Servicios
Plataforma
Soporte
Blog
Crear cuenta
Servidores
Centralita
Virtual
Escritorio
Remoto
Almacenamiento
de Archivos
Almacenamiento
de Objetos
Migraciones
Disaster
Recovery
Marketplace de Licencias

HDS Certificate

Version February 2025

Specific conditions applicable to the “hosting of healthdata”

 

Definitions

Capitalized terms shall have the meanings set forth below and, in the absence thereof, the meanings set forth elsewhere in the Contract.

ANS : Agence du Numérique en Santé.

Health data: Personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.

HDS certificate: Certificate of compliance with the Health Data Host (HDS) certification framework – Requirements – v2.0” drawn up by the ANS and published on May 16, 2024 or with the previous version of the said certification framework (V1.1 final – Mai 2018).

« Politique générale de sécurité des systèmes d’information de santé » ou « PGSSI-S » : Body of documents including guidelines and guides drawn up by the ANS in application of article 1470-5 of the French Public Health Code, aimed at guaranteeing the security and confidentiality of personal health data.

“Health Data Hosting Service” or ‘HDS Services’: JOTELULU Services that may be used by the Client to host health data.

  1. Purpose

These specific conditions describe the specific conditions applicable to the Services provided by JOTELULU when these Services are used by the Client to host Health Data.

These specific conditions are an integral part of the Contract in force between JOTELULU and the Client, and supplement the other documents that are part of the said Contract, and that remain fully applicable to the HDS Services. However, in the event of any conflict, the present conditions shall prevail.

  1. Services eligible for hosting health data

Only the following Services provided by JOTELULU are eligible for Health Data Hosting (the “HDS Services”):

  • Servers
  • Object Storage
  • Cloud Storage (Files and Object)
  • Remote Desktop.

The Client shall not use any other Service offered by JOTELULU to host healthcare data.

 

  1. HDS Certification

3.1 JOTELULU HDS Certificates

In accordance with Articles L1111-8 of the French Public Health Code, JOTELULU holds, for all the HDS Services subject of these Specific conditions, a Certificate of Compliance with the “Health Data Hosting (HDS) Certification Framework – Requirements – V2.0 » drawn up by the ANS and published on May 16, 2024.

This HDS Certificate was issued on 12th February 2025 by a certification body accredited in accordance with the accreditation guidelines drawn up by the ANS, and must be renewed by 11th February 2028.

The above-mentioned HDS Certificate covers the following scope:

(a) For all HDS Services hosted in France and Spain, the following activities referred to in article R1111-9 of the French Public Health Code:

  1. The provision and maintenance in operational condition of physical sites for hosting the hardware infrastructure of the information system used to process the health data;
  2. The provision and maintenance in operational condition of the hardware infrastructure of the information system used to process the health data;
  3. The provision and maintenance in operational condition of the virtual infrastructure of the information system used to process the health data;
  4. The provision and maintenance in operational condition of the platform for hosting information system applications.

(b) Only for the HDS Services Server, Remote Desktop and Cloud Storage, the following activity covered by the same article of the French Public Health Code:

  1. Backing up health data.

3.2 Housing HDS Certificate

As part of the provision of the Services, JOTELULU has recourse to a third-party service provider in charge of the provision and maintenance in operational condition of the physical sites in which JOTELULU’s HDS Services are hosted (the “Housing Provider”).

The Housing Provider holds an HDS certificate of compliance with the “Health Data Hosting (HDS) Certification Framework ‘Requirements and Controls’ (Version 1.1 final – May 2018) drawn up by the ANS.

The scope of this HDS Certificate covers housing services provided in France only, and consists of the following activities referred to in article R1111-9 of the French Public Health Code:

  1. The provision and maintenance in operational condition of physical sites for hosting the hardware infrastructure of the information system used to process the health data.

 

This HDS Certificate was issued on June 22, 2023 by a certification body accredited in accordance with the accreditation guidelines drawn up by the ANS, and must be renewed by June 23, 2026. In addition, before May 16, 2026, the Housing Provider is required to carry out a transition audit to verify that the requirements of the new version of the “Health Data Hosting (HDS) Certification Framework ‘Requirements’ (Version 2.0)” published on May 16, 2024, have been successfully implemented.

3.3 Activities out of the HDS certification scope

The following activities, referred to in article R1111-9 of the French Public Health Code, are not part of the HDS Services, and are therefore excluded from the scope of JOTELULU’s HDS certification:

  1. The management and operation of the information system containing the health data.

 

3.4 Availability of HDS certificates

The above-mentioned HDS certificates are made available to the Client via his management interface.

3.5 Certification loss

JOTELULU undertakes to inform the Client as soon as possible if:

(a) The HDS certificates of JOTELULU and the Housing Provider are not renewed by the above-mentioned deadlines, and/or

(b) the Housing Provider’s transitioning audit to the new version of the “Health Data Hosting (HDS) Certification Framework ‘Requirements’ (V2.0)” published on May 16, 2024, has not been successfully completed by May 16, 2026.

