FAQ: the "health vigilance systems" Standard
02 January 2023
Organisations whose personal data processing operations comply with the "health vigilance systems" standard are only required to make a notification of compliance prior to the commencement of the processing operations.
1. To whom is this standard addressed?
2. Does the “health vigilance systems” standard apply to the processing of personal data implemented by healthcare professionals and institutions as well as health agencies?
3. What types of health vigilance systems are covered by this standard?
4. I complied with the former AU-013 regarding the processing of personal data implemented for the purposes of pharmacovigilance management. Do I need to notify compliance with this standard?
5. What is the legal basis in the standard for the processing of personal data for health vigilance purposes?
6. Under what conditions can a company responsible for marketing a medicine, device or product collect data revealing ethnic origin?
7. How long is personal data retained in the context of health vigilance management?
8. How to inform the data subject when the notification of the adverse sanitary event is carried out by a person other than the person exposed to it?
9. In order to comply with the standard, is it necessary to use an approved or certified health data hosting service?
10. Is it necessary to conduct a privacy impact assessment prior to the implementation of personal data processing for the purposes of health vigilance management?
11. Can the National Individual Identification Number (NIR) be used to identify persons exposed to an adverse sanitary event within the standard?
12. Can genetic data be collected in the processing of personal data within the “health vigilance systems” standard?
13. Can data be transferred outside of the EU in the context of this standard?
Document reference
Download the standard
Texte reference
Texte reference
Official texts
- Ministerial Order of 27 February 2017 [in French] - Légifrance
- Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data (PDF, 1,28 Mo) - EDPB
- Pharmacovigilance: Overview - European Medicines agency
- Market surveillance and vigilance - European Commission