Health Data — Sovereignty & Data Residency

Data location

ANA Healthcare's infrastructure is designed for the exclusive hosting of health data in France (AWS eu-west-3, Paris). HDS certification (activities 1-6) is planned for November 2026.

International transfers

Our architecture is designed so that no personal health data transits outside the European Economic Area.

Infrastructure subprocessor

ANA Healthcare uses Amazon Web Services (AWS) as its infrastructure subprocessor. AWS is HDS-certified for activities 1-3 and subject to the US CLOUD Act (18 U.S.C. § 2713).

Mitigation measures

• •Encryption at rest (AES-256) with keys managed by ANA Healthcare
• •Encryption in transit (TLS 1.2+)
• •Exclusive storage in France (eu-west-3)
• •Data processing agreement compliant with GDPR Article 28
• •Client notification within 24h in case of access request

Residual risks

A theoretical risk remains that a US authority could obtain access to data via the CLOUD Act. The probability is considered very low given the technical and legal protections in place. No known case of CLOUD Act enforcement on French health data to date.

HDS Certification

ANA Healthcare is preparing for HDS v2 (Health Data Hosting) certification covering activities 1-6. The certification audit is planned for November 2026, combined with ISO 27001:2022 certification. AWS, as infrastructure subprocessor, is already HDS-certified for activities 1-3.