Box Achieves Health Data Hosting (HDS) Certification in France

Today I am excited to announce that Box has achieved the Hébergeur de Données de Santé or Health Data Hosting (HDS) certification. With the Box HDS certification, companies that work with and in the French healthcare industry can now confidently secure, store and manage French protected health information (PHI) in the Box Content Cloud.

At Box, our goal is to meet the high-water mark for security and compliance in every industry worldwide. In order to do so, we do the heavy lifting on behalf of our customers to make it easier for them to remain compliant. HDS is a further example of how we’ve built a robust data protection framework that allows us to deliver a secure content platform to help customers meet and exceed their regulatory and compliance obligations.

HDS was introduced as a framework to safeguard health data in France by the Agence du Numérique en Santé (ANS). Required by a 2018 revision to the French Public Health Code (Article L. 1111-8), HDS certification is mandatory for all companies hosting sensitive medical data. To earn HDS certification, Box had to prove it met strict standards for storing and processing health data in France through a detailed list of activities (i.e. “perimeters”). Box’s HDS certification covers all of the perimeters:

1. the provision and maintenance in operational condition of physical sites to host the hardware infrastructure of the information system used to process health data;
2. the provision and maintenance in operational condition of the physical infrastructure of the information system used for the processing of health data;
3. the provision and maintenance in operational condition of the platform for hosting information system applications;
4. the provision and maintenance in operational condition of the virtual infrastructure of the information system used for the processing of health data;
5. he administration and operation of the information system containing health data; and
6. backup of health data.

The Box HDS certification was achieved through a collaboration with Bureau Veritas, an independent third-party auditor accredited by French authorities to conduct HDS audits. Box is now listed on the ANS website as an HDS-certified host.

“Theranexus is a biopharmaceutical company developing drug candidates for the treatment of rare neurological diseases. With more than 5,000 rare neurological diseases affecting nearly 350 million people worldwide, we see this as both a major societal challenge and a market in crucial need of therapeutic innovation,” said Thierry Lambert, Chief Financial Officer at Theranexus.“Since 2020, we have utilised Box for secure content management. As a company based in France, it is great to see Box achieve the French HDS certification and remain committed to helping life science customers like Theranexus proactively navigate today’s dynamic security and compliance landscape.”

Starting from today, Box customers that want to use the Box Content Cloud to host French healthcare data can update their BSA to agree to comply with personal health data security requirements outlined under PGSSI-S. Customers are also responsible for configuring and managing their Box instance to meet HDS and PGSSI-S requirements. This includes implementing their procedures and health information systems to align with those standards. Please speak to your account teams for more information.

“Data security is paramount in the healthcare industry, where patient privacy and confidentiality are of critical importance,” said Manu Vohra, Managing Director, Global Life Sciences at Box. “Earning the HDS certification demonstrates Box’s continued commitment to maintaining the highest standards of data protection and privacy, and will allow healthcare and life science companies to leverage the benefits of cloud content management while maintaining compliance with French government standards.”

The Box HDS certification is the company’s latest announcement in the French market. In 2022, Box expanded the global network of Box’s flagship Box Zones offering to include a France Zone, aimed at delivering flexibility for in-region storage at scale. For more information on Box’s security and compliance offerings, visit the Box Trust Center.