Publication of the reference framework on health data warehouses by the Cnil

The French National Commission for Information Technology and Civil Liberties (CNIL) has just published a detailed set of security requirements for health data warehouses. In particular, it specifies the expectations in terms of project partitioning, workstation control, traceability and verification of results file outputs.

The CNIL states in its deliberation that “the principles and measures set out in this reference framework can be applied to all health data processing of the same nature (editor’s note: health data warehouse), regardless of their legal framework”. This reference framework is the result of a major effort that clearly sets out a security and data protection framework for the growing number of innovative developments involving health data, which are sensitive within the meaning of Article 9 of the GDPR.

The CASD, designed specifically for the processing of sensitive data to ensure end-to-end security thanks to its secure bubble system and access boxes, was already applying the technical and organisational measures required by this new standard. This will simplify the compliance procedures for healthcare projects that go through the CASD.

[Learn more]