At the Saint-Malo hospital, 950 medical files were consulted by a company external to the establishment. The CNIL requires that the establishment respects the law on health data.
Medical secrecy has been violated at the Saint-Malo hospital. An IT service provider, hired to facilitate the coding of care acts, was able to access the confidential data of 950 medical files of hospitalized people, according to the National Commission for Informatics and Liberties (CNIL). Admittedly, this company engaged by the establishment did not go to shout on the ramparts of the corsair city the state of health of these people. However, this access to non-anonymized data for personnel outside the establishment is not legal with regard to the public health code and the data protection act. It is for this reason that the medical information departments (DIM) are headed by a doctor, the only one authorized to access medical files containing personal information.
10 days to comply with the law
Faced with this drift, the CNIL tapped on the fingers of the Saint-Malo establishment. A formal notice procedure has been initiated. “It is not a sanction, declared the CNIL in a press release, no follow-up will be given to the procedure if the Saint-Malo hospital center complies with the law within 10 days. This declaration by the CNIL came after a control procedure initiated last June, and after two hospital unions filed a complaint against X for violation of medical confidentiality with the Saint-Malo public prosecutor.
Outsource health data to save money
These facts would not be isolated cases. The CNIL recalled that it regularly authorizes certain companies specializing in processing the coding of acts to intervene in health establishments. “The precision of the coding is a strategic issue for hospitals because it directly influences their funding” underlined the CNIL. In this period of deficits, hospitals are not only seeking to reduce their costs but also ensure that they bill for all acts performed during hospitalizations. “It is to hunt down forgotten acts that some hospitals like that of Saint-Malo appeal to private companies,” said the Interassociative Collective on Health, which brings together patient associations. Thus, for this hospital, the company Altao studied, from December 2012 to August 2013, no less than 1,500 files allowing this hospital a gain of 2 million euros. “
15,000 files and 150 hospitals affected by such practices
The Collective recalls that the CNIL has issued authorizations to these companies so that they can consult what are called “summaries of stay”, without the names of the patients. “But the temptation, or the ease, of going to consult the files on the spot, prevailed on the force of the principles, explained the Ciss, so that the companies intervening on behalf of the hospitals access routinely to data nominative without the knowledge of the patients: according to union sources, 15,000 files have been visited in 150 hospitals in France. “
For the group of patients, private companies and hospitals are therefore committing a triple offense: violation of the patient’s consent to treatment and, “perhaps to accommodation, of his health data”; violation of the right to confidentiality of health data; violation of authorizations given by the CNIL. In addition, the CISS questions the economic relevance. “Is the coding outsourcing going in the direction of the collective interest or does it result in overbilling to the health insurance?” We would like to know. The debates that start this month in Parliament on the 2014 social security financing bill may provide some answers.
.
