Informed consent, patient records, advance directives, inter-facility agreements: digitize your facility's sensitive signatures with a GDPR-compliant platform, compatible with medical confidentiality and integrable with your HIS. Hosting in Germany (EU), end-to-end encryption, timestamped audit trail.
HDS Certification in Progress
Certyneo is not yet certified as a Health Data Host (HDS). This certification is in progress. For any processing of personally identifiable health data as defined in Article L. 1111-8 of the CSP, verify regulatory compliance with your DPO before deployment.
Learn more about the security roadmap →From informed consent to inter-facility agreements, including advance directives, all documents signed by a healthcare facility can be digitized.
Free, informed and revocable patient consent before a medical procedure, surgical intervention, experimental treatment or participation in research (Article L1111-4 of the French Public Health Code). Timestamped signature with audit trail.
Patient validation of medical file information, updates to allergies and medical history, consent to share with other healthcare professionals. Full traceability of signed versions.
Consent to treatment, therapeutic protocol, coordinated care pathway. Mobile signature adapted for mobile or hospitalized patients.
Patient advance directives regarding end-of-life care (Claeys-Leonetti law of February 2, 2016). Remote signature with strong identification, 10-year retention, revocable at any time by the patient.
Cooperation agreements between healthcare facilities (public-private, hospital groups, care networks), medical service agreements, contracts for independent practice in facilities.
Contracts with laboratory providers, medical device suppliers, cleaning subcontractors in sterile environments: all administrative back-office functions of a healthcare facility.
Six concrete guarantees adapted to medical confidentiality requirements and the standard of proof expected in healthcare.
Certyneo hosts all data in Germany (IONOS), in infrastructure compliant with ISO 27001 security standards. No transfers outside the EU, no Cloud Act dependency.
TLS 1.3 encryption in transit, AES-256 at rest, strict data isolation by organization. The protection level is compatible with medical confidentiality requirements defined in Article R4127-4 of the French Public Health Code.
Strong patient identification via email OTP + SMS, unique link with the signed document, detection of any subsequent modification. Proof level compatible with informed consent requirements.
French interface, WCAG AA accessible, mobile-compatible, no account creation or app download required. The patient signs in 2 minutes from their phone, at home or from their hospital room.
Duration aligned with medical record retention obligations (20 years for certain documents, extended on request). Audit trail integrated into the PDF, exportable at any time for transmission to a colleague or regulatory authority.
Electronic signature is not always appropriate: patient in vital emergency, unconscious patient, minor unrepresented. Our documentation explicitly addresses these cases and proposes alternative paths (assisted signature by a third party, postponement after stabilization).
Certyneo operates upstream of existing healthcare information systems: it collects signatures and then the signed document joins your HIS, EHR or EHR through usual channels. No native connectors are published to date — HIS integrations (DxCare, Cristal-Link, Mon Espace Santé…) are available on a custom quote basis; contact us for scoping.
Hospital Information Systems (DxCare, Cristal-Link, Hopital Manager, Easily…) can trigger the sending of a Certyneo envelope via our REST API or webhooks when a document is ready to sign. Custom integration, no certified native connector to date — contact us to scope the scenario adapted to your HIS.
Certyneo does not replace the DMP / Mon Espace Santé: it operates upstream to collect patient consent or sign clinical documents, with the signed document then deposited in the DMP via your institution's standard tool. No native Mon Espace Santé integration to date — available on quote.
Medical practice software (Doctolib Siilo, Weda, HelloDoc, AxiSanté, etc.): compatibility via Zapier, Make, and our webhooks, particularly for fee agreements, optical/dental quotes, and consents prior to non-reimbursed procedures. For a native connector, let's explore a partnership.
Specific integration project? Schedule a meeting with our team. The Certyneo API is publicly documented on our API documentation.
Health data is among the most sensitive and strictly regulated information in Europe. Certyneo applies the entire applicable framework, with full transparency — including regarding its current limitations (HDS certification on the roadmap, not yet obtained to date).
