Case Study GAIA AG

Secure HDS infrastructure for digital therapeutics

Can you briefly describe your company and the services you provide?

GAIA AG is a global pioneer in the field of digital therapeutics (DTx). For over two decades we have specialized in developing and operating evidence-based medical device (SaMD) software – including solutions for highly regulated Digital Health Applications (DiGAs) in Germany and similar frameworks internationally. Our portfolio covers a wide array of therapeutic areas including mental health, oncology and chronic pain. We bridge the gap between traditional pharmacological treatments and modern digital interventions by providing patients with clinically validated high-quality therapeutic tools that are accessible anytime and anywhere.

Customer: GAIA AG

Industry: Digital therapeutics (DTx)
Requirements: HDS certification

What industries or customers do you primarily serve?

We operate at the complex intersection of healthcare, life sciences and advanced technology. Our primary users are patients who rely on our digital treatments to manage and improve their medical conditions. To make these therapies accessible we work closely with a broad ecosystem of stakeholders – across statutory and private health insurance providers, national health authorities and strategic partners in the pharmaceutical industry. All these groups share a common requirement: they demand the highest possible level of clinical efficacy, data privacy and infrastructural security for the sensitive health data we process.

How critical is uptime to your business operations?

Uptime is a mission-critical pillar of our medical service delivery. For our patients, our digital therapies are an integral part of their prescribed treatment journey, often used to manage acute symptoms or long-term behavioral changes. Any interruption in service is not merely a technical inconvenience; it represents a direct gap in patient care and can undermine the therapeutic success of the intervention. Consequently, maintaining uptime near to 100% is a fundamental requirement to ensure medical safety, maintain the trust of our users and meet the strict regulatory Service Level Agreements (SLAs) mandated by health authorities worldwide.

What were your main infrastructure challenges before partnering with us?

Our selection process was driven by a focus on regulatory excellence and uncompromising security. First and foremost, we required a partner with a “compliance-first” DNA – one that maintains certifications such as ISO/IEC 27001 and HDS to ensure a seamless alignment with our own quality management systems. Key criteria included state-of-the-art physical access controls, sophisticated perimeter defense and redundant power systems to mitigate any operational risk. Furthermore, we looked for a provider that offers the transparency and professional documentation required to withstand rigorous audits from national health ministries, ensuring that our entire supply chain meets the highest regulatory standards for medical device manufacturers.

What were your key decision criteria when selecting a colocation provider?

Our selection process was highly rigorous, focusing on a holistic combination of technical excellence and proven regulatory expertise. A “compliance-first” culture was an absolute pre-requisite; the provider had to demonstrate a deep understanding of HDS requirements and the willingness to support our own certification audits. Beyond compliance, we prioritized state-of-the-art physical security, redundant power systems and advanced cooling technologies. Additionally, we looked for a partner who could offer the transparency, professional reporting and dedicated support necessary to satisfy the complex audit requirements of international health ministries and insurance auditors.

Why is the HDS certification so critical for your business model?

The HDS certification is the absolute legal “key” to the French healthcare market. France represents one of the largest and most promising markets for digital health innovation in Europe. We see immense potential for our digital therapeutics there. However, French law mandates that any service hosting personal health data must be HDS-certified (Hébergeur de Données de Santé). Without this certification it is legally impossible to operate within the French healthcare system. By partnering with an HDS-compliant provider like Portus Data Centers, we ensure that we meet these strict national requirements. We can guarantee to French patients and insurers that their most sensitive information is protected by an infrastructure audited against the highest local standards for data integrity and confidentiality.

How would you describe your experience working with Portus Data Centers?

Our experience with Portus Data Centers has grown from a traditional client-vendor relationship into a true strategic partnership. Portus Data Centers have been a critical facilitator of our growth, providing the secure and high-performance foundation we needed to consolidate our hosting requirements. Their team possesses a deep understanding of the unique security pressures and regulatory quality standards inherent to the healthcare industry. This expertise has made the typically complex process of health data hosting and auditing remarkably straightforward, allowing GAIA AG to focus our energy on what we do best: innovating and delivering life-changing digital therapies.