Electronic health records Dossier Mdical Personnel DMP The

Electronic health records « Dossier Médical Personnel » (DMP) The French case Isabelle Falque-Pierrotin Commissioner, CNIL European Conference of Data Protection Commissioners Larnaka, Cyprus – 10 May 2007

Main features of “DMP” 1. Creation by the law 2. The three purposes of “DMP” 3. The central role of “hosts”: “DMP” will be hosted on, and accessible through the Internet 4. The patient’s consent is central in the scheme 5. The patients’ rights were carefully drafted 6. Discussion on the choice of the patient’s identifier 7. Involvement of CNIL throughout the process 8. Security features 2

Creation by the law 1. Act of 13 August 2004 reforming the French health insurance system 2. Act of 4 March 2002 on patients’ rights 1. Granted patients a direct right of access to medical file 2. Consecration of the online hosting of e-health data 3. CNIL acknowledged an “important public interest” (Art. 8 -7° Directive 95/46) 3

Three purposes: 1. To ensure the coordination, quality and continuity of healthcare 2. To improve the sharing of health data, under the patient’s control, in particular with regard to confidentiality and in accordance with the patient’s individual data protection rights on his health data 3. To reduce the number of unnecessary medical tests or visits through the joint implication of health professionals and patients 4

Central players: the “hosts” (“hébergeurs”) • Specific accreditation procedure by the Minister of Health (CNIL involved in process) – 6 consortia accredited now • One of the hosts will have a key role in charge of a public mission to provide DMPs – Common technical framework • Subjected to the duty of medical secrecy • Host/patients relationship regulated by contract 5 5

Patient’s consent • Creation of DMP subjected to patient’s consent • The patient may choose the health professionals who may read/write in his/her DMP • But the level of reimbursement of health expenses will be subjected to the creation of a “DMP” and to its access by health professionals 6

Patient’s rights • Right of direct access to the content of the DMP • Right of direct access to log data – Who had access, when, to what… • Right to register information in specific zones • Right to choose the professionals having access – In reading only, in writing, etc. • Right to hide information (“masquage”) – Better acceptability by patients – Right to hide the fact that specific information was hidden (“masquage du masquage”) • Right to extensive information 7

Patient’s identification : SSN or not? • Important public debate in early 2007 • The French SSN (“NIR”) is a very specific type of data under French law – Provides gender, year, month and place of birth – CNIL has a power of prior authorisation or prior opinion on all data processing implying use of NIR • CNIL requested the creation of a specific identifier – Identifier generated from NIR, transcoded through a process of anonymisation : creation of a new identifier in the health sector 8

Involvement of CNIL throughout the process • Health minister promised to follow all CNIL’s recommendations on the DMP • Major opinion issued on the draft Act implementing the DMP (10 June 2004) • CNIL member of the accreditation committee of “hosts” • 1 June 2006: CNIL authorises try-outs • CNIL working group issues recommendations on the choice of the identifier for the DMP • April 2007: CNIL carries out inspections on the premises of all accredited “hosts” to check security measures 9

Conclusions from experimental period • Experimental projects in 13 regions and 17 pilot sites • Pilots authorised by CNIL in 2006 • After auditing these projects, CNIL insisted on: – Strong and reliable authentication of the person having access to DMP (patient or health professional) – Encryption of data in the DMP, and not only when data transferred (health and administrative data, when linked) 10

What perspectives for the DMP? • DMP delayed until 2008. Why? – Complex and costly to implement – Fundamental need of public debate – Legal claims • General concern about control of public expenses • Important security issues remain (cf. CNIL inspections) CNIL will follow up closely on this issue 11

Commission nationale de l’informatique et des libertés 8, rue Vivienne CS 30223 75083 PARIS cedex 02 Tel : 00 33 1 53 73 22 22 http: //www. cnil. fr 12