Hébergeur de Données de Santé

En France, l'hébergement des données de santé à caractère personnel est régi par la loi stipulée par le Code de la Santé Publique (Article L.1111-8), qui exige que tout organisme qui gère des données de santé utilise un fournisseur de services certifié HDS.

En savoir plus
frame

Qu'est-ce que la certification Hébergeur de Données de Santé?

La certification HDS exige que les fournisseurs de services adoptent des mesures qui assurent la sécurité, la confidentialité et l'accessibilité des données personnelles. Ces mesures incluent des procédures d’authentification et d’autorisation puissantes, des systèmes de sauvegarde fiables et des méthodes de chiffrement robustes. Des informations supplémentaires sur la certification HDS sont disponibles ici.

Afin de renforcer les protections de sécurité relatives au stockage et à la transmission des données pour nos produits et services, Own se tient à l’affût des directives établies par la Commission Nationale de l'Informatique et des Libertés (CNIL) concernant le traitement des données à caractère personnel destinées à la gestion des cabinets médicaux et paramédicaux.

Ressources HDS :

IMPORTANT – Sélection du Serveur HDS

Si vous stockez des données de santé à caractère personnel régies par la loi française et que vous êtes soumis au régime HDS, vous devez sélectionner un serveur, pour le stockage des données, au sein de l’une des régions européennes suivantes lors de la configuration du produit:

emea1.owndata.com, emea2.owndata.com, OU emea4.owndata.com

Amazon Web ServicesMicrosoft Azure
Role in the hosting service (Host/processor of the Host)HostProcessor of the Host [Public Cloud]Processor of the Host [Public Cloud]
HDS certified (yes / no / exempt)Yes
SecNumCloud 3.2 qualifiedNoNoNo
Hosting activities in which the player is involvedActivities 3, 4Activities 1-4, 6Activities 1-4, 6
Access to personal health data from countries outside the European Economic Area, by the Host or one of its processors (Requirements No 29 of the HDS framework)
AWS
If, in the performance or use of the Services, European Personal Data is subject to transfer, it will be transferred according to provisioned outlins in the Salesforce DPA, Section 12. EUROPE SPECIFIC PROVISIONS which includes consideration of adequacy decisions made by the European Commission as detailed in Article 45 of GDPR.

Azure
If, in the performance or use of the Services, European Personal Data is subject to transfer, it will be transferred according to provisions outlined in the Own DPA, Section 12. APPLICABLE TRANSFER MECHANISMS which includes consideration of adequacy decisions made by the European Commission as detailed in Article 45 of GDPR.
Customer can select which regions their data, including personal health data, will be hosted. See here.
Customer can select which regions their data, including personal health data, will be hosted. See here.
Host or processor subject to a risk of access to personal health data from countries outside the European Economic Area, imposed by the legislation of a third country in breach of EU law (Requirement no 30 of the HDS framework)No
No. Our template agreement with Vendors includes our Privacy Exhibit which requires them to guarantee that "it has no reason to believe that the laws and practices in any jurisdiction applicable to its Processing of the Personal Data, including any requirements to disclose Personal Data or measures authorizing access by a Public Authority, prevent Supplier from fulfilling its obligations under" the Privacy Exhibit.
No. Our template agreement with Vendors includes our Privacy Exhibit which requires them to guarantee that "it has no reason to believe that the laws and practices in any jurisdiction applicable to its Processing of the Personal Data, including any requirements to disclose Personal Data or measures authorizing access by a Public Authority, prevent Supplier from fulfilling its obligations under" the Privacy Exhibit.