Informed consent, patient records, advance directives, inter-facility agreements: digitise sensitive signatures in your establishment with a GDPR-compliant platform, compatible with medical confidentiality and integrable with your EHR. Hosted in Germany (EU), end-to-end encryption, timestamped audit trail.
HDS Certification in Progress
Certyneo is not yet certified as a Health Data Hosting provider (HDS). This certification is in progress. For any processing of personal health data within the meaning of Article L. 1111-8 of the CSP, verify regulatory compliance with your DPO before deployment.
Learn more about the security roadmap →From informed consent to inter-facility agreements, including advance directives, all documents signed by a healthcare establishment can be digitised.
Free, informed and revocable patient consent before a medical act, surgical procedure, experimental treatment or participation in research (article L1111-4 of the French Public Health Code). Timestamped signature with audit trail.
Patient validation of medical record information, updates to allergies, medical history, consent to share with other healthcare professionals. Complete traceability of signed versions.
Consent to treatment, to a therapeutic protocol, to a coordinated care pathway. Mobile signature adapted for mobile patients or hospitalised patients.
Patient advance directives concerning end-of-life care (Claeys-Leonetti Act of 2 February 2016). Remote signature with strong identification, storage for 10 years, revocable at any time by the patient.
Cooperation agreements between healthcare establishments (public-private, hospital groups, care networks), medical service agreements, contracts for private practice in establishments.
Contracts with laboratory providers, medical device suppliers, cleaning subcontractors in sterile environments: the entire administrative back-office of a healthcare establishment.
Six concrete guarantees tailored to medical confidentiality requirements and the standard of proof expected in healthcare.
Certyneo hosts all data in Germany (IONOS), in infrastructure compliant with ISO 27001 security standards. No transfers outside the EU, no dependency on the Cloud Act.
TLS 1.3 encryption in transit, AES-256 at rest, strict data isolation by organisation. The level of protection is compatible with medical confidentiality requirements defined in article R4127-4 of the French Public Health Code.
Strong patient identification via email OTP + SMS, unique link to the signed document, detection of any subsequent modification. Standard of proof compatible with informed consent requirements.
User journey in French, WCAG AA accessible, smartphone-compatible, no account creation or app download required. The patient signs in 2 minutes from their phone, at home or from their hospital room.
Duration aligned with medical record retention obligations (20 years for certain documents, extended on request). Audit trail embedded in the PDF, exportable at any time for transmission to a colleague or to the competent authority.
Electronic signature is not always appropriate: patient in life-threatening emergency, unconscious patient, unrepresented minor. Our documentation explicitly addresses these cases and proposes alternative routes (signature assisted by a third party, deferment after stabilisation).
Certyneo positions itself upstream of existing healthcare information systems: it collects signatures and the signed document then joins your EHR, EPR or DMP through standard channels. No native connectors are published to date — EHR integrations (DxCare, Cristal-Link, Mon Espace Santé…) are available on request; contact us for a scoping discussion.
Hospital Information Systems (DxCare, Cristal-Link, Hopital Manager, Easily…) can trigger the sending of a Certyneo envelope via our REST API or webhooks when a document is ready to sign. Integration on request, no certified native connector to date — contact us to define the scenario suited to your EHR.
Certyneo does not replace the DMP / Mon Espace Santé: it operates upstream to collect patient consent or sign clinical documents, with the signed document subsequently deposited in the DMP via your establishment's usual tool. No native Mon Espace Santé integration to date — available upon quote.
Medical practice software (Doctolib Siilo, Weda, HelloDoc, AxiSanté, etc.): compatibility via Zapier, Make and our webhooks, particularly for fee agreements, optical/dental quotes, consents before non-reimbursable procedures. For a native connector, let's explore a partnership.
Specific integration project? Book a meeting with our team. The Certyneo API is publicly documented on our API documentation.
Health data is among the most sensitive and tightly regulated in Europe. Certyneo applies the entire applicable framework, with full transparency — including on its current limitations (HDS certification on the roadmap, not yet obtained to date).
