GDPR and Health, Versusconsulting expertise

Thanks to our knowledge of the specificities of the healthcare sector and the challenges of the patient path, we have developed adapted solutions to accompany you in your compliance with the General Data Protection Regulation

GDPR challenges & Health

The GDPR is a demanding law for the protection of personal data, giving the latter a very broad definition.

In this generalised context of personal data protection, health data have in no way been trivialised.

On the one hand, for the first time at European level, a law gives a harmonised definition, thereby strengthening their specific nature.

Recital 35 Personal health data should include all data relating to the health status of a person concerned which reveals information on the past, present or future physical or mental health of the person concerned.

On the other hand, health data are categorised as sensitive data, which signifies their particular vulnerability and their "a-commercial" character. Health data are strictly identified as a medium with a specific medical purpose and are subject to a general principle of prohibition of processing, except in the case of restrictively defined requirements, and only with the consent of the persons concerned:

Safeguarding the vital interests of the person concerned or of another natural person in the event that the person concerned is physically or legally incapable of giving his or her consent.

Preventive medicine or occupational medicine, assessment of a worker's capacity to perform work, medical diagnosis, health or social care, or management of health care or social protection systems or services or under a contract concluded with a health professional and subject to secrecy.

Reasons of public interest in the field of public health, such as protection against serious cross-border threats to health or guarantees of high quality and safety standards of health care and medicines or medical devices.

Scientific research.

It is up to healthcare providers to increase their vigilance. Increased responsibility of individuals for the use of their personal data, introduced by the GDPR, has made it possible to remove the need to apply to the regulatory body for prior authorisation for processing shared medical records, telemedicine or therapeutic education devices.

However, constraints remain. The challenge of compliance where applied to health data is to adopt a methodology that enables appropriate identification of the purpose of the data collected and the duration of its storage, in order to adapt the right level of protection.

For more information, download our white paper

To download it, please give your e-mail address.

Versusmind SAS, for its brand VersusConsulting, collects your data to process your contact request.

The requested data is needed to meet your request. ; they will be kept for three years to ensure follow-up.

The information transmitted is reserved for the exclusive use of Versusmind, for its brand Versusconsulting, and will under no circumstances be communicated to third parties.

In accordance with the French Data Protection Act, you have the right to access, rectify and delete your data.
As of May 25, 2018, in accordance with the General Data Protection Regulations, you will have the right to delete your data.

You may also object, for a legitimate reason, to the use of your data. You alone can exercise these rights to your own data by writing to : Versusconsulting chez Versusmind, 20 rue Isabey, 54000 Nancy or, especifying "Right of persons" in the e-mail subject line and enclosing a copy of your proof of identity.