HDS certification: host your health data securely
Wimi relies on the HDS certified infrastructure of its partner Opcore and is preparing its own certification (audit planned for H1 2026). Protection, confidentiality and traceability of your patient data guaranteed. Sovereign solution hosted 100% in France.
The HDS framework: maximum protection for health data
Health data is among the most sensitive information and is protected by law. Medical records, test results, prescriptions, personal patient information: their protection is not only a regulatory obligation, it is a fundamental responsibility towards those who entrust their health to you.
The HDS framework, defined by theThe Digital Health Agency (ANS), imposes 30 requirements combining more than 150 safety criteria. Every aspect of hosting is supervised to prevent any risk of leaks, alterations or unauthorized access to patient data.
Complete traceability of access, data encryption, partitioning of environments, rigorous management of rights, continuity of service: no detail is left to chance.
Wimi is fully committed to this approach. In preparation for our HDS certification (scheduled audit H1 2026), our infrastructure is based on our partner's sovereign data centers Opcore certified, located in France.
We ensure the application platform, administration, operation and backup of your data according to the standards of the repository. A collaborative suite that combines user performance and maximum regulatory compliance.
With Wimi, work with confidence: we Let's protect your data patients with the rigor they deserve.
Information taken from the HDS 2024* Standard
Why the HDS framework is essential for your organization
Four essential guarantees to secure your patient data and comply with your legal obligations.
The HDS standard imposes strict measures to protect access to health data: encryption, strong authentication, granular rights management. Only authorized persons can consult or modify medical information, thus ensuring respect for medical confidentiality and patient confidence.
Each access, modification or transfer of data is recorded and time stamped. This comprehensive traceability makes it possible to identify precisely who did what and when, guaranteeing transparency and facilitating compliance audits in the event of an inspection or incident.
The HDS framework requires resilient infrastructures with regular backups, business continuity plans, and measures to protect against ransomware and cyberattacks. Your patient data is secure against any form of compromise, alteration or destruction.
The hosting of health data requires compliance with the Public Health Code and the RGPD. HDS certification guarantees full compliance with these requirements, protecting you from administrative sanctions and maintaining the reputation of your establishment.
Source: The HDS 2024 reference*
Accommodation activities covered by Wimi
Sovereign datacenters certified by our partner Opcore. The physical infrastructure (servers, storage, network) is hosted by Opcore, HDS certified, in highly secure French datacenters that comply with the requirements of the reference framework.
- Exclusive location in France (sovereign datacenters)
- Strengthened physical security: biometric control, 24/7 video surveillance
- Electrical redundancy and air conditioning for maximum availability
- HDS certified infrastructure (activities 1 and 2)
Your secure collaborative suite available 24/7. Wimi hosts and maintains your collaborative platform with permanent availability, optimal performance and real-time protection.
- 24/7 availability with guaranteed SLA and continuous supervision
- High availability architecture with component redundancy
- Application security: firewall, intrusion detection, anti-DDoS
- Non-disruptive security updates
- Strict data isolation between organizations
Proactive management and continuous monitoring. Our teams provide continuous monitoring, preventive maintenance and rapid resolution of incidents to ensure the continuity of your business.
- Real-time monitoring with automated alerts
- Access management with strong authentication
- Full traceability of operations (secure and time-stamped logs)
- Planned preventive and corrective maintenance
- Expert technical support with climbing procedures
- Formalized security incident management
A redundant N+1 infrastructure ensures 99.98% availability. Our recovery and business continuity plans are tested quarterly to ensure uninterrupted service.Data loss protection. Robust backup strategy to protect your patient data from loss, corruption, or cyber attacks.
- Daily automatic backups with configurable retention
- Outsourced storage at geographically remote sites
- Backup Encryption (AES-256)
- Regular restoration tests
- Documented disaster recovery plan (RPO/RTO)
- Protection against ransomware (unchangeable backups)
Total sovereignty over your data. Only you can decrypt your data. The keys are generated, stored and managed exclusively by you or in certified containers. Wimi has no technical access.
