Digital Prescriptions: Legal Framework and Obligations 2026

Since the progressive rollout of e-prescribing in France, the digital prescription has established itself as a cornerstone of the digital transformation of the health system. Governed by the Public Health Code, European Regulation 2017/745 and the Ségur digital health programme, this prescribing method profoundly changes medical, pharmaceutical and paramedical practices. Understanding its legal framework is essential to ensure healthcare professionals' compliance and legal security for patients.

The legal foundation of the digital prescription

The legal basis for the digital prescription rests primarily on article L.4071-1 of the Public Health Code, introduced by ordinance n°2020-1408 of 18 November 2020. This text defines electronic prescribing as a prescription issued, transmitted and archived by dematerialised means, having the same legal value as a prescription signed by hand by the prescriber.

Decree n°2022-1329 of 17 October 2022 specifies the technical implementation arrangements, notably the obligation to use a teleservice complying with the referentials of the Digital Health Agency (ANS). The generalisation of e-prescribing is planned for December 2024, making its adoption mandatory for all private practice and hospital doctors.

Security, authentication and traceability

The digital prescription must meet strict security requirements. The qualified electronic signature, compliant with the eIDAS regulation (EU n°910/2014), is required to guarantee the integrity and authenticity of the document. Professionals must use their CPS card (Healthcare Professional Card) or e-CPS to authenticate each prescription.

Each prescription is identified by a unique QR code generated by the national teleservice, allowing the pharmacist or receiving healthcare professional to retrieve all data via a centralised secure database, hosted by the CNAM. This traceability considerably reduces the risks of forgery, double dispensing and medication errors.

Data protection and GDPR compliance

Digital prescriptions process health data of a sensitive nature within the meaning of article 9 of the GDPR. Their processing is subject to the provisions of the Information Technology and Freedoms Act as amended and the CNIL's referentials. Hosting providers must mandatorily have the HDS certification (Health Data Hosting Provider) provided for in article L.1111-8 of the Public Health Code.

The patient retains a right of access, rectification and objection to their data. They must be clearly informed of the dematerialisation of their prescription and the transmission arrangements. In case of breach, penalties can reach 4% of annual turnover according to the GDPR, without counting professional sanctions.

Responsibilities of healthcare professionals

The prescriber remains fully responsible for the content of the prescription, whether digital or paper. They must ensure the accuracy of the prescription, the dosage and the correct identification of the patient via their INS (National Health Identifier). The pharmacist, for their part, has the obligation to verify the authenticity of the prescription via the teleservice before any dispensing.

Practical examples

Example 1 – Private medical practice: A general practitioner uses their Ségur-certified practice management software to generate a digital prescription. The patient receives an SMS with a QR code that they present at the pharmacy, thus avoiding the loss of the paper document.

Example 2 – Remote consultation: During a distance consultation, the doctor issues an e-prescription signed electronically via e-CPS. The prescription is sent directly to the pharmacy chosen by the patient, in accordance with article R.6316-1 of the CSP.

Example 3 – Hospital establishment: A university hospital integrates e-prescribing into its HDS-certified hospital information system, enabling hospital prescription executed in the community (PHEV) with complete traceability between departments.

Conclusion

The digital prescription represents a major advance in securing the patient pathway, but its rollout requires absolute legal and technical rigour. Healthcare professionals, software editors and establishments must anticipate regulatory deadlines and invest in compliant solutions to avoid legal risks and guarantee quality of care.