The National Commission for Informatics and Freedoms (CNIL) has just published its 2021 activity report. The health sector plays an important role in this.
Last year, the health and social sector represented ” 15% of processed requests and 8% of complaints These, 14,143 numbers, are 4% higher than last year.
The impact of the Covid-19 crisis
† The pandemic sparked complaints about the data stored or not in the health card, the Covid tests offered in schools or the desire of certain employers to monitor the health status of their employees who remained in work. “What Made the Data Agent Remind Everyone of Their” obligations » (cf. « If we have to present a health document ten times a day, buy a baguette or do sports, we have not regained freedom »).
Data increasingly at risk
The CNIL underlines the explosion of reports of data breaches, following the ” very strong growth in computer attacks, especially from ransomware “. These reports, an increase of 79% compared to the previous year, concern ” special » the health sector.
As following the theft of the data of more than a million French people (cf. data theft at AP-HP: the hacker wanted to “show it’s easy”), the organization has worked diligently ” “30 new audit missions” on health data security (medical analysis labs, hospitals, service providers, health data brokers, health professionals) “.Procedures” still in study ” For some.
Private sector sanctions
These checks sometimes lead to fines. the editor dedalus biology had thus been fined 1.5 million euros for ” security flaws which had led to the leakage of the medical data of 500,000 French patients (cf. the health data of nearly 500,000 French patients disseminated on the Internet). in 2021, “ 135 reminders and 18 sanctions » resulted in a « cumulative amount of never reached fines of more than 214 million euros †
And for the government?
It is also the responsibility of the CNIL to support the government. † To substantiate its decisions, it responded to 22 parliamentary hearings and issued 121 opinions on bills and decrees. 16 of these opinions related to data processing in the context of the fight against the COVID-19 epidemic† » (cf. Vaccination pass: the Cnil asks for a scientific evaluation).
The CNIL claims to have been involved” in strengthening the EU’s digital sovereignty “. Especially in a context where the ‘Schrems II’ judgment of the Court of Justice of the European Union, which invalidated the framework for data transfers from the European Union to the United States, had important implications for data regulation Include health data (see A framework for a European health data space).
Sources: CNIL, CP (05/11/2022); The Doctor’s Daily Life, Loan Tranthomy (11/05/2022)