HDS compliance software for French health-data hosting.

Q: What is HDS?

HDS (Hebergeur de Donnees de Sante) is the French certification - made law by decree 2018-137 - mandatory for any organisation hosting personal health data on behalf of a French health professional or institution. Six perimeters cover physical, virtual, platform, operations, backup and archival activities.

The six HDS activities pre-loaded (physical, virtual, platform, operations, backup, archival), ISO 27001 mapping, sub-processor register with HDS-status tracking, BCP scheduling, and the evidence pack a COFRAC-accredited certifier expects. Built for cloud providers, EHR vendors, telemedicine platforms and clinical-trial SaaS.

Open the portal See pricing

What is HDS?

HDS (Hebergeur de Donnees de Sante) is a French certification, made mandatory by decree 2018-137, for every organisation hosting personal health data on behalf of a French health professional or institution. The standard divides hosting into six perimeters (activites) and a provider declares which ones apply to its service.

Who needs to comply

Cloud providers offering health-grade IaaS, PaaS or SaaS in France
EHR (DPI / DMP) vendors and telemedicine platforms
Clinical-trial / e-CRF SaaS
Mobile-health apps storing data on behalf of doctors or hospitals

Key HDS controls covered by Dazr

Six activitesChoose your perimeters: 1 physical, 2 virtual, 3 platform, 4 operations, 5 backup, 6 archival.

Sub-processor registerList sub-processors with their HDS / equivalent certification status. Reviewed twice a year.

DisponibiliteBCP with clinical-grade RTO/RPO. Annual test logged.

ConfidentialiteAES-256 at rest, TLS 1.2+. BYOK option, tenant isolation pentest.

Health-IR runbookIncident process aligned with HDS, GDPR and ARS notification deadlines.

3-year audit cycleBooking calendar with COFRAC partner + remediation tracker.

What auditors look for

A COFRAC-accredited certifier walks the six activites you've declared, samples evidence per control, and asks for the BCP test result + the sub-processor list. Annual surveillance is shorter but the same evidence is requested. Dazr keeps it all live in one workspace.

How Dazr helps with HDS

Pre-loaded controls per HDS perimeter
Sub-processor register with HDS status per partner
BCP schedule + annual restore test tracker
Run HDS alongside ISO 27001, GDPR / RGPD and NEN 7510 in one workspace
Hand the certifier a read-only view or a single-PDF audit trail

Back to the full Dazr Compliance overview › | Sign up free ›

HDS questions, answered.

What is HDS?

The French certification - made law by decree 2018-137 - mandatory for any organisation hosting personal health data on behalf of a French health professional or institution.

Who has to comply?

Any party hosting French personal health data: cloud providers, EHR vendors, telemedicine platforms, clinical-trial SaaS, mobile health apps storing data on behalf of doctors or hospitals.

How long is the certification valid?

Three years, with annual surveillance audits by a COFRAC-accredited certifier.

Where is data hosted?

European Union only. AES-256-GCM at rest. EU jurisdiction and processing.

Ready to start your HDS program?

Free for one user. Pro €29/mo and Enterprise €299/mo are self-serve via Mollie. Custom (from €800/mo) is the only tier on a contract.

Open the portal All frameworks