Alex Türk: "Deploying effective security solutions"
Points of view | 21 Jun 2010
The view of Alex Türk (CNIL)
Everyone recognizes that sharing health data among a growing number of stakeholders helps to improve the quality of healthcare and control costs. However, as this information contains intimate details of people's private lives, it is essential that data is protected even more robustly.
The rights of patients, as defined by law, can only be exercised effectively if security is guaranteed
As the authority charged with the protection of personal data, the commission has been involved in developing shared electronic health records from the outset. That’s why we have supported all the definition and implementation phases of the electronic health record (DMP), and authorized the widespread introduction of the pharmaceutical record (DP) and the GP website “Web médecin”, after assessing the developments in each project. We are also involved in the approvals procedure for health data hosting.
On several occasions, the commission has had the opportunity to remind stakeholders of the conditions which, from our point of view, are necessary for the development of health information systems.
For this reason, as well as defining a stable legal framework, the evolution of e-health means the deployment of effective, high-quality security solutions is a priority. The commission has always been extremely vigilant in this respect.
Respecting the rights of patients
It is also important that patient identification is reliable, unique and continuous when health data is exchanged. However, the question of selecting this identifier is particularly delicate…
The CNIL also pays special attention to ensuring that the rights of patients are exercised, and that explicit and informed consent is obtained, particularly when patient data is shared. In accordance with the provisions of the law of 6 January 1978, modified in 2004, the information provided to patients must be clear, complete and given in advance, to enable them to fully exercise their rights, and particularly their right to access medical data.
The needs of both healthcare professionals and patients must be taken into account because their commitment is vital.
Lastly, we must refrain from looking at these issues from a purely national perspective. At a time when data has become globalized, the European authorities must define and impose international standards for health data, which are as close as possible to the European model, and offer the greatest protection.
Since ASIP Santé was set up, the CNIL has developed a constructive, well-ordered working relationship with the agency, notably by participating in the steering committee for the national health identifier, the approvals committee for health data hosting and the working group on patients' rights. The commission can see only advantages in developing this cooperative partnership.
All of this will enable the two agencies, each within its respective assignments, to work in concert on the development of health information systems that comply with the principles of the French data protection act.
Alex Türk, President of France's data protection commission (CNIL)