Healthcare establishments can no longer put off the digital shift
Summer isn’t even over yet, and the new school year is already shaping up to be a tense one for educational institutions. The focus is on the widespread adoption of strong authentication in business software, a technical, regulatory and strategic turning point that no one will be able to ignore by January 2026. A deadline? No. A shift.
While digital health players are still fine-tuning the deliverables of the second wave of the Ségur digital plan, a requirement long perceived as technical—MFA (Multi-Factor Authentication)—is now at the heart of health data access policies. With it comes a requirement: the use of certified electronic identification methods to consult the DMP, access MSSanté services, and even code certain procedures. It’s an invisible but crucial mechanism.
A technical standard becomes a barrier
For years, access to digital health services has been structured around the RPPS number and CPS cards. But in the age of the cloud, cyber threats and portability of use, these measures are no longer sufficient. The new rule is simple: one authentication, two factors.
Whether using a physical CPS card, access via the e-CPS app or FIDO2 keys, healthcare professionals will have to prove that they are who they say they are. This requirement is all the more important as it will determine access to the DMP from 2026 onwards, which is now essential for Ségur funding, image sharing and city-hospital and medico-social coordination projects.
The deadline is 1 January 2026… but the shift needs to start now
The date is set in stone: from 1 January 2026, business software will have to refuse all access to the DMP without strong authentication. This is no longer a recommendation, but a regulatory requirement resulting from the Electronic Identification Reference Framework (RIE) and HAS certification.
But waiting until 2026 would be a strategic mistake. The functions concerned – particularly in EHRs, RIS, PMSI and DUI – are already starting to be rolled out. And above all, a temporary funding scheme, the Hospi Connect programme, will be launched in September 2025 to support institutions in this transformation. After that, it will be too late.
MFA: obscure technology or lever for digital sovereignty?
Behind the acronym lies a double promise: increased security and clear access governance. For institutions, it is also an opportunity to regain control over their authorisations, which are often stacked up and poorly documented.
The role of the CISO, identity federation via Pro Santé Connect, registration of professionals in the RPPS+, prioritisation of access levels… a whole section of the HIS is being overhauled under the impetus of a more demanding but also more transparent framework. This shift should be seen as a strategic project as much as a technical imperative.
A window of opportunity: Hospi Connect
This is the other area of focus. The Hospi Connect programme, scheduled for September 2025, is designed to provide budgetary support for establishments still in the equipment or structuring phase:
- Purchase and deployment of MIE (CPS, e-CPS, FIDO2),
- Software integration of strong authentication,
- Support for PSC connection (direct or federated),
- Registration with RPPS+, including for authorised non-medical personnel.
This funding, coordinated by the Digital Health Agency, will be conditional on proactive steps being taken at the start of the new academic year. Those who plan ahead will be able to have a substantial part of their transition funded. Others risk having to pay the cost themselves.
What now?
MFA is not a plugin. It is a new layer of infrastructure in the digital architecture of institutions. Those who are approaching the start of the new academic year with a clear head know that the work ahead cannot be managed on the sidelines: it is a project to transform the IS, at the crossroads of legal, functional, technical and political issues.
It is also an opportunity to overhaul access, responsibilities and the way sensitive data circulates within the institution.