The company Cegedim, which specializes in publishing healthcare software, was fined 800,000 euros by the CNIL on Thursday for failing to respect the protection of personal data, which the company disputes. The National Commission for Information Technology and Civil Liberties (CNIL) said in a press release that “the company had processed, without authorization, non-anonymous health data transmitted to its customers in order to produce studies and statistics in the field of health”.
According to the CNIL, Cegedim, which provides software to doctors, transmitted data under pseudonyms, not anonymized, allowing the identification of a patient and knowledge of their medical history. The CNIL thus identified two breaches of the Data Protection Act applicable in this area, relating to the obligation to process data lawfully and the obligation to carry out prior formalities in the health sector. It also highlighted the “massive character” data processing “sensitive”.
Cegedim, through its CEO Benoît Garibal, stated that the data had been anonymized and said it had undertaken the steps to comply with the issue of formalities required for the management of health data. The company “reserves the right to contest” the decision of the CNIL before the Council of State.
Related News :