CNIL published guidelines on data protection in the health sector

In June 2018, the CNIL, Commission Nationale Informatique & Libertes, published guidelines for the protection of personal data in the health sector. In particular, the French Data Protection Authority (DPA) provides professionals in the health sector with tips to comply with the EU Privacy Regulation 2016/679, GDPR:

  • limit the information collected to what is necessary for the treatment of patients;
  • keep a record of treatments;
  • delete patient data after the maximum retention period (20 years);
  • take appropriate security measures;
  • provide information to patients on the treatment of data.

The CNIL also circulated a model of information and record of treatment.

Guide Pratique Sur La Protection Des Données Personnelles is available (in French) at https://www.cnil.fr…

 

Originally published on Technethics on July 2018

Leave a Reply

Your email address will not be published. Required fields are marked *