Informed consent, patient record, advance directives, inter-institutional agreements: digitise the sensitive signatures of your institution with a GDPR-compliant platform, compatible with medical confidentiality and integrable with your hospital information system. French hosting, end-to-end encryption, timestamped audit trail.
HDS certification in progress
Certyneo is not yet certified as a Health Data Host (HDS — Hébergeur de Données de Santé). This certification is currently being obtained. For any processing of personal health data within the meaning of Article L. 1111-8 of the French Public Health Code, please verify regulatory compliance with your DPO before deployment.
Learn more about our security roadmap →From informed consent to inter-institutional agreements and advance directives, every signed deed in a healthcare institution can be digitised.
Free, informed and revocable consent from the patient before a medical procedure, surgery, experimental treatment or participation in research (Article L1111-4 of the French Public Health Code). Timestamped signature with full audit trail.
Patient validation of information in a medical record, updates to allergies and medical history, consent to sharing with other healthcare professionals. Full traceability of signed versions.
Consent to treatment, to a therapeutic protocol, to a coordinated care pathway. Mobile-friendly signature suited to patients on the move or in hospital.
Patient's advance directives regarding end of life (Claeys-Leonetti Act of 2 February 2016). Remote signature with strong identification, retained for ten years, revocable by the patient at any time.
Cooperation agreements between healthcare institutions (public-private, Hospital Territorial Groups, care networks), medical services agreements, private practice contracts within an institution.
Contracts with lab service providers, medical device suppliers, cleaning subcontractors in sterile environments: the entire administrative back office of a healthcare institution.
Six concrete guarantees tailored to the requirements of medical confidentiality and the evidentiary level expected in healthcare.
Certyneo hosts all data in Germany (IONOS), in infrastructure compliant with ISO 27001 security standards. No transfers outside the EU, no exposure to the Cloud Act.
TLS 1.3 in transit, AES-256 at rest, strict data isolation per organisation. The level of protection is compatible with the medical-confidentiality requirements set out in Article R4127-4 of the French Public Health Code.
Strong patient identification through email + SMS OTP, unique link with the signed deed, detection of any subsequent modification. An evidentiary level compatible with informed-consent requirements.
Journey available in multiple languages, WCAG AA accessible, smartphone-friendly, with no account creation and no app to download. The patient signs in two minutes from their phone, at home or from their hospital room.
Duration aligned with medical record retention obligations (20 years for some documents, extended on request). Audit trail embedded in the PDF, exportable at any time for handover to a colleague or a regional conciliation commission.
Electronic signatures are not always appropriate: patients in life-threatening emergencies, unconscious patients, minors without a representative. Our documentation addresses these cases explicitly and proposes alternative journeys (third-party-assisted signature, deferral after stabilisation).
Certyneo sits upstream of existing healthcare information systems: it collects signatures and the signed document is then routed to your hospital information system, electronic patient record or national DMP through the usual channels.
Hospital information systems (DxCare, Cristal-Link, Hopital Manager, Easily, etc.) can trigger the sending of a Certyneo envelope through our REST API or webhooks whenever a document is ready to sign in the patient record.
Certyneo does not replace the DMP: it sits upstream to collect patient consent or sign clinical documents. The signed document can then be uploaded into the DMP through your institution's usual tool.
Medical practice software (Doctolib Siilo, Weda, HelloDoc, AxiSanté, etc.): integration through webhooks and Zapier/Make, especially for fee agreements, optical/dental quotes and consent before non-reimbursed procedures.
Specific integration project? Book a call with our team. The Certyneo API is publicly documented at our API documentation.
Health data is among the most sensitive and most tightly regulated in Europe. Certyneo applies the entire applicable framework, transparently — including its current limits.
Certyneo is not an HDS-certified host to date. For documents containing personal health data, we recommend that the relevant institutions discuss a dedicated deployment with a partner HDS host — our roadmap includes HDS certification in the second half of the year. For signatures that do not contain health data (inter-institutional agreements, supplier contracts, HR), Certyneo is suitable out of the box.
Article 9 of the GDPR classifies health data as sensitive. Certyneo applies strict minimisation (only the metadata required for signing is stored), systematic encryption, a standard DPA including a preliminary impact assessment, and an up-to-date processing register.
Medical confidentiality applies to every doctor and to everyone who works with them. Certyneo applies strict data isolation per organisation, end-to-end encryption and exhaustive access logging — every technical prerequisite to preserve medical confidentiality during the signing phase.
