Validating patient identity via the INSi tele-service from Assurance Maladie is a prerequisite for entering vaccination notes into the DMP. Installing software certificates is essential to activate the INSi and DMP tele-services in your Colibri software. The procedure for ordering certificates from the Agence du Numérique en Santé (ANS), the only organisation authorised to issue the required certificates, is detailed below.
What is a software certificate?
Software certificates are part of the electronic identification means (MIE): it is a computer file that acts as a digital identity card to guarantee the identity of a legal entity (health centre, social or medico-social structure, hospital, or clinic...) and to allow it access to digital health services (including the INSi tele-service and the DMP). Thus, professionals of the structure can access digital health services without using their personal identification means (CPx cards).
Summary of required certificates
Three certificates are required to use the INSi tele-service and feed the DMP via Colibri:
-
INSi query (prerequisite for feeding the DMP: qualification of patient identity)
- 1 - ORG AUTH_CLI for authentication with the INSi tele-service (note: this certificate must be named “INSI-MANU” to work in Colibri)
-
Feeding the DMP
- 2 - ORG AUTH_CLI for authentication with the DMP during data entry
- 3 - ORG SIGN for the electronic signature of documents before sending
ANS guides and resources
The process for ordering software certificates is described in this appendix. It comes from the “certificate ordering guides” provided by the ANS:
- Hospital corridor v0.8 of 13/10/2023
- Medico-social corridor v0.9 of 13/02/2024
- City medicine corridor v0.4 of 12/12/2022
- I want to request a certificate on IGC-Santé
The forms to use for these procedures are available from the index of forms on the ANS website.
Procedure for ordering software certificates
- Sign a membership contract with the ANS via the CA form and order a director’s card (CDE) via the F101 form.
Note: if there has already been a contract with the ANS for other projects, it is not necessary to sign a new contract.
The legal and geographical FINESS numbers of your structure can be found:
- in the FINESS database: finess.sante.gouv.fr
- in the health directory: annuaire.sante.fr
The choice of legal or geographical FINESS for contracting and ordering certificates depends on the type of structure (hospital or clinic, ESMS, city medicine) and its information system. Generally, it is the FINESS of the legal entity (EJ) for establishments (managing organisation for an ESMS) and the FINESS of the geographical entity (EG) for city medicine structures. Please refer to the Certificate ordering Guides (available at the top of this article in ANS guides and resources) to determine the relevant FINESS (legal or geographical) for your type of structure.
→ CA/F101 form online: https://demarche.numerique.gouv.fr/commencer/contrat-d-adhesion-f101
→ CA form in PDF format: https://esante.gouv.fr/sites/default/files/media_entity/documents/Contrat_adhesion.pdf
→ F101 form in PDF format: https://esante.gouv.fr/sites/default/files/media_entity/documents/F101.pdf
- Identify one or more technical administrators to manage the certificates, as well as a possible proxy of the legal representative for health establishments. The technical administrator must have an active CPx card (CPS or CPE), obtained via the TOPS service or the F301 form.
You can appoint one or more technical administrators within your structure or delegate this role to SYADEM for the Colibri software.
To delegate certificate management (request, withdrawal, revocation, and monitoring) to SYADEM for Colibri, you can contact us via support.
In a city medicine structure, if a healthcare professional wishes to appoint a staff member as technical administrator, they can request a CPE card for this person with their CPS card via the TOPS service.
→ TOPS service: https://tops.eservices.esante.gouv.fr/tops/pageAccueil/accueil.html
In a hospital, social or medico-social establishment, the legal representative can appoint a proxy to carry out procedures related to electronic identification means via the TOPS platform. The legal representative (or the proxy, if applicable) can request a CPE card for the technical administrator via the F301 form.
→ TOPS service: https://tops.eservices.esante.gouv.fr/tops/pageAccueil/accueil.html
→ F301 form online: https://demarche.numerique.gouv.fr/commencer/f301
→ F301 form in PDF format: https://esante.gouv.fr/sites/default/files/media_entity/documents/F301.pdf
- Appoint the technical administrator(s) of the structure and order the certificates via the F413 form. The processing time for this request is 3 days.
Note: Technical administrators are appointed for only one type of certificate, here the “ORG” (organisation) type.
