On July 1, 2011, the French Data Protection Authority (the “CNIL”) released a comprehensive handbook for health professionals (the “Guidance”). The Guidance reiterates that health professionals (e.g., doctors, nurses, hospitals, research laboratories) have an obligation to comply with the French Data Protection Act when collecting and processing health data on patients.
The Guidance is divided into twenty chapters, each dealing with a specific topic about health data, including:
- Access to medical files
- Social security number
- Personal medical files
- Pharmaceutical files
- Health data sharing
- Health data hosting
- Medical research
- National health identifiers
- Health prevention and monitoring
- Online selling of drugs and health-related products
- Notification to the CNIL of health processing activities
Each chapter provides a summary of the applicable data protection requirements, including what health professionals should and should not do when processing patients’ health data. The Guidance also includes several templates for professionals and patients, including notice forms, confidentiality clauses and data access requests.