Informed consent, patient records, advance directives, inter-facility agreements: digitise sensitive signatures across your organisation with a GDPR-compliant platform, compatible with medical confidentiality and integrated with your hospital information system. Hosted in Germany (EU), end-to-end encryption, timestamped audit trail.
HDS certification in progress
Certyneo is not yet certified as a Health Data Hosting provider (HDS). This certification is in progress. For any processing of personal health data within the meaning of Article L. 1111-8 of the CSP, verify regulatory compliance with your DPO before deployment.
Learn more about the security roadmap →From informed consent to inter-facility agreements, including advance directives, all documents signed within a healthcare organisation can be digitised.
Free, informed and revocable patient consent prior to a medical procedure, surgical intervention, experimental treatment or participation in research (article L1111-4 of the French Public Health Code). Timestamped signature with audit trail.
Patient validation of medical file information, allergy and medical history updates, consent to sharing with other healthcare professionals. Complete traceability of signed versions.
Consent to care, therapeutic protocol, coordinated care pathway. Mobile signature adapted for mobile or hospitalised patients.
Patient advance directives regarding end-of-life care (Claeys-Leonetti Act of 2 February 2016). Remote signature with strong identification, 10-year retention, revocable at any time by the patient.
Cooperation agreements between healthcare organisations (public-private, hospital groups, care networks), medical service agreements, contracts for independent practice within a facility.
Contracts with laboratory providers, medical device suppliers, cleaning subcontractors for sterile environments: the entire back-office administration of a healthcare organisation.
Six concrete guarantees tailored to medical confidentiality requirements and the standard of evidence expected in healthcare.
Certyneo hosts all data in Germany (IONOS), in infrastructure compliant with ISO 27001 security standards. No transfer outside the EU, no dependence on the Cloud Act.
TLS 1.3 encryption in transit, AES-256 at rest, strict data isolation by organisation. The level of protection is compatible with medical confidentiality requirements defined in article R4127-4 of the French Public Health Code.
Strong patient identification via email OTP + SMS, unique link to the signed document, detection of any subsequent modification. Proof level compatible with informed consent requirements.
French-language journey, WCAG AA accessible, smartphone compatible, no account creation or app download required. The patient signs in 2 minutes from their phone, at home or from their hospital room.
Duration aligned with medical record retention obligations (20 years for certain documents, extended on request). Audit trail embedded in the PDF, exportable at any time for transmission to a colleague or the relevant authority.
Electronic signature is not always appropriate: patient in vital emergency, unconscious patient, unrepresented minor. Our documentation explicitly addresses these cases and proposes alternative paths (assisted signature by a third party, deferral after stabilisation).
Certyneo is positioned upstream of existing healthcare information systems: it collects signatures and the signed document joins your hospital information system, patient record or patient portal through standard channels. No native connectors are currently published — healthcare information system integrations (DxCare, Cristal-Link, Mon Espace Santé…) are available on a quotation basis; contact us for scoping.
Hospital Information Systems (DxCare, Cristal-Link, Hopital Manager, Easily…) can trigger the sending of a Certyneo envelope via our REST API or webhooks when a document is ready to sign. Integration on a quotation basis, no native certified connector at this time — contact us to scope the scenario tailored to your hospital information system.
Certyneo does not replace the DMP / Mon Espace Santé: it operates upstream to collect patient consent or sign clinical documents, with the signed document then deposited in the DMP via your establishment's usual tool. No native Mon Espace Santé integration to date — available on quote.
Medical practice software (Doctolib Siilo, Weda, HelloDoc, AxiSanté…): compatibility via Zapier, Make and our webhooks, particularly for fee agreements, optical/dental quotes, consents before non-reimbursed procedures. For a native connector, let's explore a partnership.
Planning a specific integration? Schedule a meeting with our team. The Certyneo API is publicly documented on our API documentation.
Health data is among the most sensitive and best-regulated in Europe. Certyneo applies the entire applicable framework, with full transparency — including its current limitations (HDS certification on the roadmap, not yet obtained to date).
