E-Health: new “health data warehouse” guidelines coming soon


The French National Commission for Information Technology and Civil Liberties (CNIL FRANCE) has launched a consultation on a project of reference for the creation of health data warehouses. This consultation is available until April 2, 2021.

In order to assist professionals in their GDPR compliance, the CNIL wishes to gather the opinions of private public actors wishing to create a health data warehouse as part of a public interest mission. This consultation will enable the CNIL to establish a new reference system.

A health data warehouse is a large database intended for the reuse of health data from several sources for several study, research or evaluation projects. These data are stored in a single, massive file that is intended to be kept for a long time.

The creation of such a repository requires the explicit consent of the patients involved in the collection, recording and storage of health data. If the explicit consent of the persons concerned is not obtained, the processing relating to the creation of the warehouse must be the subject of a request for “health” authorization (excluding research) from the CNIL and the purpose pursued must be of a public interest nature.

In all cases, a data protection impact assessment (DPA) must be carried out by the data controller. This analysis must then be sent with the application for authorization to the CNIL.

Once it has been compiled, the re-use of this data in the context of a research project must be carried out in accordance with the provisions relating to research and be the subject of a commitment to comply with a reference methodology (simplified procedure) or, in the absence of compliance with one of these guidelines, an application for research authorization.

With this new reference[1] system, the processing operations that comply with it (adopted after the consultation) will be able to declare their compliance to the CNIL and will no longer be subject to the authorization procedure.

The processing operations that do not comply with it will have to justify their deviation from the standard in order to obtain an authorization.

Our UGGC law firm and its team of lawyers specialized in digital and health law are at your disposal to assist you in protecting your legal and economic interests.

By the IP/IT team of UGGC Law Firm

Source : CNIL

[1] As a “flexible” regulatory instrument, a reference framework is intended to give organizations greater legal certainty. It is drawn up in consultation with the stakeholders concerned and can update the old reference frameworks adopted before the RGPD came into force, such as the single authorizations (UA) and the single regulatory acts (RU).

UGGC's Intellectual Property team involved in the IP DAY

For the past twenty-one years, every April 26, World Intellectual Property Day has been held, organized by WIPO.  This day is intended to raise awareness of the general public to…

The CNC temporarily allows films to be screened outside the movie theater

On Thursday, April 1, 2021, the Board of Directors of the CNC voted to allow certain films to be shown without being released in cinemas. Unlike the measure taken a…

French media exploitation chronology: the timetable for the definition of new rules is not suspended

On 21 December 2020, the French Council of State (Conseil d’Etat) imposed that “television channels and video-on-demand platforms define together a new media exploitation chronology for films released in theatres”,…