Certyneo is not currently an HDS-certified host. For documents containing personally identifiable health data, we recommend affected institutions request a dedicated deployment with an HDS partner — our roadmap includes HDS certification for the second half of the year. For signatures not containing health data (inter-institutional agreements, supplier contracts, HR), Certyneo is suitable from the start.
Article 9 of the GDPR classifies health data as sensitive data. Certyneo applies strict data minimization (only metadata necessary for signature is stored), systematic encryption, a standard DPA including preliminary impact analysis, and an up-to-date processing register.
Medical confidentiality applies to every physician and all persons collaborating with them. Certyneo applies strict data isolation by organization, end-to-end encryption, and comprehensive access logging — all technical prerequisites to preserve medical confidentiality during the signing phase.
Consent must be free, informed, and revocable. Certyneo's advanced electronic signature ensures patient identification, precisely timestamps consent (to start withdrawal or reflection periods), and enables subsequent revocation through a new traceable contradictory envelope in the history.
As of the publication date of this page, Certyneo is not an HDS-certified host. For documents containing personally identifiable health data, we recommend affected institutions discuss this with our team to identify the appropriate scenario (dedicated deployment via an HDS partner, or limitation to documents without health data). HDS certification is on our public roadmap.
Yes. Article L1111-4 of the French Public Health Code requires free, informed and revocable consent, but prescribes no particular form. Article 1367 of the French Civil Code recognizes electronic signature as equivalent to handwritten signature provided it uses a reliable process — which advanced signature (AES) Certyneo ensures.
TLS 1.3 encryption in transit, AES-256 at rest, strict data isolation by organization, no access in clear by our teams without documented escalation. Certyneo does not store medical content itself (except what is in the PDF): only metadata necessary for signature management (envelope identifier, emails, timestamps) is retained in the database.
Yes. The Claeys-Leonetti law of February 2, 2016 and Article L1111-11 of the CSP allow freely drafted advance directives, without any prescribed form. A timestamped advanced electronic signature with strong patient identification meets evidentiary requirements — directives remain revocable at any time through a new envelope, of course.
Yes, technically, via our documented REST API (see /docs) and our real-time webhooks — however, no native connector is currently published for French EHRs (DxCare, Cristal-Link, Hopital Manager, Easily, etc.). These integrations are available on quote: contact us to define the scenario best suited to your institution. For independent practice software, Zapier and Make connectors exist for the most common applications.
Certyneo offers a "signature in person" mode: the healthcare professional uses their own tablet or workstation to have the patient sign, with identification by OTP SMS sent to the patient or validation by a trusted third party (companion, caregiver). The audit trail preserves the signature context.
Our plans include 10-year archiving with evidentiary value. For medical documents requiring longer retention (20 years for certain types of hospital records, 28 years for transfusion records, lifetime for certain imaging), extended archiving is available on request. Documents remain downloadable at any time.
The right to revoke is central to the medical framework. In practice, you create a new revocation envelope signed by the patient, which is timestamped and linked to the initial consent. The file history clearly shows both acts (consent, then revocation), perfectly documenting the situation in case of dispute.
The dematerialization of medical prescriptions is accelerating in France. Discover how electronic signature secures your prescriptions while complying with eIDAS legal framework and EHR requirements.
Medical confidentiality in France: legal obligations, exceptions to information sharing, criminal penalties, and best practices for healthcare professionals.
Electronic signature is revolutionizing the management of hospital practitioner contracts. Discover how to secure, accelerate, and digitize your HR processes in full compliance.
Medical practice: legal and administrative obligations — patient records, billing, collaboration agreements and HDS compliance in 2026.
The healthcare sector is subject to the strictest digital compliance requirements. Discover how to deploy a legal, GDPR-compliant electronic signature certified HDS for your healthcare facilities.
Professional liability insurance for health professions: coverage, minimum amounts, exclusions and claims reporting.
We use cookies to improve your experience on our site. Cookies strictly necessary for the service to function are always active. Learn more