Which regulations should I apply?
Complete our two assessments to identify the regulations that apply to your solution.
Why is it important to perform both of the proposed diagnostics?
Assess your service and identify the regulatory issues that apply to you.
- The "purpose of my service" assessment helps you figure out if your service is subject to medical device regulations.
- The "data and processing" assessment allows you to identify whether your service is subject to regulatory issues, particularly those related to the processing of health data.
These assessments are complementary, and we recommend that you complete them in succession.
Please note that the assessments provided offer initial insights but are not a substitute for a personalized, in-depth analysis of your service/product by a legal expert.
Please note: the impact of the GDPR (General Data Protection Regulation) related to the processing of other personal data (account creation, etc.) is not taken into account in this assessment.
- To learn more about the GDPR, visit the CNIL's G_NIUS page.
- Visit the CNIL website
Other specific regulations govern your services/products.
Please note that you are likely subject to more specific regulations that are not covered by these two assessments.
Telemedicine Solutions Framework
Therapeutic patient education
- Article L. 1161-1 et seq. of the Public Health Code (CSP)
Patients' freedom to choose their doctor
The physician must respect the right of every person to freely choose their physician. They must facilitate the exercise of this right.
- Article R. 4127-6 of the Public Health Code (CSP)
- Code of Ethics of the National Council of the Order of Physicians (CNOM)
Agreement between the physician and healthcare professionals (collusion)
Any collusion between doctors, between doctors and pharmacists, medical assistants, or any other natural or legal persons is prohibited.
- Article R. 4127-23 of the Public Health Code (CSP)
- Code of Ethics of the National Council of the Order of Physicians (CNOM)
Prohibition on practicing medicine as a business
Medicine must not be practiced as a business. All direct or indirect advertising methods are prohibited, in particular any layout or signage that gives the premises a commercial appearance.
- Article R. 4127-19 of the Public Health Code (CSP)
- Code of Ethics of the National Council of the Order of Physicians (CNOM)
Prohibition on physicians engaging in multiple activities
A physician may only engage in another activity if such dual activity is compatible with professional independence and dignity and is not likely to enable him or her to profit from his or her prescriptions or medical advice.
- Article R.4127-26 of the Public Health Code (CSP)
- Code of Ethics of the National Council of the Order of Physicians (CNOM)
E-health regulations
In the era of big data, health data derived from patient care pathways is sensitive information. It is therefore essential to ensure its protection and security throughout the treatment process, so that services remain compliant with regulations (whether you are an institution, a professional, an innovator, etc.).
The field of digital health is a vast ecosystem that encompasses a wide range of topics, including cybersecurity, ethics, and core services. All of these topics must be taken into consideration when developing your digital service for processing or storing patient data. You need to understand all the regulations that apply to your IT project so that it meets the criteria of the ministerial roadmap and can interact with your customers' other tools (interoperability framework) without compromising the integrity of health data, while optimizing the patient care pathway.
In order to simplify and clarify this, the Ministry of Health and Solidarity has published a technical doctrine comprising five guidelines broken down into thirty actions. This doctrine is part of the implementation of the "accelerating the digital shift" roadmap. It is aimed at the healthcare sector in the broadest sense: healthcare and medico-social stakeholders, digital service providers, and digital service users. This means that all digital services handling health data in France are affected.
Identify the regulations that apply to your project with G_NIUS
You can use the technical doctrine to view a summary of the components of the e-health reference framework. The compass covers all the basic reference systems, basic services, and national platforms (Health Data Hub, Mon espace santé, etc.).
Aware of the need for project leaders (information systems, connected objects, etc.) to quickly and easily identify the regulations that apply to the implementation of their projects (laws, legal obligations), G_NIUS provides you with a regulatory diagnosis. In just a few clicks, you can find the topics (security, compliance, legal, etc.) that you need to focus on and access educational fact sheets on each of these topics to find the information you need to implement your digital project (applicable law, compliance, etc.).
Two assessments are available: the "Purpose of My Service" assessment and the "Data and Processing" assessment. Both assessments must be completed. It should be noted that the impact of the GDPR (General Data Protection Regulation) on the processing of other personal data (creation of accounts) is not taken into account in the assessment.
This integration highlights the importance of the ROR in the context of digital health and data interoperability.
G_NIUS supports digital health project leaders in understanding the regulatory framework, identifying funding, and connecting with the ecosystem to accelerate innovation in France.