Back to blog
What is HDS Certification?
HDS stands for Health Data Hosting (Hébergeur de Données de Santé).
It is regulated under the French Public Health Code and applies to any entity hosting or managing health data on behalf of third parties. The certification follows a framework defined by the French government and is audited by accredited organizations under the supervision of the Agence du Numérique en Santé (ANS).
Unlike voluntary standards, HDS certification is legally mandatory. It applies not only to hospitals or medical software providers but to any player handling patient-identifiable information or care pathways. HDS certification doesn’t just validate a technical environment, it covers all human, organizational, and technological measures put in place to secure health data throughout its lifecycle.
Why is HDS Certification Important?
HDS certification sets the rules for how health data is hosted, protected, and used. It prevents data loss, tampering, or unauthorized access while ensuring service continuity.
It also provides legal clarity. HDS requirements cover access traceability, incident management, environment security, and GDPR compliance. For healthcare organizations, this reduces operational risk and simplifies interactions with regulators.
Certification also strengthens contractual relationships by clarifying responsibilities, reducing ambiguities, and streamlining audits. The result: smoother projects and faster deployments.
Who is concerned by HDS certification?
HDS certification applies to any organization hosting or processing health data for third parties, regardless of their role in the digital chain.
Relevant actors include:
Cloud providers and data center operators handling health data
Health software vendors (medical SaaS, hospital solutions, monitoring platforms)
IT providers managing systems containing health data
Communication or digital service platforms processing personal health information
Examples of covered data:
Medical records and consultation reports
Lab or imaging results
Data from connected medical devices
Patient monitoring and care pathway information
Administrative data for reimbursements or hospital management
Whenever an organization handles such data, a certified HDS solution becomes essential.
CM.com: A Unique HDS-Certified CPaaS Solution
Being HDS-certified means the entire platform complies with hosting and processing standards for health data.
At CM.com, certification is achieved in-house. Hosting, management, and security are not outsourced to a third-party.
This reduces technical dependencies and simplifies compliance. Healthcare clients benefit from a single point of responsibility and clearer pricing, without multiple intermediaries.
In practice, this secures sensitive communications and enables seamless integration of digital patient journeys.
The Six Scopes Covered by HDS Certification
HDS certification covers six complementary areas across the full lifecycle of health data, from physical infrastructure to application operations:
Secure premises, including physical access control and data center protection
Hardware infrastructure, including servers, networks, and storage equipment
Hosting platform, ensuring availability and resilience
System management, including supervision and maintenance
Application administration, ensuring reliable service operation
External backup, essential to prevent data loss
All areas are regularly audited by accredited organizations, checking both technical systems and internal procedures, incident management, action traceability, and team training.
HDS Certification vs ISO 27001: Key Differences
ISO 27001 sets an international standard for information security management, defining internal processes, risk analysis, and security governance.
HDS certification builds on ISO 27001 but goes further, addressing the specific French healthcare context with legal obligations, enhanced traceability, and controls tailored to medical data.
ISO 27001 is useful, but not sufficient for hosting health data in France. HDS certification is the legal reference framework for healthcare providers, regulators, and software vendors.
An Ecosystem for Healthcare: Focus on Curecall
Within this ecosystem, Curecall provides a practical technology solution. It streamlines communication between healthcare facilities and patients by automating tasks like appointment scheduling, administrative follow-ups, and medical notifications.
The goal: free up healthcare staff, reduce friction in the patient journey, and secure sensitive communications. Integration with an HDS-certified platform ensures compliance and trust.
Conclusion
HDS certification is now a strategic prerequisite for any organization handling health data in France. It is not a voluntary engagement or a marketing statement but a regulatory requirement.
As the first HDS-certified CPaaS platform in France, CM.com provides direct control, compliance, and trust, a solid foundation to support healthcare digital projects without compromising on security or accountability.
