New Health Data Reference by CNIL

New Health Data Reference by CNIL

Le

Who are the research data collection authorization requests addressed to?

The grant criteria for a health research authorization stated in the article are general and apply to all research that involves the collection, processing, or storage of personal data for research purposes. However, it is important to note that some types of research, such as research on human subjects, research involving genetic data, or research involving vulnerable populations, may require additional and specific data protection and research ethics requirements. In these cases, it is important for researchers to comply with applicable legal and ethical requirements and take into account the specific needs of the populations concerned.

What the CNIL proposes

The National Commission on Informatics and Liberties has published a resolution on the availability and processing of the general beneficiary sample (EGB) and themed databases called datamarts of the National Health Insurance Information System (SNIIRAM), and it has established a new health data reference.

The resolution was taken in accordance with Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 on data protection, the public health code, the law No. 78-17 of 6 January 1978 as amended relating to information technology, files, and liberties, and resolution No. 2020-072 of 16 July 2020.

The general beneficiary sample (EGB) is a random sample of two percent of individuals whose data appears in the SNIIRAM. It contains the following SNIIRAM information:

Logiciel RGPD

the inter-regime consumption datamart (DCIR), also known as the “individual beneficiary database”;

data contained in the medicalization of information systems program (PMSI) on the fields of medicine, surgery, obstetrics and dentistry (MCO), rehabilitation and aftercare (SSR), medicalized information collection in psychiatry (RIM-P) and home hospitalization (HAD).

Aggregate data themed databases called “expense monitoring-oriented datamarts” (DAMIR) or “care offer analysis” (AMOS), as well as biology and pharmacy dashboards are also established from the SNIIRAM.

New health data reference

The resolution aims to replace the reference governing the availability of data from the EGB and themed databases called datamarts of the SNIIRAM established by resolution No. 2020-072 of 16 July 2020.

Treatments eligible for a single approval issued by the Health Data Platform are treatments implemented for research, study, or evaluation purposes in the field of health, justified by the public interest, and for which only access to ESND data and/or datamarts and dashboards of the SNIIRAM is necessary.

Access requests to ESND data and datamarts are submitted to the Health Data Platform and must include several elements, including the justification of the public interest, declarations of interest of the data controller and research laboratory or study office, as well as compliance of the processing registration and transmission of results to the methods defined by the HDP.

Data controllers must set up a transparency portal containing general information on the SNDS, as well as a specific information note for each study.

The HDP annually provides important information on the health of the French population. The data collected in this context allows for the conduct of epidemiological studies, monitoring the evolution of certain pathologies, evaluating the effectiveness of public health policies, and setting up prevention programs adapted to the needs of the population.

For example, the HDP can measure the prevalence of certain chronic diseases such as diabetes, hypertension, or obesity, monitor the evolution of vaccine coverage, detect flu or gastroenteritis outbreaks, identify risk factors for certain diseases such as cancer or cardiovascular diseases, or monitor the population’s exposure to toxic substances.

DPO Partagé
DPO Partagé
Looking for a DPO? Entrust your mission to DPO PARTAGE - Contact us at +33 (0)7 56 94 70 90 or by email at contact@dpo-partage.fr. DPO PARTAGE is the leader in DPO services for health and sensitive data.

Intéressant ? Partagez-le !

Newsletter

Audit gratuit Conformité RGPD

spot_imgspot_img

A ne pas manquer !

Encore plus d'actualités
Informations RGPD

Xerox Corp is reportedly the victim of a major cyberattack.

Xerox Cyberattack by Incransom : on December 30, 2023,...

Turning GDPR Compliance into Competitive Advantage: Unveiling the New Guide for American Enterprises

In a world where data protection and regulatory compliance...

Web Analytics and GDPR Compliance: How Website Hosts Can Adhere in France

Web Analytics and GDPR, CNIL's Position: Website hosts using...