Transmission of health data to mutual insurance companies: the CNIL has spoken

Can supplementary health insurance bodies collect their customers’ medical data legally? This is the issue that the CNIL has recently looked into. The Commission has just made his report this Monday, November 14. For her, the texts relating to the question are imprecise and deserve an update.

Several hundred complaints

The referral follows several hundred complaints about “about fifty complementary health insurance organisations.” Clarification of the current rules by the organization seems to be a strong demand from the public. The majority of complaints relate to “patient follow-up, via prescriptions and medical prescriptions” and “the reimbursement of health expenses, in the form of specific codes, used within the framework of social security.

To rule on the merits of the case, the CNIL relied on the general data protection regulations (RGPD), the Data Protection Act and the professional secrecy inherent in this data. In principle, the use and collection of personal medical data is strictly prohibited, with some exceptions. Is the transmission of this information to mutuals one of them? The Cnil does not decide for lack of legal matter and evokes texts “too incomplete.“In the meantime, the conclusion is there:”OCAMs can use health data” but “the latter should affirm this possibility more clearly, by providing appropriate supervision and guarantees, given the sensitivity of this dataβ€œ, judges the Commission.

On the other hand, the Cnil recalls that these organizations are required to “respect the rules set by the GDPR“and not”process only the data they need to provide their services.

Two options for policyholders

Concerning medical secrecy, the Commission notes, there too, an inadequacy of the legal texts. If the information transmitted is covered by medical secrecy, it is necessary to request an exemption from the person concerned. A text of law must reinforce the legislative framework to support this request, insists the Cnil.

Pending an update of the texts, the CNIL adopts a clear position. For contracts called “responsible” mutuals, “transmissions can continue to take place.β€œOn the other hand, for everyone else,”the patient must either transmit the information himself to his OCAM, or authorize his healthcare professional to do so on a case-by-case basisβ€œ, judges the administration.

Following this insight, the CNIL wrote to the OCAMs and the Ministry of Health to request the adoption of a law on the issue, in order to clarify the current texts, “guarantee the privacy of individuals and ensure the legal security of health professionals and mutual insurance companies.

Advertising, your content continues below

Related Articles

Back to top button