Consent must be free, informed and revocable. Certyneo's advanced electronic signature guarantees patient identification, precisely timestamps their consent (to start withdrawal or reflection periods) and supports subsequent revocation through a new counter-envelope tracked in the history.
The Health Insurance Portability and Accountability Act regulates protected health information (PHI) in the US. HIPAA's Security Rule requires administrative, physical, and technical safeguards equivalent to the European HDS certification: access controls, audit logs, encryption in transit, and integrity controls — all of which Certyneo's pipeline implements. Business Associate Agreements (BAAs) are signed on demand for healthcare clients processing PHI.
The FDA's regulation for electronic records and electronic signatures applies to pharmaceutical, biotech, and medical-device companies submitting data to the agency. Part 11 requires identity verification, audit trails immune to tampering, and signatures that are the legal equivalent of handwritten signatures. Certyneo's PAdES-LT signatures with qualified timestamps satisfy the technical controls; the regulated entity remains responsible for the procedural controls (training, SOPs, system validation).
The Health Information Technology for Economic and Clinical Health Act strengthens HIPAA enforcement and incentivises certified EHR adoption. Electronic signatures on consent forms, prescriptions, and clinical documentation feed directly into meaningful-use criteria. Certyneo's REST API integrates with major EHRs (Epic, Cerner, Allscripts) via FHIR-compatible webhooks for documents that need to round-trip back into the patient record.
At the time this page was published, Certyneo is not an HDS host. For documents containing personal health data, we recommend that the relevant institutions discuss the most suitable scenario with our team (dedicated deployment through a partner HDS host, or limiting use to documents with no health data). HDS certification is on our public roadmap.
Yes. Article L1111-4 of the French Public Health Code requires free, informed and revocable consent but prescribes no particular form. Article 1367 of the Civil Code recognises electronic signatures as equivalent to handwritten signatures provided they rely on a reliable process — which Certyneo's advanced signature (AES) delivers.
TLS 1.3 in transit, AES-256 at rest, strict data isolation per organisation, no clear-text access by our teams without documented escalation. Certyneo does not store the medical content itself (beyond what is in the PDF): only the metadata required to manage signatures (envelope identifier, emails, timestamps) is kept in the database.
Yes. The Claeys-Leonetti Act of 2 February 2016 and Article L1111-11 of the French Public Health Code allow advance directives to be drafted freely, with no required form. An advanced electronic signature timestamped with strong patient identification meets the evidentiary requirements — directives of course remain revocable at any time through a new envelope.
Yes. Certyneo exposes a documented REST API (see /docs) and real-time webhooks. DxCare, Cristal-Link, Hopital Manager, Easily and other SIH platforms can trigger the sending of envelopes when a patient document is ready to sign. Zapier and Make connectors also cover private practice software.
Certyneo offers an "in-person signing" mode: the healthcare professional uses their own tablet or workstation to have the patient sign, with identification through an SMS OTP sent to the patient or validation by a trusted third party (carer, caregiver). The audit trail retains the context of the signature.
Our plans include ten-year probative-value archiving. For medical documents requiring longer retention (20 years for some types of hospital file, 28 years for transfusion records, lifetime for some imaging) extended archiving is available on request. Documents remain downloadable at any time.
The right to revoke consent is central in healthcare. In practice, you create a new revocation envelope signed by the patient, which is timestamped and linked to the original consent. The case history clearly shows both acts (consent, then revocation), which fully documents the situation in the event of a dispute.
The FedRAMP framework imposes strict requirements on cloud solutions used by U.S. federal health organizations. Discover how HDS and FedRAMP-compliant electronic signature addresses these challenges.
Associations and NGOs handling health data are subject to the HDS framework, which is often poorly understood in this sector. Discover the actual obligations and steps to achieve compliance.
Electronic signature is revolutionizing the management of hospital practitioner contracts. Discover how to secure, accelerate and dematerialize your HR processes in full compliance.
The dematerialization of medical prescriptions is accelerating in France. Discover how electronic signature secures your prescriptions while complying with the eIDAS legal framework and EHR requirements.
The digitization of informed consent is transforming hospital practices in 2026. Discover how electronic signature secures your forms while complying with legal frameworks.
The healthcare sector is subject to the strictest requirements for digital compliance. Discover how to deploy a legal, GDPR-compliant electronic signature certified HDS for your healthcare facilities.
We use cookies to improve your experience on our site. Cookies strictly necessary for the service to function are always active. Learn more