The French Health Data Hub becomes reality

Healthcare 4 min
December 5, 2019

The French Health Data Hub was born officially with the publication on 30 November 2019 of a ministerial decision (arrêté).

More precisely, this ministerial decision approves a rider to a previous convention that created the INDS (Institut National des Données de Santé, the National Institute of Health Data), since the Health Data Hub (in French “Plateforme des Données de Santé”) is the successor of the INDS.

The Health Data Hub is aimed at boosting and facilitating the use of available health data for research projects, by both private and public entities. In the era of artificial intelligence, the Health Data Hub will create new opportunities for stakeholders in the health sector. The legal framework with the requirements and procedures to be followed in order to access to and use the SNDS data result both from the French Data Protection Act which completes the GDPR, and from the French Public Health Code, as amended by an Act of 24 July 2019 (“Loi Santé”). They are designed to ensure the security and the protection of personal data.

The Health Data Hub was given in particular the following missions:

  • Gathering, organizing and making available the data of the National System of Health Data (SNDS – Système National des Données de Santé):

France has very rich medico-administrative health databases gathered within the SNDS and made available for research and studies to both private and public entities. The data is pseudonymized and remains personal data in the meaning of the GDPR. These databases will be supplemented in the future with additional sources of data notably clinical data. Access to and processing of the SNDS data is in most cases subject to an authorization by the French Data Protection Authority (the CNIL) following the opinion of a dedicated ethical and scientific committee (currently named the CERESS and in the future CESREES). In some cases a simplified procedure such as a “reference methodology” can be used and in this case a CNIL authorization is not required.

  • Informing patients, promoting and facilitating the exercise of their rights and notably their right to object:

As with any research based on pre-existing data collected from patients, transparency and exercise of rights of data subjects is key, given that the data of the SNDS is pseudonymized (not anonymized).

  • Assessing the “public interest” criteria of the research project:

The French Data Protection Act and the Public Health Code make the access and use of the SNDS subject to the requirement that the research be of “public interest”. This public interest criteria is not defined by law and has been construed by a doctrine elaborated by the former INDS. Research projects by the private sector having a commercial purpose can have a “public interest” under this doctrine, provided that some conditions are complied with, notably in terms of transparency. Once the new committee, the CESREES, replacing the current CEREES will be operating, the mission of assessing the public interest of a given project will be transferred to this committee and will no longer be the task of the Health Data Hub.

  • Contributing to the elaboration by the French Data Protection Authority (CNIL) of standards and reference methodologies, and to facilitate the making available of sets of health data presenting a low risk of impact on privacy:

As indicated above, compliance with standards and reference methodologies of the CNIL can avoid having to request an authorization. The Health Data Hub will play a role in the elaboration of these texts.

  • Performing operations, such as extraction of data sets from the SNDS, notably when the processing authorized by the CNIL involves the use of data sets from other sources:

The SNDS is a very powerful tool for researchers who can match the extracted data with data from external sources, with the assistance of the Health Data Hub.

Written by
Ariane Mole
Ariane Mole
I am a partner and co-head of Bird & Bird's International Data Protection Group. Thanks to many years of experience dedicated to data protection, I can provide innovative and practical solutions to clients around the world. In my role as co-head of our International Data Protection Group, I have extensive GDPR expertise and I assist clients through the twists and turns of local law divergences, so that they can reach global compliance and find practical solutions.
Dora Talvard
Dora Talvard
My work is focused on the life sciences and healthcare sectors. I advise clients on a broad range of regulatory aspects. I work hand in hand with the intellectual property, data protection, commercial and corporate lawyers of the firm to provide clients with tailor made advice and solutions.

Related articles

Bird & Bird: Setting a gold standard in meeting cannabis regulation
Medical Cannabis Network speaks with Bird & Bird’s Ben King and Sally Shorthose about the importance...
Australian Courts apply “European Support” test to find key Wyeth’s Prevnar 13 patent invalid
In the recent decision in the Australian front of the Prevnar 13 patent litigation, Merck...
Australian Export Legislation Amendments Smooth the Way for Cannabis Export
The Export Control Legislation Amendment (Certification of Narcotic Exports) Bill 2020 (Cth), which passed...