AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Serious GDPR violations: Cegedim Santè fined a million dollars, reveals flaws in health data privacy

Scandal in healthcare data management: how Cegedim Santè violated GDPR and put patients' privacy at risk

The CNIL fined Cegedim Santé 800,000 euros for improperly managing patients' health data, which were deemed identifiable despite pseudonymization. The company did not comply with the GDPR by using the "HRi" teleservice in an illicit manner.

This pill is also available in Italian language

The French National Commission for Information Technology and Liberties (CNIL) has fined Cegedim Santé, a company specializing in the production of healthcare management software, €800,000. The company provides its services to around 25,000 medical practices and 500 health centers, facilitating the management of patients' diaries, medical records, and prescriptions. However, an audit launched by the French authority in 2021 revealed that Cegedim Santé had handled patients' health data inappropriately. The data had been pseudonymized but not truly anonymized, which made them identifiable.

Failure to really anonymize: very serious risks to privacy

According to the CNIL, the pseudonymized data still contained information that could allow the re-identification of individuals, and therefore could not be considered anonymous. The company had collected a large set of information on patients, such as year of birth, sex, socio-professional category, allergy data, medical history, height, weight, diagnosis, medical prescriptions and test results. This information was placed under a unique identifier for each patient, which made it possible to connect data subsequently transmitted and track the treatment pathway. This procedure posed a high risk of re-identification and led the CNIL to severely sanction the company.

Illegal data processing and failure to comply with GDPR

The CNIL also highlighted the issue of Cegedim Santé's failure to comply with privacy regulations, in particular Article 5.1.a of the GDPR, which requires lawful and transparent data processing. The company illegally used the health insurance's "HRi" teleservice, which allows access to a patient's medical reimbursement history over the last twelve months. The data consulted via this service was automatically uploaded to patients' computer files and made available for extraction by Cegedim Santé itself. The CNIL considered this data processing to be incompatible with the regulations in force, without providing doctors with the simple possibility of consultation.

Survey conclusions and impact on the healthcare sector

At the end of the investigation, on September 5, 2024, the CNIL issued a decision to impose a fine of €800,000 on Cegedim Santé. This measure highlights the risks associated with the improper handling of health data and underscores the importance of scrupulous compliance with privacy regulations. The CNIL's decision serves as a warning to all companies in the healthcare sector, reiterating the need to take appropriate measures to anonymize data and comply with GDPR regulations, in order to ensure the protection of sensitive data and the protection of patient privacy.

Follow us on WhatsApp for more pills like this

09/29/2024 16:37

Marco Verro

Last pills

Hacker attack in Lebanon: Hezbollah under fireTechnological shock and injuries: cyber warfare hits Hezbollah in Lebanon

Data breach: Fortinet faces new hack, 440GB of stolen informationFortinet under attack: hackers breach security and make information public. discover the details and the consequences for the privacy of involved users

Shocking cyber espionage discoveries: nation-state threatsHow state-of-state cyberwarfare is changing the game in the tech industry: Details and analysis of recent attacks

A new era for Flipper Zero with firmware 1.0Discover the revolutionary features of Flipper Zero firmware 1.0: performance improvements, JavaScript, and enhanced connectivity