Health data: the StopCovid tree that hides the Health Data Hub forest
Updated: May 1, 2022
Professor Emeritus in Information Systems
University of Montpellier
*Faculty member of the Business Science Institute.
Article originally published on The Conversation France.
The project of socially "acceptable" tracking using smartphones, called StopCovid, which was initially scheduled to be launched on June 2, has focused everyone's interest. Apple and Google were already looking forward to an API (application programming interface) protocol that would be common to many countries and thus confirm their monopoly.
But the strong controversy that the project has generated in France, combined with the fact that Germany has withdrawn from the project and the failure of the application in Singapore, where only 20% of users use it, mean that StopCovid will soon be abandoned.
"It's not ready and it will surely be slowly buried. A la française", estimated a deputy LREM on April 27 with AFP. Meanwhile, a much larger project continues at full speed: the Health Data Hub (HDHub).
Health Data Hub, the forest behind the tree
As soon as the Villani report on artificial intelligence (AI) was delivered in March 2018, the President of the Republic announced the HDHub project. In October of that same year, a prefiguration mission defined the features of a centralized national system bringing together all public health data, a one-stop shop from which AI could optimize artificial recognition and personalized prediction services.
But the AI ecosystem is also about to take another step forward by gaining access to massive data from hospitals, research, city medicine, connected objects, etc., and to a massive healthcare market (prestigious and of enormous potential value insofar as it weighs more than 12% of GDP). France, with its health insurance, and the UK, with its National Health Service (NHS), are test cases here, as consistent and reliable data has been maintained there for decades: Amazon already has access to the NHS API to power its voice assistant, and Microsoft has already signed up to host all French health data (storage, log and directory management, computing power and encryption key retention).
The HDHub project carried out "at full speed"
In November 2018, Stéphanie Combes was appointed project manager. At the end of 2018, the choice of Microsoft was already acted upon (in "exemption from public procurement"), even though the definition of HDHub's principles will wait until July 2019 (in the Health Law) and its missions will only be defined in April 2020, by ministerial order. The CNIL, despite its exchanges with Stéphanie Combes, continues to have many questions.
Other voices have expressed concern about the project being managed so hastily (such as the National Council of Bars, the National Order of Physicians or even a LREM deputy); collectives have launched argued alerts, such as the professionals of InterHopor the free software companies; and some doctors have posted videos expressing their revolt.
Health Data Hub, a case study in all digital issues
Bypassing the tree that hides the forest, we discover the full extent of the questions raised by "digital transformation" in society, and here in health.
The political questions crystallize here around the choice of Microsoft, which Stéphanie Combes justifies very classically by the urgency, without publication of the deliberations: "Microsoft was the only one able to respond to our requests. We preferred to go quickly, so as not to fall behind and penalize France.
This is a question of national policy, already raised in The Conversation France, since it is a question of having a public good managed by a private actor, and without hope of reversibility. But it is also a political question of European digital sovereignty, since this American actor is subject to the Cloud Act, a 2018 law that allows American judges to request access to data on servers located outside the United States.
Health data Hub, platform of discord or concord? Extract from the debate "Les Contrepoints de la santé" of December 18, 2019 on the theme of health data: "Voluntarism or vigilance" with Stéphanie Combes, Director of the Health Data Hub, Pr Laure Fournier, Radiology Department, Georges Pompidou European Hospital, Pierre-Alain Raphan, MP for Essonne, David Gruson, Digital Ethics Pilot Committee, founder of the think tank Éthik-IA.
The technical issues are revealed here in a lively debate between centralization and interoperability of databases. Centralization defines "defense in depth" architectures with successive barriers, for example in the nuclear industry; in the HDHub project, this defense is outsourced to Microsoft.
Stéphanie Combes observes that "if you want to do data processing on this scale, you have to centralize; it's the only solution. On the other hand, the technical vision of interoperability architectures aims to "not put all your eggs in one basket": on the one hand, the majority of attacks do not come from the outside but from the inside, with a higher risk in the case of centralization, and on the other hand, anonymity does not withstand the re-identification of a person by crossing data.
