France: files of patients divulged on the Internet

Publié le : 28 March 2013

 Recently, a young mother, hospitalised four years ago in Marseille (AP-HM), came across her medical file on the Internet. And this is not an isolated case. In February, "without the patients noticing it, data from the Foch hospital in Suresnes and the Pôle de Santé du Plateau, which groups the clinics of Clamart and Meudon (Hauts-de-Seine), were also found on the Internet […]. In each case it was due to human errors or negligence, not malevolence," and "other cases may come to light." A paradox, the journalist points out, since the health sector is bound to respect the confidentiality of patients’ data.

The article describes a case in point: in Marseille, "doctors wanted to launch a study on premature babies and needed to share the data with other maternity units." But "faced with the absence of response from the management to obtain a secure server to store these data, they turned to a service-provider which used an Internet hosting site that was not approved by the Ministry of Health, which lays down strict security rules.
These security rules have existed for ten years and "the obligation to use one of the forty-seven health data hosting sites approved by the Ministry of Health" is one of them. However, "these rules are not always known or applied." Jeanne Bossi, Secretary General of the Agency for Shared Health Data Systems (ASIPS), points out that "health professionals and administrative staff are often unaware of the risks, and there is a real need to inform them about the questions of security."  
Fréderique Lesaulnier, coordinator of the Health Department of the National Data Protection Commission (CNIL), says that "the Internet can provide very useful services in the sphere of health, but it also carries new threats to the protection of personal data, owing to the risks of divulgation. In spite of the progress made, we must raise the level of security even more."
Vincent Trély, former security manager for the computing systems of Le Mans hospital and president of the Association for the Promotion of the Security of Health Data Systems (APSSIS), says that "the switch from paper to digital is irreversible but, in the health sector, it is being done very quickly and without a security culture, unlike banking or cutting-edge industry," sectors in which he has also worked. So, "what he fears above all is digital blackmail, already reported in the United States, using these sensitive data – since they can be easily exchanged for money-." He also has "the conviction that if a hacker got interested, thousands of files could be found in a week."

Share this article