Newsletter
January- February 2021

The team of Cazeau et associés Law firm wishes you a happy New Year 2021.

For the first newsletter of the year, Cazeau et associés Law firm wanted to share its experience on a very interesting issue: the validity and scope of patient consent given by text message in the field of e-health or digital health.

Today, the modernization of healthcare allows us to consult a doctor without going to his office thanks to teleconsultations via smartphones. After just one phone call, the healthcare professional can send you your prescription or work stoppage by email or text message. Such process is made possible thanks to companies that design the interfaces allowing the connection of a patient with a doctor. These companies collect a certain amount of sensitive personal data that can be used for commercial purposes. This being said, does the patient really know what he is consenting to at the time of sending his acceptance by text message? Is the company entitled to use his data?

SUMMARY

• ARTICLE: The validity of the consent given by text message by a patient when downloading a software for remote medical monitoring
• IN BRIEF: Focus on the jurisprudential evolutions in the field of the fixed-price days agreement

ARTICLE
The validity of the consent given by text message by a patient when downloading a software for remote medical monitoring

Teleconsultation and telemonitoring represent one of the solutions to facilitate access to care throughout a territory, including in areas where there are few healthcare professionals especially in the context of travel restrictions set out during the COVID-19 pandemic.

This method is based on software applications or platforms downloaded by patients that connect them with doctors. These software applications work according to the following principle: at the time of the download, the patient agrees to General Conditions of Use (CGU) and creates his medical follow-up file by entering his personal data. The doctor has access to the file from a platform. The software applications also enable the patient to obtain health information via forums on specific topics.

The medical nature of data collected by the creators of teleconsultation solutions makes them particularly sensitive, requiring that their use be strictly controlled and clearly consented to by the patient.

Aware of the need to widely regulate the processing of personal data, especially in the medical field, the European Union has drawn up harmonized regulations that apply to all companies operating in the internal market. In particular, the main obligations arise from the articulation between EU Regulation 2017/745 on medical devices and the GDPR.

First, under the various applicable regulations, these software products are considered as medical devices. This qualification imposes specific obligations on the owner of the platform, particularly in terms of confidentiality and data protection.

According to the regulations above mentioned, a text message as such is not sufficient to consider consent to the CGU as valid.

Indeed, a valid consent requires that:

• the identity of the signatory is verified and verifiable;
• the consent collected is specific and unequivocal; and
• the proof of consent exists durably and that it is possible to withdraw it at any time.

To fulfil these requirements, it is advised to set up a signature system preferably with a provider who has the necessary qualified certificates in accordance with European standards. In addition, the collection of consent for the processing of personal data must be the subject of a specific explicit request separate from the one relating to the acceptance of the CGU.

In other words, a platform must choose an electronic signature method that clearly identifies the user and explicitly expresses the nature of the commitment.

Finally, regarding the possibility of using the data collected, proof of consent alone is not enough, the data must still be anonymized. Anonymization must meet three criteria imposed by the CNIL:

• the impossibility of linking together two distinct groups of data on the same individual;
• the impossibility of individualizing the data; and
• the impossibility of inferring new information about an individual with certainty.

The major challenge in e-health remains the expression of patient consent, which is essential to guarantee the balance between the protection of individual privacy and the progress of medicine through data processing.

IN BRIEF

Employment Contracts of executives – daily rate agreements (“convention de forfait-jours[1]”):

[1] Under a daily rate agreement (“convention forfait-jour”), salary is based on the number of days worked – at a fixed rate, not on the number of hours worked.

In France, daily rate agreements have always given rise to significant litigations. For 20 years, case law has made it possible to clarify and to frame this agreement by imposing on the employer obligations relating to the protection of the employee’s health and safety. Any failure to comply with these obligations renders a daily rate agreement ineffective, resulting in the counting of working hours and overtime, in accordance with to the rules of ordinary employment law.

For the first time, the French supreme court (“Cour de cassation”) has ruled on the French concept of leave obtained under reduction of working time days – which are paid if they are not taken by the employee (“RTT” or “Réductions de Temps de Travail”) (hereinafter “RTT days”). The court considers that the payment of RTT days granted in execution of the daily rate agreement without effect becomes undue, which makes the employer’s claim for reimbursement legitimate. (see Cass. soc., January 6, 2021, no. 17-28.234, published).

“In ruling thus, while it had held that the daily rate agreement to which the employee was subject was deprived of effect, so that, for the duration of the period of suspension of the individual daily rate agreement in days, the payment of the days of reduction in working time granted in execution of the agreement had become undue, the court of appeal violated the above-mentioned text. »

As a result, it is highly likely that from now on, employers who will have to deal with requests from employees for the invalidity of daily rate agreements will claim reimbursement of the RTT days.