Microsoft Azure is now certified to host sensitive health data in France
By David Burt Senior Compliance Manager, Azure Trust and Compliance
2 min read
Recently at the Microsoft Experiences18 conference in Paris, we shared that Microsoft Azure, Microsoft Office 365, and Microsoft Dynamics have been granted a Health Data Hosting (HDS) certification. This makes Microsoft the first major cloud provider capable of meeting the strict standards of storing and processing health data for data centers located in France, and under the new certification process that began in June 2018.
This validates the very high level of safety and protection that Microsoft can offer to French healthcare entities, who will be able to rely on the Microsoft cloud to deploy the applications and health services of tomorrow. These applications and health services will also be in compliance with the current regulations on data protection and privacy.
With the HDS certification, health providers in France will not only be able to take advantage of the efficiencies of the cloud, but will also be empowered to innovate with new technologies such as artificial intelligence and mixed reality. Both have the potential to transform the delivery of health services.
Trust is essential when health information is held and shared in the public cloud. The privacy of health-related information is critical. Microsoft takes a holistic defense-in-depth approach to security ensuring that confidential information is protected, stored, and managed securely while in compliance with all regulations and laws.
The Hébergeurs de Données de Santé or Health Data Hosting (HDS) certification is required for entities hosting the personal health data governed by French laws and collected for occasions such as prevention, diagnosis, care, social, and medico-social follow-up activities on behalf of third parties. This includes data controllers and the patients themselves. The British Standards Institution (BSI) conducted the audit of Microsoft data centers in France and certified their compliance with the HDS standard.
Azure France includes France Central region based in Paris, and France South region in Marseille. France Central now offers three availability zones for increased availability, resiliency, and business continuity. The Paris region is one of the first Azure regions to benefit from the implementation of availability zones and 99.99 percent availability of service.
The HDS certification builds on Azure’s growing list of health compliance offerings, including:
- Health Information Trust Alliance (HITRUST) Common Security Framework (CSF)
- Health Insurance Portability and Accountability Act (HIPAA)
- Minimum Acceptable Risk Standards for Exchanges (MARS-E) 2.0 Framework
- NEN 7510:2011 Netherlands standards for control over patient health
- National Health Service (NHS) Information Governance (IG) Toolkit in the UK
Learn more about Microsoft’s compliance offerings by visiting the Microsoft Trust Center. You can also learn more about the benefits of Azure on the Azure for health page.