On 19 November 2016, Decree No 2016-1545 concerning the creation of “shared medical records” (SMR) for the processing of personal data by the National Health Insurance Fund for Employees (CNAMTS) came into force. The decree sets out the categories of personal data that can be processed for SMR purposes: (i) SMR identifier, (ii) national health insurance beneficiaries’ data (contact details, compulsory health insurance organisation), (iii) SMR holders’ related data (particularly, SMR creation or termination data, and data on persons with authorised access to the SMR), (iv) records of access by authorised health professionals, and (v) data necessary for the SMR deployment and implementation.
The decree sets out implementation criteria for the processing of personal data, entrusting the CNAMTS with setting up a correlation table between the individual national register number of the SMR holder and the national health identifier by 31 December 2017. The decree also identifies SMR recipients and sets out rules for the conservation of SMR data, as well as for the right of access to, rectification and suppression of SMR data by the SMR holder. Importantly, the opinion issued in July by the National Commission on Informatics and Liberties (CNIL) in favour of the draft of the decree that was published in parallel to the decree itself.
The creation of SMR aims to encourage prevention, quality, continuity and coordination of patient care by providing healthcare professionals and institutions with access to a digital file containing patients’ medical records. It became operational upon publication of various decrees earlier this year, in July and October.
A prior version of this post was originally published by the same authors in Practical Law – Life Sciences, December 2016 Issue (Thomson Reuters).
This post was originally authored by Patricia Carmona Botana.