Health

#SFHL2608541ADecree of 26 March 2026 amending the decree of 27 February 2017 on the automated processing of personal data known as the 'portal for reporting undesirable health events'

🇫🇷France··Other·Medium Impact·View source ↗

AI-generated summary for informational purposes only. Not legal advice. See the original source for the authoritative text.

🇬🇧 English

This decree transfers responsibility for the French undesirable health events reporting portal from the Agence des systèmes d'information partagés de santé to the Ministry of Health, with operational implementation delegated to the GIP mentioned in Article L.1111-24 of the Public Health Code. The portal's purpose is expanded to also collect mandatory notifiable disease reports under Article L.3113-1. It now explicitly allows professionals and declarants to exchange messages to complete reports. Data retention rules are updated: user account data is kept for the duration of the personal space activity, functional logs for 10 years (matching medical liability prescription period), and technical logs for a maximum of 6 months. References to the previous operator and its data protection officer are replaced throughout the text.

AI-generated summary. May contain errors. Refer to official sources for legal decisions.

Key Changes

  • Responsibility shifted from 'Agence des systèmes d'information partagés de santé' to 'Ministère chargé de la santé' as data controller
  • Operational implementation assigned to GIP under Article L.1111-24 of the Public Health Code
  • Portal purpose expanded to include reporting of mandatory notifiable diseases (article L.3113-1)

+ 3 more changes with Pro

Obligations

What this law requires

high

The Ministry of Health must assume responsibility as data controller for the automated processing of personal data in the undesirable health events reporting portal

Ministry of Health (France)
operational
high

The GIP mentioned in Article L.1111-24 of the Public Health Code must operationally implement the portal processing as a public interest mission under GDPR Article 6(1)(e)

GIP (Groupement d'intérêt public) designated under Article L.1111-24
operational
high

The portal must collect reports on mandatory notifiable diseases listed in Article L.3113-1 of the Public Health Code, in addition to undesirable health events

Ministry of Health and GIP operators
operational
medium

User account data must be retained for the duration of the personal space activity only

GIP and Ministry of Health
operational
high

Functional logs (traces of actions on forms) must be retained for 10 years to match the medical liability prescription period

GIP and Ministry of Health
operational

Affected Parties

French Ministry of HealthGIP (Groupement d'intérêt public) under L.1111-24+4 more…

Tags

health reporting,personal data,signalement sanitaire

More from France

Order of April 13, 2026, Establishing the List of Persons Authorized to Practice Cardiovascular Medicine in France

Order of April 16, 2026, concerning the renewal of the suspension of importation, introduction, and marketing of food supplements containing the plant Garcinia cambogia Desr.

Decree No. 2026-285 of April 16, 2026, on the Contribution of Insured Persons to the Costs Related to Medications with Low Medical Service and Their Beneficiaries' Rights from Work Accidents or Occupational Diseases