In the event of a security incident, our Rapid Response Force is available 24/7. 

Obtain and maintain your Health Data Hosting (HDS) certification

Formind can help you in your HDS certification process, a guarantee of optimum protection for your customers’ healthcare data.

Contact us


In 2022, according to the French government’s Centre de veille, d’alerte et de réponse aux attaques informatiques (CERT),
588 cyberattacks targeted healthcare establishments.
 “A first analysis of the impact of cyber-attacks on healthcare facilities” – Healthcare Data Institute – 2023

Greater confidence and security for your customers and healthcare partners

Are you a legal entity in charge of processing patient health data? A medical and/or medico-social structure? Are you an outsourcer or host of an Information System (IS) containing personal health information? Formind can help you achieve mandatory certification of your systems by an accredited organization.

Healthcare establishments and their IT partners are increasingly subject to intense and numerous cyberattacks (ransomware, phishing campaigns, …). HDS certification enhances the resilience of your information system, providing a guarantee of reinforced governance regarding the confidentiality, integrity, and availability of healthcare data. Obtaining and maintaining this certification provides a double benefit: guaranteeing the highest standards of data governance and maintaining the confidence of those involved in your data processing.

Choose Formind’s help for your HDS certification

Certify your IS on a recognized standards base

Our support for HDS certification involves checking all the control points of ISO 27 001, the recognized standard for information governance and security.

Test the governance of your healthcare data

Our auditors ensure that the best practices promoted in cybersecurity are planned, implemented, monitored, and improved over time

Maintaining normative synergy

Our expertise enables us to identify any discrepancies with the General Data Protection Regulation (GDPR), which also covers your customers’ health data.

Why get HDS certification support?

Meeting a legal obligation

Since law n°2016-41 of January 26, 2016, article L. 1111-8 of the public health code has been reformed.
HDS certification is now required for any organization that hosts or operates a healthcare information system, or backs it up on behalf of a healthcare establishment.

Promote comprehensive governance of your healthcare data security

Based largely on the ISO 27 001 standard, HDS certification adds a specific “healthcare data” layer to an already robust standard recognized by cybersecurity professionals.

Better control your cyber risks

HDS certification guarantees continuous improvement of your information security management system. Risks are better known, corrective measures are better identified and more rapidly deployed. Your key functions can drive continuous improvement in the governance of your customers’ data.

Ensuring a high level of customer confidence

The more HDS-certified your services are, the more likely your customers are to use them. If your customers have confidence, the people whose health data you process will also have confidence in the respect for their data and their privacy.

Our customer references

Business sector: Technical concentrator and remote health data transmitter

Background & Objective:

  • With a view to build trust with its customers, this technical healthcare data concentrator aims to meet the regulatory requirements incumbent on it, as part of its healthcare data remote transmission activities (GDPR, “PGSSI-S”).
  • It was against this backdrop that Formind was entrusted with the implementation of its ISMS, with the aim of achieving dual ISO 27001 and HDS certification.

Mission description:

  • Reliable gap analysis regarding ISO 27001 requirements and those specific to healthcare data processing.
  • Formalize a costed action plan and a roadmap for the implementation of a certified information security management system (ISMS) and identify the elements of compliance specific to healthcare data processing (“PGSSI-S”).
  • Plan and implement compliance actions
  • Conduct a blank audit and coaching of employees prior to the certification audit

Business sector: Data hosting service provider

Background & Objective:

The challenge for this data hosting provider was to re-certify the scope of its cloud offering based on ISO 27001 and HDS standards, in order to guarantee and maintain the confidence of its healthcare data backup customers. The objective of the assignment entrusted to Formind was to carry out a blank audit of this service provider as part of a three-year program.

Mission description:

  • ISO 27001 and HDS documentation review
  • Audit interviews and assessment of proof of implementation
  • Awareness-raising on ISMS improvement opportunities and coaching of respondents to the certification audit

Business sector: Telecommunications

Background & Objective:

The challenge facing this Cloud service provider for a major telecoms group was to obtain ISO 27001 and HDS certification for the hosting of its B2B customers’ data and the operation of its infrastructures.

Mission description:

  • Maturity analysis and production of an ISO 27001 and HDS compliance plan
  • Production of the ISO 27001 and HDS documentary corpus
  • Supporting implementation and collecting evidence of implementation
  • ISO 27001 and HDS blank audit


Is HDS certification mandatory for your activities?

6 distinct cases require HDS certification. Certification is required if your activity corresponds to one of these cases:

  • If you provide hosting services for physical infrastructure…
    • Provision and maintenance in operational condition of physical sites hosting the hardware infrastructure of the information system used to process healthcare data.
    • Provision and maintenance in operational condition of the hardware infrastructure of the information system used for health data processing.
  • If you provide outsourcing hosting services…
    • Provision and maintenance in operational condition of the information system’s application hosting platform.
    • Provision and maintenance in operational condition of the virtual infrastructure of the information system used for health data processing.
    • Administration and operation of the health data information system
    • Outsourced healthcare data backups

Where can I find a list of COFRAC-accredited certifiers for HDS certification?

The list of approved HDS certification bodies can be found on this page of the Agence du Numérique en Santé

How long does it take to obtain HDS certification?

3 years, with a surveillance audit every year.

Let's stay in touch

Our experts can provide you with ongoing support for your cyber issues. Do you have a question? You’ve come to the right place, and we’ll get back to you within 24 hours!

Contact us