A decree approves the "National health identifier" standard

[ad_1]

The use of the INS allows patient identification, and this number is necessary for the deployment of digital health services, we recall. The law of January 26, 2016 provided that the NIR constitutes the health identifier of people cared for in the health and medico-social fields.

From 2021, all health data must be referenced with the INS and the user’s identity features, as known in civil status.

The INS standard published in the Official Journal on Saturday specifies the legal and technical conditions required for the referencing of health data via the NIR.

"The development of digital services in the fields of health and medico-social can only become effective if the legal, organizational and technical conditions required to create and maintain the trust of the actors who use them are implemented", underlines the text.

Only health and medico-social actors contributing to the care of the user, to the medico-social monitoring of the person, or carrying out prevention actions, are required to use the INS.

They may have recourse to a third party as a subcontractor, as governed by the "Data Protection" law, revised in June 2018 for the implementation of this obligation.

"Outside this circle of trust, the use of the INS is prohibited, except for actors with a specific legal basis," he also said.

An application decree published in March 2017 detailed the terms of use of this NSI in order to "reference the health data and the administrative data of any person benefiting or called upon to benefit from a diagnostic, therapeutic, prevention act, pain relief, compensation for disability or prevention of loss of autonomy, or interventions necessary for the coordination of several of these acts. "

"The controller of health data processing is required to comply with the European regulations on the protection of personal data, the data protection act of January 6, 1978 and, where appropriate according to his legal status, the general policy for the security of computer systems. health information (PGSSI-S), the information systems security policy for the ministries responsible for social affairs (PSSI MCAS) and the rules applicable within the framework of the general security reference system (RGS) ", is it illustrated in the text.

"In addition, specific rules can be defined according to the purpose of the health information system (patient file, telemedicine device, etc.) in which the referencing of health data is carried out with the INS", also emphasizes the decree.

Compulsory compliance postponed to 2021

Originally scheduled for January 1, 2020, compliance with the new rules for all healthcare stakeholders has been postponed to 2021.

A decree published on October 10, 2019 modified that of 2017 to align it with the provisions of the general European regulation relating to the protection of personal data (RGPD), which came into force in May 2018, and with the law "Informatique et Libertés" as revised in June of the same year.

As a reminder, the new text has strengthened the security rules in the care and protection of data, it has also added to the public health code the possibility of having recourse to the INS for authorized research purposes in the conditions provided for in Title II of the Data Protection Act for the processing of personal data in the health field.

The teleservices implemented by the National Health Insurance Fund (Cnam) must also allow health professionals and establishments to access the NIR and "verify its accuracy" in compliance with this standard in accordance with the notice of the National Commission for Data Protection (Cnil).

The implementation of pilots integrating the Cnam teleservices is planned for "early 2020" with "about twenty" health structures and their respective publishers.

(Official Journal of December 28, 2019, text 41)

[ad_2]