The Hébergeurs de Données de Santé (HDS) regulation is issued by ASIP Santé which, under the French Ministry of Health, is responsible for promoting electronically based healthcare solutions in France.
HDS requires that service providers implement measures that keep personal health data secure, confidential, and accessible by patients. These measures include strong authentication and authorization procedures, robust backup systems, and powerful encryption methods. HDS also specifies mandatory provisions that must be included in contracts with cloud service providers. These requirements apply no matter where the data is stored.
HDS is relevant for service providers processing personal health data under French law
HDS combines elements from ISO 27001, ISO 20000 and ISO 27018 with five new requirements.
The HDS 1.1 add-on contains:
- Implementation guidelines for 2 existing ISO 27001 clauses (4.3 and 6.1.3)
- Implementation guidelines for 2 existing ISO 27001 controls (A.12.3.1 and A.12.7.1)
- 4 clauses derived from ISO 20000
- 5 new clauses
- References to 24 required ISO 27018 controls (A.6.1.1, A.12.4.1, B.2.1, B.3.1, B.5.1, B.6.1, B.6.2, B.10.1, B.10.2, B.10.3, B.11.1, B.11.2, B.11.3, B.11.4, B.11.5, B.11.6, B.11.7, B.11.8, B.11.9, B.11.10, B.11.11, B.11.12, B.11.13, B.12.1)
- Additional implementation guidelines for 4 existing ISO 27018 controls (B.3.1, B.10.3, B.11.8, A.12.4.1, B.12.1)
- A mapping table, so you can cross reference these requirements against the different roles (physical infrastructure and/or IT managed services providers)
The HDS 1.1 add-on requires the ISO 27018 add-on to function properly.
Instant 27001 add ons can be installed by importing them and subsequently merging them with the existing content. Instructions to do so are included. Alternatively, you can let us do the work for you!
- HDS 1.1 add-on: € 495 (for existing Instant 27001+27018 clients)
- Instant 27001 + ISO 27018 add-on + HDS 1.1 add-on: € 3485
Depending on your location, local taxes may apply (read more).