What is health data?

The essentials you need to know about health data

Definition

This is any information relating to a person's state of health, physical or mental.
Examples include:

  • information relating to the identification of a person for health purposes (number, symbol, etc.)
  • information relating to tests or examinations including genetic and biological data
    • .

This data is sensitive and subject to specific regulations.

The main provisions relating to health data are as follows:

What are the main rules to follow?

Your digital service must be designed to meet certain requirements specific to the sensitivity of health data.
The data subject, especially the patient, has fundamental rights in addition to those provided for by the French Data Protection Act, which must be taken into account right from the project design stage:

  • Right to information prior to care and consent to care;
  • Right to privacy and confidentiality of information (professional secrecy);
  • Right of access to all information concerning one's health.
  • Health data security must be ensured (link to PGSSI-S Fact sheet)
  • Access to health data must be strictly controlled, especially the exchange and sharing of health data
    • .

To find out more...

Health data are not only used in the context of healthcare. It can also be the subject of secondary uses: research, evaluation of algorithms, steering of the healthcare system, innovation...

This framework is evolving with the arrival of the European Health Data Space (EEDS), due to come into force by March 2029. It provides for supervised, secure and transparent access to data, via a one-stop shop.
👉 Learn more about secondary use of health data 
 

Read more

Practical guide

Health data: beware of false friends

Some data may not appear to be health-related, but they become personal health data when they are cross-referenced with other data, or when they are used for medical purposes.

Even in the absence of a name, a person can be identified especially if you collect several pieces of information about them (for example, hospital admission date, discharge date and initials).

.

The major challenge of protecting healthcare data

Health data protection is a key issue in the age of big data, where algorithms to aid diagnosis and improve the care pathway via IT are booming. All these innovations rely on health data. So it's imperative to frame the use, the processing and collection of this personal data.

The RGPD (European Data Protection Regulation) proceeds with a broad definition of health data. According to the CNIL (Commission nationale de l'informatique et des libertés), personal health data is data relating to the past, present or future physical or mental health of a natural person that reveals information about that person's state of health.

In light of this definition, it is essential that any data collection or processing carried out by a service or IT tool complies with the relevant legislation and ensures the protection of personal data.

G_NIUS gives you the keys

The G_NIUS platform gives you the keys to understanding and applying the legal framework for health data processing to your project by providing you with the main obligations relating to health data. What does the law say? What rights do users have? What rules need to be respected?

As the CNIL is a major partner of G_NIUS, you'll find here a practical guide to the basics of data protection in your innovation projects to ensure that patients' rights are respected on this subject.

G_NIUS offers you via the regulatory department educational Fact sheets on these subjects, in particular the RGPD. You can also find a Fact sheet on the secondary use of health data.

You'll also find episodes of the podcast "100 Days to Success", on the processing health data in research (with an expert from the Health Data Hub) as well as an episode giving you the tools to enable to comply with the CNIL in the processing of health data.

Show more