A CNIL guide for health research authorizations

The Commission nationale de l’informatique et des libertés (CNIL) has just published a new guide to prepare an application for authorization for health research.

It will greatly facilitate the work of researchers wishing to work on such data. The guide takes up one by one all the questions that researchers may ask themselves before making an application and allows them to prepare their file in the best possible way: eligibility for a reference methodology – and what to do in case of deviation from these methodologies -, the need for a data protection impact analysis (DPIA), criteria for granting authorization, etc.

Each essential point of the RGPD and the Data Protection Act is reviewed in relation to health research: determination of the data controller, purposes, legal basis, minimization, information to individuals, etc., up to the technical security elements.

On this last point, the CASD is cited as providing a secure end-to-end research environment. In particular, it is not necessary for the end-user to certify his or her IT environment to the Référentiel de sécurité des données de santé when processing data from the Système national des données de santé (SNDS). This is a particularly costly process for the user institutions concerned.

[Learn more (in french)]