
ISO 27001 support
ISO 9001 support
Oversecur support
Solution (Oversecur)
The Oversecur tool
Offers
Training
GDPR
Information security
Health data
ISO 27001
ISO 9001
HDS
SECNUMCLOUD
Standards & Guidelines
ISO 9001
ISO 27001
HDS
TISAX
SecNumCloud
SOC 2
NIS 2
GDPR
ISO 20000
ISO 13485
Resources
Blog posts
Manager's guide
Webinars & Events
ISO 27001 self-diagnosis
About us
About us
Contact us
FeelAgile white logo
qualiopi certified logo

2025 FeelAgile

qualiopi certificate
Privacy policy
Terms of use