Diagnostics: Data and Processing
Attention, the suggested results correspond to the answers checked. They provide an initial insight but they are no substitute for the personalised and in-depth analysis that a legal or regulatory expert can provide
Who has access to a user's personal data?
What is the regulation on access to data?
As a reminder, access to health data is regulated:
A distinction must be made between whether the user is the only one to access the health data he/she inputs in the product or service, or whether third parties can also access it.
In the context of the care team, the user becomes the patient
As concerns health data and the transmission to caregivers, only the people in the care team for whom the patient has given consent can access this data covered by medical secrecy.
Regulations:
Items 45 et seq. and Article 9 of the GDPR (Regulation No. 2016/679, known as the General Data Protection Regulation).
Articles 64 et seq. of the Law No. 78-17 of 6 January 1978, known as the French Data Protection Act, as amended, in particular, by Decree No. 2019-536 of 29 May 2019.
Article L. 1110-4 et seq. of the French Public Health Code.
Useful links:
CNIL:
https://www.cnil.fr/fr/le-rgpd-applique-au-secteur-de-la-sante
https://www.cnil.fr/sites/default/files/atoms/files/guide-cnom-cnil.pdf
Practical guide
You don't know how to answer, the keys for choosing
Do any health professionals have the right to access the personal data?
No, only my care team has access to my data because they are covered by professional secrecy (Article L. 1110-4 of the French Public Health Code).
- Among my care team, not all the caregivers have access to this information because they should only have access to what allows them to treat me.
- For example, my cardiologist does not need to know that I have brown spots on my face because they have no impact on my heart condition.
How is a care team defined?
Article L. 1110-12 of the French Public Health Code:
The care team is a group of professionals who participate directly for the benefit of the same patient in the performance of diagnostic, therapeutic, disability compensation, pain relief or loss of autonomy prevention actions, or in the actions necessary for the coordination of several of these acts, and who:
- Either work in the same health care establishment, in the armed forces health service, in the same social or medico-social establishment or service cited in I of Article L. 312-1 of the French Social Action and Family Code, or in the framework of a cooperation, shared practice or health or medico-social coordination structure appearing on a list established by decree;
- Or have been recognised as a member of the care team by the patient who addresses them for consultations and procedures prescribed by a doctor to whom he/she has entrusted his/her care;
- Or work in a group, including at least one health professional presenting a formalised organisation and practices that comply with a set of specifications established by an order of the Minister of Health.
Can my family and caregivers access my health data?
No, except in exceptional situations (emergencies and trusted person, safeguard and guardianship measures, abuse of minors, etc.), my family, my close relations and more generally the personnel excluded from my care team do not have access to my health data.