Full traceability for your audits. Each action is traced: who, when, what. Log retention guaranteeing the complete traceability of operations, centralized storage protected in integrity. Compliance with regulatory requirements.
Architecture audited by independent organizations. Regular audits by qualified organizations: code review, penetration tests, flow inspection. There are no backdoors in our sovereign infrastructure.
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore and dolore magna aliqua. Ut enim ad minimim veniam, qui nostrud exercising ullamco laboris nisi ut aliquip ex ea commodo consequat. Duvet high grain color wine Reprehenderit In voluptate velit esse illum dolore eu fugiat nulla pariatur.
«Depuis un an et demi, le Groupement Hospitalier de Dordogne a déployé Wimi pour ses 3 600 utilisateurs, séduits par sa simplicité, sa souveraineté, cybersécurité (SecNumCloud, HDS) et son approche centralisée. Visio, chat, partage de documents et agendas : tout est intégré. L’accompagnement des équipes de Wimi a été clé pour un déploiement progressif et réussi, répondant enfin à des besoins autrefois dispersés.»
"100% de nos collaborateurs l’utilisent au quotidien. Notre activité suppose un travail constant avec des données sensibles telles que des des résultats précliniques ou de développement pharmaceutique. Savoir que nos données sont hébergées en France garantit une totale confidentialité et souveraineté de celles-ci."
"Wimi est une plateforme collaborative conviviale qui propose de nombreux outils pour augmenter la productivité et faciliter la collaboration."
“Wimi is a solution perfectly suited to collaboration in project mode. Its ease of handling and the flexibility offered according to uses convinced us. Covid-19 and the periods of teleworking have only amplified the need for such a solution to maintain exchanges and continue our projects.”
Cybersecurity and compliance resources
Your questions about HDS
What is HDS certification?
The Health Data Host (HDS) certification is mandatory in France for any organization hosting personal health data as a subcontractor within the meaning of article 28 of the RGPD.
It guarantees compliance with 30 specific requirements covering the security, confidentiality, availability and traceability of health data, in addition to the ISO 27001 standard.
See all our conformities
Is Wimi already HDS certified?
Wimi is in the process of HDS certification with an audit scheduled for H1 2026.
While waiting for our own certification, we rely on the HDS certification of our partner Opcore for physical infrastructure activities (activities 1 and 2).
Our application platform, administration systems, and backup processes are already compliant with 30 HDS requirements and ready for certification.
What exactly does your HDS perimeter cover?
Wimi covers 4 HDS hosting activities out of the 6 defined by the framework:
- Activity 1 & 2: Physical and virtual infrastructure (via HDS certified Opcore)
- Activity 4: Outsourcing application platform
- Activity 5: Administration and operation of the platform
- Activity 6: Outsourced data backup
This means that we manage the entire hosting chain, from the hardware infrastructure to the backup of your patient data.
Is my health data stored in France?
Yes, exclusively. The HDS standard requires that personal health data be stored only within the European Economic Area (EEA).
At Wimi, your data is hosted in datacenters located in France, operated by our HDS certified partner Opcore.
No remote access from a country outside the EEA is allowed, in accordance with the EXI 29 requirement.
Can I host regulated health data with you?
Yes, if this data falls within the scope of HDS application.The HDS repository covers data collected during social and medico-social prevention, diagnosis, care or follow-up activities.This includes in particular:
- Patient records
- Medical reports
- Prescriptions
- Exam results
- Teleconsultation data
If your data falls within this scope, you must use an HDS certified host such as Wimi.
How do you deal with security incidents?
We apply HDS incident management requirements:
Detection and notification:
- Real-time monitoring and automated alerts
- Immediate notification of data breaches (EXI 14)
- Dedicated contractual referent for the treatment of incidents (EXI 20)
Traceability:
- Complete logging of all transactions (who, when, what)
- Secure and time-stamped logs (EXI 18)
- Preservation guaranteeing complete traceability
Continuity:
- Documented disaster recovery plan (RPO/RTO)
- Regular restoration tests
- Formalized escalation procedures
Your project deserves compliant and secure hosting
Do you manipulate health data? Wimi helps you bring your collaborative infrastructure into HDS compliance.