These companies are therefore referred to as “teleconsultation companies.”
Obtaining accreditation is contingent, in particular, on the prior issuance by the Digital Health Agency (Agence du numérique en santé, ANS) of a certificate of compliance for the digital tools and services used by teleconsultation companies in accordance with all the requirements of a set of standards.
This framework covers the interoperability, security, and ethics of teleconsultation information systems. It was first approved in an order (‘arrêté’) of February 9, 2024 — in addition to the procedure for issuing the certificate of compliance.
Presumably to take into account the burdensome nature of the process of verifying compliance with the standards [or, where applicable, achieving compliance with the standards], which places a heavy burden on companies seeking “teleconsultation company” certification, the order of February 9, 2024, already provided in Article 3 for the possibility of obtaining a certificate that could be classified as “transitional” [valid from July 1, 2024, through December 31, 2024], provided that:
(i) supporting documentation is provided regarding compliance with requirements pertaining to the functional areas specified in that same article;
(ii) and a commitment is made to obtain the certificate of compliance with the framework by December 31, 2024, at the latest.
By an order dated October 18, 2024,a new version of this framework (1.5.1) was subsequently made enforceable.
This same order of October 18, 2024, by amending the order of February 9, 2024 to introduce Article 3 bis, further established two new periods and procedures for the issuance and validity of “transitional” certificates for companies committing to obtain the certificate of compliance with the framework by December 31, 2025 at the latest:
(a) Companies submitting supporting documents attesting to compliance with requirements in the following areas may obtain a “transitional” certificate valid until June 30, 2025:
- National Health Identity,
- GDPR
- Pro Santé Connect,
- Health Directory,
- General Security Policy for Health Information Systems (excluding penetration testing),
- Administration,
- Billing,
- System Ethics/Territoriality.
(b) Companies that submit, in addition to the supporting documents mentioned in point (a) above, supporting documents attesting to compliance with requirements in the following areas – may be issued a “transitional” certificate valid until December 31, 2025:
- General Security Policy for Healthcare Information Systems (here, unlike in point a, without excluding “penetration tests”),
- Secure Healthcare Messaging,
- DMP,
- Document Format (CDA).
Overall, this order of 18 October 2024 grants companies seeking “teleconsultation company” accreditation an additional period to comply with all requirements set forth in the standards, by obtaining a “transitional” certificate provided they demonstrate compliance with requirements that can be classified as “major” and commit to obtaining the certificate of compliance with the reference framework by December 31, 2025.
Written by Léa COSTANTINI and Lorena GOUDENEGE
