What is health data?
The essentials you need to know about health data
Definition
This is any information relating to a person's state of health, physical or mental.
Examples include:
- information relating to the identification of a person for health purposes (number, symbol, etc.)
- information relating to tests or examinations including genetic and biological data .
This data is sensitive and subject to specific regulations.
The main provisions relating to health data are as follows:
- Loi Informatique et Libertés (art. 8 and chapter IX)
- Provisions on secrecy (art. L. 1110-4 du CSP)
- Provisions relating to health data security and interoperability repositories (art. L. 1110-4-1 du CSP)
- Health data hosting provisions (art. L. 1111-8 et R. 1111-8-8 et seq. du CSP)
- Provisions on making health data available (art. L. 1460-1 et seq. du CSP)
- Prohibition on transferring or commercially exploiting health data (art. L. 1111-8 du CSP, art. L 4113-7 du CSP)
What are the main rules to follow?
Your digital service must be designed to meet certain requirements specific to the sensitivity of health data.
The data subject, especially the patient, has fundamental rights in addition to those provided for by the French Data Protection Act, which must be taken into account right from the project design stage:
- Right to information prior to care and consent to care;
- Right to privacy and confidentiality of information (professional secrecy);
- Right of access to all information concerning one's health.
- Health data security must be ensured (link to PGSSI-S sheet)
- Access to health data must be strictly controlled, especially the exchange and sharing of health data .
Read more
- What is health data (source CNIL)
- What formalities for the processing of health data (source CNIL)
Practical guide
Health data: beware of false friends
Some data may not appear to be health-related, but they become personal health data when cross-referenced with other data, or when used for medical purposes.
Even without a name, a person can be identified, particularly if you collect several pieces of information about him or her (for example, hospital admission date, discharge date and initials).
The major challenge of healthcare data protection
Health data protection is a key issue in the age of Big Data, where algorithms to aid diagnosis and improve the care pathway via IT are booming. All these innovations rely on health data. So it's imperative to frame the use, the processing and collection of personal data.
The RGPD (European regulation on the protection of personal data) proceeds with a broad definition of health data. According to the CNIL (Commission nationale de l'informatique et des libertés), personal health data is data relating to the past, present or future physical or mental health of a physical person that reveals information about that person's state of health.
In light of this definition, it is essential that any data collection or processing carried out by a service or IT tool complies with the relevant legislation and ensures the protection of personal data.
G_NIUS gives you the keys
The G_NIUS platform gives you the keys to understanding and applying the legal framework for health data processing to your project, by providing you with the main obligations relating to health data. What does the law say? What rights do users have? What rules need to be respected?
As the CNIL is a major partner of G_NIUS, you'll find here a practical guide to the basics of data protection in your innovation projects, to ensure that patients' rights are respected in this area.
G_NIUS offers educational sheets on these subjects, including RGPD, via the regulatory department.
You can also find episodes of the podcast "100 days to success", on the processing health data in search (with an expert from Health Data Hub) as well as an episode giving you the tools to enable you to comply with the CNIL in the processing of health data.