Our smartphones, connected objects and all digital terminals collect information in huge quantities. This is what is known as big data. This content is analysed and interpreted by algorithms whose power is growing at an impressive rate. And health data has a precious value, particularly for research, anticipation of crises and emergencies, but also at cruising speed, for prevention and individual monitoring of people. Anyone who has access to this sensitive content can, for example, multiply studies that would not be socially acceptable, or even discriminate against certain people whose state of health is known. It is therefore necessary that the massive processing of these data should not allow discrimination against individuals.
What is health data
As a healthcare professional, you receive, store and collect information about your patients. This information that you collect is considered as personal health data.
Health data is special personal data as it is sensitive data. As such, it is subject to specific protection in order to ensure its integrity, confidentiality and proper use. There are two uses attributed to health data, as Dominique Polton, President of the National Institute for Health Data, explains. The first is a truly individual use concerning care as such. So that patients are taken care of in the most optimal way. This is personal data, which is shared between the patient and the healthcare system. The second use of this sensitive content is for research and system management. To do this, these same data, which are then nominative, go through a pseudonymisation process, thus constituting a data base necessary for this second purpose.
In practice, this may involve :
- Identification data such as surnames, first names, addresses or telephone numbers…
- Information on the patient’s personal life: social security coverage, marital status, number of children, etc.
- Information about the patient’s health: pathology, diagnosis, prescriptions, care (etc.)
- Information obtained during tests or examinations,
- Any professionals involved in the patient’s care…
Protecting health data
The Covid-19 health crisis has highlighted the importance of secure and, above all, sovereign management of our health data, thanks, among other things, to the digital transformation reinforced by the exponential growth of telemedicine. A real “digital gold”, the numerous cyber attacks against health establishments during the pandemic only confirm this now crucial security issue.
The General Data Protection Regulation (GDPR)
The GDPR defines personal data as any information relating to an identified or identifiable natural person. Its aim is to be the reference text within the European Union on the protection of personal data. It also aims to harmonise the legal landscape relating to data protection, in order to homogenise their framework within the 27 Member States.
In order to comply with the GDPR regarding health data, professionals are advised to :
- Inform their patients, by providing them with information about the processing of their data. This can be done through a tracking software or in a paper file. This can take the form of a poster in a waiting room for example. This patient information must be delivered in a “concise, transparent, comprehensible and easily accessible” manner.
- With the entry into force of the RGPD, the declaration of your file to the CNIL is no longer necessary.
- Securing your patients’ data is now a crucial issue. This sensitive content must be protected against unauthorised or illegal access, deletion, loss or damage. A secure backup solution is therefore essential
Some time after the implementation of the GDPR, health care institutions are confronted with the new regulation on the hosting of health data. These were two complementary reforms for which the entry into force of the HDS certification served as a compliance tool for the data controller concerned. This Health Data Hosting (HDS) certification defines the scope of the procedure, the transition period between approval and certification, and the various criteria to be met in order to host health data. Would you like to know more ? Do not hesitate to consult our article on HDS certification and find out more about our qualifications and certifications.
Building a trusted environment for health data
The exponential growth of e-health is no longer a matter of debate. Although already seriously underway, the Covid-19 pandemic has brought telemedicine to the forefront, thereby increasing tenfold the sharing of sensitive content between doctors and patients, but also between the various public or private healthcare structures.
Choosing a sovereign cloud player for the secure management of this sensitive content, i.e. subject to European regulations and legislation, is essential. In particular, this makes it possible to strengthen the security of the data collected, transmitted and shared. Secondly, since this data is so-called sensitive content, it should be given the level of security that it requires by its type.
The Health Data Hub
The origins of the Health Data Hub
The National Health Data System (SNDS) was created 5 years ago, in 2016. It symbolises a considerable advance in terms of analysis and improvement of the population’s health. Behind the establishment of this system is the desire to make public access to health data collected by institutions. The aims are to contribute to :
- The implementation of health policies,
- Information on health,
- Health security monitoring,
- Innovation (in terms of health and care)
- Information for health professionals and institutions
- Knowledge of health expenditure
The Health Data hub has been designed to enrich the SNDS and harmonise it with the principles of the General Data Protection Regulation (GDPR). The HDS data, anonymised, will come from heterogeneous sources such as public or private health establishments, private doctors, etc. For the time being, the data collected by the National Health Data System remains partial, as only the data from the Assurance Maladie and hospitals are available.
The Health Data Hub wishes to facilitate interactions between health data producers, users and citizens. This is made possible by supporting innovative projects in the health sector and by sharing with the various players in the sector.
Where do we stand today?
On Friday 19 February 2021, the Assurance Maladie opposed the choice of Microsoft as the hosting platform for the Health Data Hub. More precisely, “The legal conditions necessary for the protection of this data do not seem to be met for the entire main database to be made available to a company not subject exclusively to European law (…) regardless of the contractual guarantees that could have been provided“, wrote this body in a deliberation adopted unanimously by the members who took a position.