CNIL Issues Data Protection Guide for Health Professionals

Alain Bensoussan

French data protection authority, the CNIL, recently published a Guide for Heath Professionals (Guide des professionnels de santé), available online (view here in French).

The first pages of this Guide remind the core principles of the French Data Protection Act, the missions of the CNIL and the role of data protection officers (“CIL”).

The second part is divided into practical, easy-to-read fact sheets designed to give health professionals the basic information and guidelines they need when processing personal and health data.

Key issues dealt with by the Guide’s fact sheets include:

– Use of health data and disclosure to third parties;
– Access to medical records;
– Security of data processing;
– Use and security of the e-mail system;
– Health data sharing;
– Health data hosting;
– Medical research;
– Medical cards (social security card, health professional card)…

The purpose of the Guide is essentially to educate and raise the awareness of health professionals by giving a comprehensive overview of the obligations they have to comply with when collecting and processing personal data.

It is also the occasion for the CNIL to take stock and provide clear information on IT-related issues to industry players increasingly faced with the computerization of the healthcare system (personal medical record, pharmaceutical record, development of telemedicine and networks of health professionals…).