Secteur de la santé

L'entrée en vigueur de l'IA Act ne doit pas être vue comme une contrainte supplémentaire mais comme une extension naturelle du RGPD, particulièrement dans le secteur de la santé où les systèmes sont souvent classés à haut risque. La réussite de cette double mise en conformité repose sur l’AIPD, pivot central permettant d'intégrer la transparence et la supervision humaine. Grâce à Adequacy, cette interopérabilité réglementaire devient un levier d'innovation éthique et de gain de temps opérationnel.

Discover the questions asked during our webinar “How to frame the reuse of health data?”. Led by Calixte Descamps (Adequacy) and Valentine Chauveau (Aumans Avocats), it provides concrete answers on legality, health data warehouses (EDS) and the AI Act to ensure your GDPR compliance. The replay and the PPT support are available to deepen these issues.

The use of health data for research purposes is based on a complex regulatory framework, between the RGPD, the Data Protection Act (LIL) and the recommendations of the CNIL or the ANS. To secure your projects, it is imperative to correctly qualify the actors (data controller or subcontractor) and to choose the appropriate legal regime: internal studies, research subject to reference methodologies (MR) or constitution of a health data warehouse (EDS). This guide summarizes the compliance obligations to navigate peacefully in this ecosystem that is changing with the arrival of the EHDS.

The Digital Omnibus project aims to harmonize the GDPR and the AI Act to simplify the reuse of health data and promote medical innovation in Europe. By clarifying the identifiability of pseudonymized data, this reform could transform research practices while requiring strengthened governance.

The reuse of health data is a crucial innovation driver, especially for research, the improvement of care and the development of AI tools. However, this process is strictly regulated by the RGPD, the Public Health Code and the CNIL doctrine. Before any project, it is imperative to validate 8 essential prerequisites that condition the legality and conformity of subsequent processing. From the qualification of use (primary vs secondary) to HDS hosting and the requirements of the AI Act, a methodical and rigorous approach is the only guarantee of innovative, controlled and sustainable use.

Entre référentiels CNIL, méthodologies de référence et guides pratiques, les professionnels de santé disposent de nombreux outils pour appliquer le RGPD efficacement — encore faut-il savoir lesquels suivre, comment les articuler et les adapter à leurs traitements de données sensibles.

Setting up a health data warehouse requires strict compliance with the RGPD and the CNIL standard, based on clear governance, comprehensive documentation and high security measures. The DPO is the guarantor, ensuring transparency and compliance at each stage of the project.

The European Health Data Space (EHDS) complements the GDPR by harmonizing access, exchange and reuse of health data at the EU level, in order to improve care and stimulate innovation. For DPOs, this means a strengthened role in governance, security, compliance and ethics, with new practical obligations (audits, AIPD, documentation, cooperation with authorities).

Health data is one of the most sensitive types of data. Its processing requires a strict GDPR framework, solid legal bases, and rigorous governance. Read our article to discover the keys to staying compliant and securing your projects.

Healthcare Reference Methodologies (MR): Master CNIL rules and secure your processing operations. Learn about the seven MRs and their conditions of use.

Le secteur de la santé a une carte à jouer dans la mise en conformité RGPD. Découvrez comment la version 4.5 d'Adequacy facilite la gestion des données personnelles avec des modules innovants, notamment pour la revue des contrats. Optimisez votre conformité RGPD grâce à nos nouvelles fonctionnalités.