Hébergeur de Données de Santé (HDS)

Overview

Introduced by the French governmental agency for health, “Agence du Numérique en Santé” (ANS), the HDS (Hébergeur de Données de Santé) certification aims to strengthen the security and protection of personal health data. Achieving this certification demonstrates that AWS provides a framework for technical and governance measures to secure and protect personal health data, governed by French law. The HDS certification validates that AWS ensures data confidentiality, integrity, and availability to its customers and partners. AWS worked with an independent third-party auditor to achieve the certification.

• What is the benefit of HDS?

  HDS certification provides the necessary assurance of information security for companies who wish to host the healthcare data of French citizens in the cloud.
  

• Which AWS services are in scope for HDS?

  To be HDS certified, an IT provider must be ISO 27001 certified. This means that the services covered by our ISO 27001 certification are included in the scope of HDS. The AWS services that are in scope for the ISO/IEC 27001:2013 certification can be found on the ISO Certified webpage. 

• What regions are in scope of the HDS certification?

  The HDS certification currently covers the following AWS Regions: Asia Pacific (Jakarta), Asia Pacific (Seoul), Asia Pacific (Mumbai), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Milan), Europe (Paris), Europe (Stockholm), Europe (Zurich), Middle East (UAE), South America (Sao Paulo), US East (Northern Virginia), US East (Ohio), US West (North California), and US West (Oregon).
  

• Can I get a copy of the AWS HDS Certification?

  Yes. AWS' HDS certification can be downloaded from AWS Artifact. The HDS standard can be found at the ANS website here.

• What is the HDS certification scope that AWS achieved?

  AWS achieved HDS certification in the following areas:

  A "physical infrastructure host" certificate for the provision of physical hosting and physical infrastructure activities

  1.) Provision and maintenance in operational condition of physical sites to host the physical infrastructure of the information system used for health data processing.

  2.) Provision and maintenance in operational condition of the physical infrastructure of the information system used for health data processing

  A "hosting provider" certificate for virtual infrastructure provisioning, software platform provisioning, administration / operations, and outsourced backup activities

  3.) Provision and maintenance of the information system application hosting platform

  4.) Provision and maintenance of the virtual infrastructure of the information system used for health data processing

  5.) Administration and operation of the information system containing health data

  6.) Health data backup
  

• How does AWS’ HDS certification benefit customers seeking to obtain their own HDS certification?

  As per the Shared Responsibility Model, AWS' HDS certification demonstrates the "Security of the Cloud," enabling customers to focus their resources on items related to "Security in the Cloud" in connection with their HDS certification process.
  

• Do I need to be HDS certified if AWS already has HDS certification?

  As per the Shared Responsibility Model, it is our customers’ responsibility to evaluate their own compliance requirements. Please review the ANS website for more details.