← Back to Trust Center
Hébergeur de Données de Santé (HDS)
France’s HDS regulations and the related certification serve to verify an organization’s compliance with a baseline set of requirements regarding the hosting of all personal health data. As mandated by the French Public Health Code, all organizations hosting personal health data collected during healthcare activities in France must achieve HDS certification. Organizations must undergo an assessment that evaluates their adherence to the rigorous HDS control framework.
MongoDB has been evaluated by the Certification Body of Schellman Compliance, LLC, an independent certifying body accredited by French authorities to conduct HDS audits, and demonstrated compliance with the requirements and controls of the HDS Certification Referential Version 1.1 for MongoDB Atlas.
What is HDS?
HDS, which stands for Hébergeur de Données de Santé or Health Data Hosting, is a set of French regulations as well as a related certification which serve to verify an organization’s compliance with a baseline set of requirements concerning the hosting of personal health data. The French Public Health Code mandates that all organizations hosting personal health data collected during health activities in France must achieve HDS certification.
Why is HDS important to MongoDB customers?
Since MongoDB is an HDS certified service provider, customers can store personal health data collected during health activities in France in MongoDB Atlas. Customers can use Atlas to create MongoDB clusters in the HDS compliant regions of Amazon Web Services (AWS), Google Cloud Platform (GCP), and/or Microsoft Azure, which are each HDS compliant.
What MongoDB products and services are in the scope of this certification?
MongoDB’s HDS certification covers MongoDB Cloud Services hosted in AWS, Azure, and GCP and comprised of MongoDB Atlas, MongoDB Atlas App Services-Realm, MongoDB Atlas Data Federation, MongoDB Charts, MongoDB Cloud Manager, and MongoDB Atlas Serverless Database.
Are MongoDB Cloud Services hosting providers HDS certified?
MongoDB Cloud Services are hosted on Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure, which have each achieved HDS certification. More information about HDS compliance for these providers is available at their respective websites:
Who performed the independent third-party audit of MongoDB for HDS?
Schellman and Company, LLC.
Can my organization be HDS certified by association?
Organizations pursuing HDS certification while operating all or part of their system(s) on MongoDB are not automatically certified by association. It is the customer's responsibility to evaluate their own compliance requirements per MongoDB's Shared Responsibility Model.
However, using an HDS certified cloud service provider like MongoDB can simplify their certification process. For example, organizations can leverage MongoDB’s compliance reports as evidence for their own HDS programs and industry-specific quality programs. Organizations are responsible for engaging an assessor to evaluate their implementation for compliance and for the controls and processes within their organization.
It is important to not that, in order to ensure the integrity and security of health information within Atlas, any MongoDB clients requiring HDS certification must comply with the General Policy of Information Systems Security for Health (PGSSI-S) guidelines mandated by the French Ministry of Health.