Certyneo is not an HDS hosting provider to date. For documents containing personal health data, we recommend concerned establishments request a dedicated deployment with an HDS partner hosting provider — our roadmap includes HDS certification for the second half. For signatures not containing health data (inter-establishment agreements, supplier contracts, HR), Certyneo is suitable from the outset.
Article 9 of GDPR classifies health data as sensitive data. Certyneo applies strict minimisation (only metadata necessary for signature is stored), systematic encryption, a standard DPA including preliminary impact assessment, and a regularly updated processing register.
Medical confidentiality applies to every physician and all persons working with them. Certyneo applies strict data isolation by organisation, end-to-end encryption, and exhaustive access logging — all technical prerequisites to preserve medical confidentiality during the signature phase.
Consent must be free, informed and revocable. Certyneo's advanced electronic signature guarantees patient identification, precisely timestamps their consent (to trigger withdrawal or reflection periods), and enables later revocation via a new countersigned envelope traced in the history.
As of the publication date of this page, Certyneo is not an HDS hosting provider. For documents containing personal health data, we recommend concerned establishments discuss this with our team to identify the appropriate scenario (dedicated deployment via an HDS partner, or limitation to documents without health data). HDS certification features on our public roadmap.
Yes. Article L1111-4 of the Public Health Code requires free, informed and revocable consent, but does not prescribe any particular form. Article 1367 of the Civil Code recognises electronic signature as equivalent to handwritten signature insofar as it uses a reliable procedure — which Certyneo advanced signature (AES) ensures.
TLS 1.3 encryption in transit, AES-256 at rest, strict data isolation by organisation, no clear-text access by our teams without documented escalation. Certyneo does not store medical content itself (except what is in the PDF): only metadata necessary for signature management (envelope ID, emails, timestamps) is kept in the database.
Yes. The Claeys-Leonetti Act of 2 February 2016 and Article L1111-11 of the CSP permit free drafting of advance directives, with no imposed form. A timestamped advanced electronic signature with strong patient identification meets evidential requirements — directives remain fully revocable at any time via a new envelope.
Yes, technically, via our documented REST API (see /docs) and real-time webhooks — no native connector is currently published for French EHRs (DxCare, Cristal-Link, Hopital Manager, Easily, etc.). These integrations are available upon quote: contact us to scope the scenario suited to your establishment. For liberal practice software, Zapier and Make connectors exist for the most common applications.
Certyneo offers an "in-person signing" mode: the healthcare professional uses their own tablet or workstation for the patient to sign, with identification via OTP SMS sent to the patient or validation by a trusted third party (carer, clinician). The audit trail preserves the signature context.
Our plans include 10-year archiving with probative value. For medical documents requiring longer retention (20 years for certain hospital file types, 28 years for transfusion records, lifetime for certain X-rays), extended archiving is available on request. Documents remain downloadable at any time.
The right to revoke is central to the medical framework. In practice, you create a new revocation envelope signed by the patient, which is timestamped and linked to the initial consent. The file history clearly shows both acts (consent, then revocation), which thoroughly documents the situation in case of dispute.
The dematerialisation of medical prescriptions is accelerating in France. Discover how electronic signature secures your prescriptions whilst respecting the eIDAS legal framework and DMP requirements.
Medical confidentiality in France: legal obligations, exceptions to information sharing, criminal consequences and best practices for healthcare professionals.
Electronic signature is revolutionising the management of hospital practitioner contracts. Discover how to secure, accelerate and dematerialise your HR processes in full compliance.
Medical practice: legal and administrative obligations — patient records, billing, collaboration agreements and HDS compliance in 2026.
The healthcare sector is subject to the strictest constraints in terms of digital compliance. Discover how to deploy a legal electronic signature that is GDPR-compliant and HDS-certified for your healthcare facilities.
Professional civil liability insurance for healthcare professionals: coverage, minimum amounts, exclusions and claims reporting.
We use cookies to improve your experience on our site. Cookies strictly necessary for the service to function are always active. Learn more