If JOTELULU fails to remedy to such a certification loss within 60 days of the aforementioned deadlines, the Client may be entitled to terminate its HDS services.

  1. HDS Services execution
    • Hosting location

The HDS services hosting location is communicated to the Client in the Portal and on the JOTELULU’s website.

Where the Client has a choice between several hosting locations, it selects the hosting location(s) of its choice at the time of initial configuration of the Service concerned.

4.2 Service Level Objectives

As part of the HDS Services, JOTELULU undertakes to comply with the Service level objectives defined in the section “Service Level Agreement” of the General Terms of Service, in particular:

  • The Service “monthly uptime percentage” objective, and
  • Only if the Client subscribed to the optional Client Support Premium, the “Client’s request handling time” objective.

If the said service levels objectives are not met, the Client shall benefit from financial credits in the conditions provided into the aforesaid “Service Level Agreement” section.

If the HDS Services are used by the Client to host critical information systems that require a high level of availability, it is highly recommended to the Client to subscribe to optional Client Support Premium. Otherwise, the “Client’s request handling time objective” shall not apply.

4.3 Capacity planning

JOTELULU ensures through monitoring and periodic reviews that the capacity and sizing of the infrastructures used to provide the HDS services are adapted to the Service Level Agreement.

However, with regard to resources shared by several clients, JOTELULU makes best effort to meet its clients’ capacity needs, but cannot guarantee any volume of available resources.

In order to ensure the continuity of its activities, and in particular the availability of the information system used to process health data, the Client shall anticipate its needs and liaise with JOTELULU Client support to confirm the availability of enough resources, in particular in case of significative increase of capacity requirements.

4.4 Health data processing

JOTELULU undertakes to process the health data hosted by the Client as part of the HDS Services only for the purposes of performing said Services, in accordance with the Data Processing Agreement and the Client’s documented instructions as set out in the Contract.

In this context, the Health data processing that JOTELULU may carry out as part of the HDS Services is limited to storage, compute and, in the event of termination of the Services, erasure and/or destruction. The processing operations specific to each HDS Service are detailed in the relevant applicable Specific terms and conditions of Service.

Subject to the provisions of article 4.7 below, JOTELULU is not authorized to access the health data covered by these Specific conditions.

4.5 Security and continuity of the HDS Services

In order to secure and ensure the continuity of the HDS Services, notably in case of failure of its part, JOTELULU has put in place, and undertakes to maintain for the entire duration of the HDS Services, appropriate technical and organizational measures. These measures are set out in the “Data Processing Agreement” and the “Security of JOTELULU Services” schedule.

The document “Security of JOTELULU Services” and the applicable Specific terms and conditions of service specify the division of roles and responsibilities between the Client and JOTELULU with regard to the security and continuity of Services.

JOTELULU notifies the Client of any breach of health data in accordance with the conditions set out in the section “Personal data breach” of the “Data Processing Agreement”.

4.6 Data subject requests

The Service Provider provides the procedures and means set out in the “Data Processing Agreement” enabling the Client to respond, in accordance with Chapter 3 of the RGPD and Articles L1110-4 and L1111-7 of the French Public Health Code, to requests to exercise the rights of data subjects defined by Articles 15 to 22 of the GDPR. The effectiveness of these means and procedures is periodically audited.

4.7 Authority requests

In the event of requests from authorities, in particular judicial or administrative authorities, to access or receive communication of the health data covered by these Specific conditions, JOTELULU undertakes to implement the procedure set out in the article “Management of third parties requests” of the “Data Processing Agreement”.

4.8 Sub-processing

The list of JOTELULU sub-processors is attached to the “Data Processing Agreement”.

When JOTELULU uses sub-processors to perform the HDS Services, it undertakes to comply with the conditions set out in the article “Sub-processing” of the said “Data Processing Agreement”.

The Housing Providers, which are respectively incorporated under the laws of France and Spain and therefore primarily subject to French and Spanish jurisdiction, are owned by a U.S.-based company that may be subject to certain non-European regulations, including the U.S. Cloud Act and the Foreign Intelligence Surveillance Act (FISA). However, to the extent the Housing Providers are not technically able to access the Health data especially since (i) they have no logical access to the information system and (ii) JOTELULU applies full-controlled encryption on every disks used as part of the HDS Services, no risk of unauthorised access to Health data induced by US regulations exists.

4.9 Changes to the conditions of Service

JOTELULU undertakes to inform the Client of any modifications or technical developments affecting the conditions of use of the HDS Services, whether such modifications or developments are introduced by JOTELULU or imposed by the applicable legal framework.

This information is provided with a minimum notice period of thirty (30) calendar days, subject to cases of urgency, in particular in the event of modifications or changes aimed at ensuring the security of data hosted as part of the HDS Service, or if this is required by the regulations in force.

If a modification or change does not comply with the quality and performance indicators defined in the Contract, or with the aforementioned technical and organizational measures designed to ensure (a) the continuity of Services in the event of JOTELULU’s failure, and (b) the protection of the Client’s Health Data, JOTELULU undertakes not to implement it unless an agreement has been reached with the Client.