This decentralized architecture then consists in managing network exchanges between databases that remain heterogeneous and between processes distributed on several servers, but by integrating these exchanges through layers of interfaces that are now standardized and in open source. As an example, this is an option that was chosen in the eHop project for a group of hospitals. It has the advantage of maintaining locally the skills of engineers and caregivers, necessary for the qualification of health data.
The legal issues here concern consent and medical confidentiality. The European principles of the RGPD organize consent from the design of information systems (privacy by design) and through a culture of internal transparency in organizations (via the data protection officer). Patient data is of course a matter of privacy, but the duration, the right of withdrawal and above all the clear purpose of the use of this data are intangible principles set by the CNIL.
Stéphanie Combes gave some perspectives on this point:
"The data is only supposed to be stored during the period of the health emergency. At its end, they will have to be destroyed, UNLESS there is some other text that provides for this retention during the final implementation of the Health Data Hub."
In practice, and without counting the future problems of individual responsibility of the physician, patients could be subjected to a breach of medical secrecy, a legal principle but also an ethical rule which founds trust based on the Hippocratic oath. A breach of this trust would of course present risks in terms of public health.
Economic questions are crystallizing around the challenges of digital transformation. Neo-liberalists see digital technology as a force for creative destruction: deregulation and the disengagement of governments encourage disruptive innovation and growth by start-ups. Beyond the mere scientific interest, a rapid development of AI thanks to GAFAMI, the six American giants that dominate the digital market, can therefore be considered as part of the "general interest," an end introduced in 2019 in the Health Law.
On the other hand, the proponents of an alternative economic policy see digital technology as an opportunity to manage the digital commons, following the analysis of Elinor Ostrom: non-rival immaterial resources, whose rules of access and use are managed by a wide range of self-organized communities (e.g., from the Internet, through Wikipedia, to open data, free software, or the huge scientific databases such as the Protein Data Bank). Those who share this vision denounce the idea of the separation between, on the one hand, the qualification of medical data, which is done thanks to a long work of collection and sorting financed by the public sector and subject to the treaties of free circulation of data, and, on the other hand, the valorization of these data, with a commodification of health by the private sector protected by the treaties on patents.
The control of "health data" as seen by past and present thinkers
The social question of the sanitary control of our behavior cannot be analyzed without the concepts forged by sociologists. Michel Foucault described the progressive passage to the disciplinary society using the concepts of "biopolitics" (which concerns the forms of exercise of power over bodies) and "governmentality" (which associates government and rationality, in technologies of government of individuals and of oneself, to ensure self-discipline: yesterday already, the confinement, the school, the hospital, the statistics and now the panopticon of the drone and the bracelet).
Gilles Deleuze has described a new passage towards the society of control by the electronic collar, with the concepts of "digital language" of access to reality. While Kafka forged the notion of "unlimited delay": it is no longer a question of disciplining and ordering, but of controlling by managing all disorder.
Antoinette Rouvroy, PhD in Legal Science and FNRS Qualified Researcher, speaks on the topic of algorithmic governmentality and the ideology of big data on March 6, 2018. At minute 10, she speaks on medical data in particular. Today, sociologists like A. Rouvroy or D. Quessada show a forthcoming shift to a society of traces with the concepts of algorithmic governmentality (which goes beyond a control of the probable; it is a control of the potential itself, to "adjust" our behaviors) and of under-surveillance, which is no longer an over-surveillance, but an under-surveillance by a discrete, immaterial and omnipresent squaring of all the types of traces that we leave, such as our signals, our productions, our imprints, our passages and our links...
Article translated from French with https://www.deepl.com/translator
Bernard Fallery's articles on The Conversation France.
Bernard Fallery's books & articles via CAIRN.info.