Certyneo is not an HDS hosting provider to date. For documents containing personal health data, we recommend affected establishments request a dedicated deployment with an HDS partner provider — our roadmap includes HDS certification for the second half. For signatures not containing health data (inter-establishment agreements, supplier contracts, HR), Certyneo is suitable from the outset.
Article 9 of the GDPR classifies health data as sensitive data. Certyneo applies strict minimisation (only metadata necessary for signing is stored), systematic encryption, a standard DPA including preliminary impact assessment, and an up-to-date processing register.
Medical confidentiality applies to every doctor and all persons collaborating with them. Certyneo applies strict data isolation by organisation, end-to-end encryption, and exhaustive access logging — all technical prerequisites to preserve medical confidentiality during the signing phase.
Consent must be free, informed and revocable. Certyneo's advanced electronic signature guarantees patient identification, timestamps consent precisely (to start withdrawal or reflection periods), and allows later revocation through a new traceable contradictory envelope in the history.
As of this page's publication date, Certyneo is not an HDS hosting provider. For documents containing personal health data, we recommend affected establishments discuss this with our team to identify the appropriate scenario (dedicated deployment via an HDS partner, or limitation to documents without health data). HDS certification is on our public roadmap.
Yes. Article L1111-4 of the Public Health Code requires free, informed and revocable consent, but does not prescribe any particular form. Article 1367 of the Civil Code recognises electronic signature as equivalent to handwritten signature provided it uses a reliable process — which Certyneo's advanced signature (AES) ensures.
TLS 1.3 encryption in transit, AES-256 at rest, strict data isolation by organisation, no access to cleartext by our teams without documented escalation. Certyneo does not store medical content itself (except what is in the PDF): only metadata necessary for managing signatures (envelope identifier, emails, timestamps) is retained in the database.
Yes. The Claeys-Leonetti Act of 2 February 2016 and Article L1111-11 of the CSP allow advance directives to be drafted freely, with no imposed form. An advanced timestamp-verified electronic signature with strong patient identification meets evidential requirements — directives remain of course revocable at any time through a new envelope.
Yes, technically, via our documented REST API (see /docs) and real-time webhooks — however, no native connector is currently published for French HIS systems (DxCare, Cristal-Link, Hopital Manager, Easily…). These integrations are available on quote: contact us to tailor the scenario to your establishment. For liberal practice software, Zapier and Make connectors exist for the most common applications.
Certyneo offers an "in-person signing" mode: the healthcare professional uses their own tablet or workstation to have the patient sign, with identification via SMS OTP sent to the patient or validation by a trusted third party (carer, healthcare worker). The audit trail preserves the signing context.
Our plans include 10-year archiving with evidentiary value. For medical documents requiring longer retention (20 years for certain types of hospital records, 28 years for transfusion records, lifetime for certain X-rays), extended archiving is available on request. Documents remain downloadable at any time.
The right to revoke is central to the medical framework. In practice, you create a new revocation envelope signed by the patient, which is timestamped and linked to the initial consent. The file history clearly shows both acts (consent, then revocation), which perfectly documents the situation in case of dispute.
The digitisation of medical prescriptions is accelerating in France. Discover how electronic signature secures your prescriptions whilst respecting the eIDAS legal framework and DMP requirements.
Medical confidentiality in France: legal obligations, exceptions to information sharing, criminal penalties and best practices for healthcare professionals.
Electronic signature is revolutionising the management of hospital practitioner contracts. Discover how to secure, accelerate and dematerialise your HR processes in full compliance.
Medical practice: legal and administrative obligations — patient records, billing, collaboration agreements and HDS compliance in 2026.
The medical sector is subject to the strictest compliance constraints in digital technology. Discover how to deploy a legal, GDPR-compliant and HDS-certified electronic signature for your healthcare facilities.
Professional liability insurance for health professions: coverage, minimum amounts, exclusions and claims declaration.
We use cookies to improve your experience on our site. Cookies strictly necessary for the service to function are always active. Learn more