Digital Health, Made Clear

EU Regulation 2024/1689 entering into force in stages. Health AI systems are classified as "high risk" and subject to strict obligations (documentation, conformity assessment, human oversight) from August 2026. My Data My Care V1 remains explicitly outside medical device scope — predictive AI is planned for V2 with AI Act framing.

Modern algorithm for key derivation from a password. Winner of the Password Hashing Competition 2015. Resistant to GPU and ASIC attacks. Used by MDMC to derive your encryption key from your passphrase, directly on your device.

2018 US law (Clarifying Lawful Overseas Use of Data Act) that allows US authorities to demand access to data held by a company subject to US law, even if that data is hosted outside the USA. Any French health service hosted on AWS or Azure is concerned. MDMC hosts exclusively with a French HDS-certified provider — outside the Cloud Act.

Smart card issued by ASIP Santé to French healthcare professionals, containing their professional identity and RPPS number. Enables strong authentication to digital health services (DMP, MSSanté, FSE). MDMC supports CPS natively via the IN-RPPS teleservice.

French digital medical record created in 2004, piloted by CNAM, now integrated into Mon Espace Santé since 2022. Contains hospitalization reports, analysis results, prescriptions, vaccinations. MDMC consumes it via the Mon Espace Santé API.

EU 2025 regulation creating a common framework for health data portability between the 27 member states. Every European citizen will be able to consult and share their medical record from one country to another. MDMC is built from the outset to interface with EHDS.

Fast Healthcare Interoperability Resources, version R4. International HL7 standard for structured medical data exchange. "FR Core" profile under consolidation by ANS for France. MDMC uses FHIR R4 end-to-end — including for the GDPR portability export in 1 click.

Dematerialized version of the paper care sheet, transmitted to CNAM via SEPHORA. Mandatory for practitioners in private practice. Integrated in the MDMC pro module.

EU Regulation 2016/679 applicable since May 2018. Defines people's rights (access, rectification, erasure, portability, opposition) and the obligations of data controllers. Health data is classified as "sensitive data" (article 9) with reinforced safeguards.

French certification required to host personal health data (article L. 1111-8 CSP). Issued by an accredited certifying body. HDS v2 version mandatory from May 16, 2026. MDMC and its host are HDS v2 certified.

Unique and permanent patient identifier in France, calculated from their civil status (INSEE number + identity traits). Checked via the INSi teleservice. Mandatory for any French health service since 2021. MDMC verifies INS-IAS at registration.

HAS certification attesting that medical software respects good prescribing practices (interaction alerts, therapeutic choice support). The MDMC LAP relies on Thériaque (ANSM, non-commercial) or BCB, never on Vidal (commercial publisher).

Public service automatically opened in 2022 to all insured persons. Aggregates DMP, agenda, secure messaging, partner application catalog. MDMC is a candidate for the MES catalog referencing — positioning us as an official consumer application of your public health data.

Set of operators approved by ASIP Santé (Mailiz, Sisra, Medimail…) allowing health pros to exchange medical messages and documents in GDPR/HDS compliance. MDMC integrates the 3 main ones with automatic failover.

Qualification issued by ANSSI guaranteeing that a cloud service is immune to extraterritorial laws (Cloud Act). Required for sensitive state data. Qualified providers in France are mainly OVHcloud, Outscale and Scaleway. MDMC aims for SecNumCloud qualification for its production infrastructure.

National program piloted by ANS and DNS to make French healthcare software interoperable (LGC, hospitals, pharmacies, labs). Wave 2 underway until October 14, 2026. MDMC is designed from the outset to be Ségur V2 referenced.

Software architecture in which the provider hosting the data cannot access it. Data is encrypted by the user before sending, with a key that never leaves their device. MDMC is built according to this principle: even under judicial constraint, we technically cannot unlock your passport.