All health data is not necessarily personal health data. For example, a virus reproduction incidence rate in a given region is not personal health data.
For the difference between personal and non-personal data, see the glossary.
The Federal Law on Research on Human beings4 and its various implementing Ordonances 7-8-9 provides the framework for the use of research data.
This definition does not specify whether we are talking about physical or mental health, nor whether we are talking about data relating to the present, the past or the future. In the absence of precision, it is considered that they are all included (physical and mental; past, present and future).
Generally speaking, the Swiss Data Protection Act5 considers health data to be sensitive data (art. 3, let. c2), the handling of which entails a risk for the fundamental freedoms of the persons concerned3.
For the difference between sensitive and non-sensitive data, see the glossary.
The RGPD and LRH group health data into three types3:
| Information about the natural person | Collected in the course of the registration for, or the provision of, health care services: a number, symbol or particular assigned to a natural person to uniquely identify the natural person for health purposes |
|---|---|
| Information derived from the testing or examination of a body part or bodily substance | Including from genetic data and biological samples |
| Any information on, for example, a disease | Disability, disease risk, medical history, clinical treatment or the physiological or biomedical state of the data subject independent of its source. For example from a physician or other health professional, a hospital, a medical device or an in vitro diagnostic test |
"It should be pointed out that this definition makes it possible to include certain measurement data from which it is possible to deduce information about a person's state of health."1
The notion of health data is broad. It must be assessed on a case-by-case basis, taking into account the nature of the data collected. It covers not only all data collected and produced as part of the healthcare process, but also data held by other parties (application developers, for example), which constitutes information on the individual's health state.
Each type of health data can be classified according to:1
| Data that is health-related in nature | Medical history, illnesses, services provided, test results, treatments, disabilities, etc. |
|---|---|
| Data which, when cross-referenced with other data, become health data | In that they enable a conclusion to be drawn about a person's state of health or health risk: cross- referencing a weight measurement with other data (number of steps, calorie intake measurement, etc.), cross-referencing blood pressure with effort measurement, etc. |
| Data that becomes health data because of its intended purpose | I.e. its medical use |
the Data Protection Act does not apply to processing operations involving health data for the exclusive use of the individual. For example, the law does not apply to mobile health applications whose functionalities include the collection, recording or storage of data, provided that these operations are carried out locally on a computer, iPhone or tablet, without an external connection and for exclusively personal use.
As with all personal data, it cannot be ruled out that data which is not personal at first sight may become so through cross-referencing. For example, health data on a rare disease in a given district may turn out to be personal through cross-referencing.
On this point, we can follow the Valais cantonal data protection officer: "In many cases, the anonymization of obvious individual identifiers is not enough to rule out re- identification. Even quasi-identifiers for combinations of attributes, such as date of birth, gender and zip code, need to be treated with care."2
The applicable rule is therefore as follows: "in the event of insufficient data anonymization, the processing requirements laid down in data protection legislation apply, and the master of the original file may have to be held to account. The situation will therefore have to be assessed in concreto, which seems relevant given the rapid developments in this area". 2
Health data does not include data from which it is not possible to deduce any information concerning the state of health of the person concerned. For example, an application that collects the number of steps taken during a walk, without cross-referencing this data with other data.
Nous ne citons ici que les lois fédérales. La plupart des cantons ont leur propre loi de protection des données. Elles ne changent toutefois pas la définition d’une donnée de santé qui prévaut en Suisse.
En plus du droit fédéral, s’appliquent les lois spécifiques à chaque canton. Toutefois, aucune loi cantonale à ce jour ne produit de définition différente de la notion de « donnée de santé ».