4.10 Audit

The Client can, under the conditions set out in the “Audit” article of the “Data Processing Agreement”, audit the HDS Services.

For the HDS certifications referred to in article 3 above, the Client can consult the latest certification audit report on request to JOTELULU’s Client Support. This report can be consulted on JOTELULU premises.

The Client can consult directly in its management interface, or by request to JOTELULU’s Client Support, the traces of access by members of its staff to the resources made available to it within the framework of the HDS Services and on which Health data is hosted.

  • HDS Services utilisation

5.1 Certification

The Client ensures that it and any third party participating on its behalf in the activities related to the hosting of health data for which the Client uses JOTELULU HDS Services, hold an HDS Certificate of Compliance as provided for in Article L1111-8 of the French Public Health Code covering all the activities which they are respectively responsible for as described in Article R1111-9 of the French Public Health Code.

5.2 Interested Third-parties

If the Client acts on behalf of one or several data controller or for patients, the Client must ensure that the contract in force between it and the (a) Heath data subject and/or (b) the Health data controller it it is action on the later behalf, includes the mandatory provisions of these Specific conditions, as stipulated in article R1111-11 of the French Public Health Code.

5.3 Health data Portability

Before the effective date of termination of the Service, the Client shall (i) perform the operations necessary to retrieve the Health data stored within the Service in the conditions of the article “Data Portability” of the Data Processing Agreement, if needed with JOTELULU’s assistance, and (ii) delete any data stored within the Service as required under applicable Law.

5.4 Applicable Law

The Client shall comply with the law applicable to the hosting of Health data. In case of application of the French Law, the Client shall notably comply with (i) the provisions of the French Health Public Code relating to the hosting of Health Data personal and (ii) with the applicable guidelines of the PGSSI-S.

  • Contractual referent

For all matters relating to the processing and security of health data covered by these Specific conditions, each of the parties designates the HDS contractual referent below.

  • JOTELULU’s HDS contractual contact:

dpd@jotelulu.com

  • Client’s contractual contact:

Security contact whose identity and contact details (email and telephone number) are recorded by the Client in its client account.

The Client’s contractual referent may be contacted by JOTELULU in particular for the handling of incidents having an impact on health data hosted as part of the HDS Services, and must, if necessary, be able to designate a health professional to the Service Provider.

Linkedin-in Blog Twitter
Empresa
Servicios
Centro de Soporte
Contacto

Comercial

Servidores

Centralita virtual

Escritorio Remoto
img-appss
Almacenamiento de Archivos
img-archivos
Almacenamiento de Objetos
img-s3-bucket
Migraciones
img-migraciones (1)
Disaster Recovery
DR_product_icon
Marketplace de Licencias
img-license
Português
Français
English
Ventas
Plataforma
Blog
Tutoriales
Soporte
Entrar
Registrarse

Rellena el formulario y nuestro equipo de Sales contactará contigo lo antes posible.

growth@jotelulu.com  |  +34 911 333 712  |  landings.jotelulu.com 

Puedes darte de baja de estas comunicaciones en cualquier momento.  Consulta nuestra Política de privacidad.

Precios competitivos para la pyme y mucho más margen para el partner

Disaster Recovery ha sido diseñado, implementado y puesto en producción teniendo en cuenta dos premisas: Debe tener un precio atractivo para la pyme a la vez que deja un buen margen de beneficio a la empresa de IT que lo comercializa y gestiona.

DR_buen_precio_y_mas_margen

De esta manera, Disaster Recovery pretende ser un producto diferencial que permita incrementar la seguridad de todo tipo de empresas de manera asequible e implicando, además, rentabilidad para el distribuidor que lo comercializa.

Protege la infraestructura de tus clientes

Disaster Recovery permite replicar cualquier suscripción de infraestructura (Escritorio Remoto y Servidores) en otra zona de disponibilidad creando un entorno de alta disponibilidad y blindando así el servicio.

Replica en pocos pasos no sólo los discos sino todos los elementos que forman parte de cada suscripción:

  • Servidores: Instancias, discos, reglas de firewall, redes, IPs…
  • Escritorio Remoto: Usuarios, Aplicaciones, Licencias, Personalización…
DR_blinda_la_infraestructura

Tratamos de hacer fácil lo difícil

Las herramientas de Disaster Recovery existentes necesitan de conocimientos avanzados para poder ser gestionadas, implicando, muchas veces, un expertise difícil de alcanzar.

 

Disaster Recovery de Jotelulu busca hacer fácil lo difícil y plantea un despliegue muy sencillo basado en una configuración de tres pasos:

Origin (Primary Site)
Determina la ubicación de origen de la suscripción sobre la que se va a establecer el servicio de Disaster Recovery.

Destino (Recovery Site)
Establece la ubicación de destino (zona de disponibilidad) en la que quieres que se despliegue el Recovery Site.

Características de la réplica
Establece los datos asociados al número de copias que se quieren guardar y la frecuencia con la que se va a llevar a cabo la réplica.