→ F413 form online: https://demarche.numerique.gouv.fr/commencer/f413
→ F413 form online via the MesHabilitations portal: https://meshabilitations.esante.gouv.fr/login
→ F413 form in PDF format: https://esante.gouv.fr/sites/default/files/media_entity/documents/F413.pdf
If the role of technical administrator is delegated to SYADEM for Colibri, SYADEM will fill in this form and have it signed by the legal representative of your structure (or their proxy).
Generate and download the software certificates with the technical administrator’s card (CPS/CPx or e-CPS/e-CPX) via the IGC-Santé platform. Refer to the guide I want to request a certificate on IGC-Santé.
Note: In “Product Information”, enter “INSI-MANU” (in upper case and without spaces) for the INSi certificate or the desired naming for DMP certificates.
→ IGC-Santé platform: https://pfc.eservices.esante.gouv.fr/pfcng-ihm/authentication.xhtml
The process in practice
See the guide: I want to request a certificate on IGC-Santé
Go to the “Request” menu
Step 1
- “Offer”: select “ORG”
- “Structure”: select the structure for which the certificate is requested from those offered (if it does not appear, the technical administrator is not authorised for this structure)
- Click “Next”
Step 2
- Click “Request a new product” at the top right
Step 3
- “Product information”: enter “INSI-MANU” (in upper case and without spaces) for the INSi certificate, or the desired naming for the DMP (for example “DMPColibriName of your structure”)
- “Contact information”: enter the email address of the person who will be the main recipient of notifications related to the certificate (“Actor’s email”), and optionally the email address of an additional person to be informed (“Email of a person to be informed”)
Step 4
- If a CSR was created during a previous procedure, click “You have already created your CSR, you will upload it to the platform”, click “Upload the CSR” and select the CSR file on your computer.
- Otherwise, click “You do not have a CSR to upload, you will create it online”, choose a password (note: keep it safe, it is essential for certificate collection), click “Generate the CSR”, then “Finish”
Step 5 : “Finalisation”
- Click “Collect”
- Download and implement the certificates.
Once the notification of certificate availability is received, log in to the IGC-Santé platform with the technical administrator’s card and download the software certificate. Send the software certificate to SYADEM via support, specifying the name of the organisation and the Colibri team, the structure’s FINESS, and the name of the team manager.
Note: Certificate installation depends on the implementation of each software. The certificate store in the Colibri software is managed by SYADEM, which must therefore perform the installation.
Validity
The issued certificate has a validity period of 3 years from the date of issue. A notification will be sent 1 month before expiry to the email addresses provided in “Contact information” (Step 3).
Renewal
To renew an existing certificate before it expires, go to IGC-Santé with the technical administrator’s card. At step 2, click “Search for a product” to display existing software certificates (instead of Requesting a new product) and request renewal of the desired certificate (see the guide I renew a certificate on IGC-Santé).
→ IGC-Santé platform: https://pfc.eservices.esante.gouv.fr/pfcng-ihm/authentication.xhtml
Glossary
| ANS | Agence du Numérique en Santé (French government agency in charge of digital health) |
| CDE | Director’s Card |
| CPA | Authorised Personnel Card |
| CPE | Establishment Personnel Card |
| CPS | Health Professional Card |
| CPx | Electronic professional identity card |
| CRS | Certificate Signing Request |
| DMP | Shared Medical Record (Digital medical record designed to promote prevention, quality, continuity, and coordinated patient care. It is accessible via Mon espace santé for French citizens) |
| EJ | Legal entity (Refers to a legal person (can be a managing organisation in the case of social and medico-social establishments). One or more geographical entities can be attached to a legal entity) |
| EG | Geographical entity (Refers to a geographical location of a legal entity. A geographical entity is attached to only one legal entity) |
| ESMS | Social and Medico-Social Establishment or Service |
| FINESS | National File of Health and Social Establishments (Service providing registration of establishments and legal entities holding an authorisation or approval) |
| IGC-Santé | Certification authority that issues software certificates on behalf of the ANS |
| INS / INSi | National Health Identity (Unique and permanent identifier enabling the correct identification of users and referencing of health data. It consists of the national health identifier and the user's identity details as known in the civil registry) |
| INSi | Integrated National Health Identity (Tele-service that allows health and medico-social professionals to obtain a patient's/user's INS. It is one of the prerequisites for feeding the user's DMP) |
| MIE |
Electronic identification means (CPx card, software certificate, e-CPx…) See Which electronic identification means for which uses? https://esante.gouv.fr/quels-moyens-didentification-electronique-pour-quels-usages |
| OG | Managing organisation (Legal entity responsible for managing ESMS) |