eHealth regulations

Health data is valuable and sensitive.

In order to protect the rights of users and the confidentiality of the patient-provider relationship, there is a special regulatory framework for eHealth.

Understanding the regulations required by your project is fundamental not only when planning how to build your service, but also its ability to be deployed and integrated into your customers' tools.

G_NIUS helps you understand the regulations

Overview of eHealth Regulations 

As a reminder, according to the CNIL, health data is data concerning the physical or mental health of an individual, whether past, present or future. Your digital tools, connected objects, and medical devices may use, process, or store personal health data. If this is the case with your innovation, you must comply with a strict security framework to ensure the protection of patients' personal and health data.  

This part of the site compiles all regulatory issues applicable to eHealth in the form of fact sheets. All these regulatory aspects are consolidated in the ministerial roadmap to promote the acceleration of eHealth and are classified according to their functionality:  


This includes regulations relating to secure connection services (ApCV (Carte Vitale application), e-CPS, Pro Santé Connect), the General Data Protection Regulation (GDPR), regulations and national services relating to directories and repositories in the medical field (ROR, RPPS+,FINESS+), regulations concerning the hosting of health data (HDS), regulations concerning the French National eHealth ID (INS), the General Security Policy for Health Information Systems (PGSSI-S), regulations applicable to medical devices, and more. 


The interoperability domain is composed of the Interoperability Framework for Health Information Systems (CI-SIS), which sets the rules for communicating health information, the health terminology management centre (CGTS), which distributes semantic resources for the health and social care sector free of charge, and the Multi-Terminology Server (SMT), which is the tool for disseminating and managing health terminologies. 

Core services 

This domain includes all the basic services such as the shared medical record (DMP), the e-Prescription, which entails making the prescription process more digital, and finally the secure messaging system for professionals and citizens (MSSanté). 

Digital platforms 

A package of services allows health professionals to access several services in a single place, the Health Data Hub, which facilitates access to health data for innovative general-interest projects under highly secure conditions that preserve citizens' rights, and My Health Space (MES) which is a personal space where users manage their own health data. 

How can G_NIUS help me better understand regulatory issues? 

The regulatory framework varies depending on the nature and purpose of your innovation project (medical device, digital application, healthcare service, etc.), on the technologies used for processing and/or storing personal data, on who its end-users are (healthcare professionals, healthcare institutions, the general public, etc.). 

The National Portal for eHealth Innovation (G_NIUS), which is the result of the roadmap for digital health from the Ministerial eHealth Delegation (DNS) and is operated by the Agence du Numérique en Santé (ANS), is a portal for services and content designed to accelerate the digital shift through the development of harmonised, communicating, interoperable digital services. Our platform helps you to know and understand the legal framework that will govern your digital project, by offering you a toolbox containing a personalised diagnosis and fact sheets, all with the aim of getting your digital eHealth tool to market faster. 

Show more