What is health data?
The basics of health data
This is any information relating to a person's state of health, physical or mental
It includes, for example, the following information:
- information relating to identifying a person for health purposes (number, symbol, etc.)
- information on tests or examinations including genetic and biological data
- information on diseases, symptoms, treatments, disabilities, medical history, etc.
Such data is sensitive and is subject to special regulations
In France, the main legal provisions relating to health data are:
- The “Informatique et Libertés” Act (art. 8 and chapter IX)
- Provisions on confidentiality (art. L. 1110-4 of the CSP)
- Provisions relating to health data security and interoperability standards (art. L. 1110-4-1 of the CSP)
- Provisions on the hosting of health data (art. L. 1111-8 and R. 1111-8-8 et seq. of the CSP)
- Provisions on making health data available (art. L. 1460-1 et seq. of the CSP)
- Ban on the transfer or commercial use of health data (art. L. 1111-8 of the CSP, art. L 4113-7 of the CSP)
What are the main rules to follow?
Your digital service must be designed to meet certain requirements designed to respect the sensitivity of health data.
The data subject, especially the patient, has fundamental rights in addition to those provided for by the “Informatique et Libertés” Act, which must be taken into account from the project design stage:
- Right to be informed prior to care and consent to care
- Right to privacy and confidentiality of information (professional secrecy)
- Right of access to all information concerning one's health
- The security of health data must be ensured (link to PGSSI-S page)
- Access to health data must be strictly controlled, especially the exchange and sharing of health data
Find out more
- What is health data (source: CNIL)
- What are the formalities for processing health data (source: CNIL)
Health data: Beware of hidden dangers
Some data may not appear to be health-related, but they become personal health data when they are cross-referenced with other data, or when they are used for medical purposes.
Even without a name, a person can be identified, especially if you collect several pieces of information about them (e.g., hospital admission date, discharge date, and initials).