Health Data: The StopCovid Tree That Hides the Forest—Health Data Hub

The “socially acceptable” smartphone-based contact-tracing project known as StopCovid, which was originally scheduled to launch on June 2, has captured everyone’s attention.

Bernard Fallery, University of Montpellier

Apple and Google were already looking forward to the implementation of a common API (application programming interface) protocol across many countries, which would cement their monopoly. But the intense controversy the project sparked in France, combined with Germany’s withdrawal and the apparent failure of the app in Singapore—where only 20% of users are using it—suggests that StopCovid will soon be abandoned.

“It’s not ready yet, and it will surely be quietly shelved—in typical French fashion,an LREM lawmaker told AFP on April 27.

Meanwhile, a much larger project continues to move forward at a rapid pace: the Health Data Hub (HDHub) initiative.

Health Data Hub: The Forest Hidden Behind the Tree

As soon as the Villani Report on artificial intelligence (AI) was released in March 2018, the President of the Republic announced the HDHub project. In October of that same year, a planning task force outlined the features of a centralized national system that would consolidate all public health data—a one-stop shop from which AI could optimize services for artificial recognition and personalized predictions.

But the AI ecosystem is also poised to take another step forward by gaining access to massive amounts of data from hospitals, research, private practice, connected devices, and more, as well as to a massive healthcare market (a prestigious sector with enormous potential value, given that it accounts for more than 12% of GDP). France, with its health insurance system, and the United Kingdom, with its National Health Service (NHS), serve as test cases here, since consistent and reliable data have been maintained there for decades: Amazon already has access to the NHS API to power its voice assistant, and Microsoft has already signed an agreement to host all French health data (storage, log and directory management, computing power, and encryption key storage).

The HDHub project is moving “full steam ahead”

In November 2018, Stéphanie Combes was appointed project manager. By the end of 2018, the decision to select Microsoft had already been finalized (under a “public procurement exemption”), even though the principles governing HDHub would not be established until July 2019 (in the Health Act) and its missions would not be defined until April 2020, by ministerial order. The CNIL, despite its discussions with Stéphanie Combes, continues to have many questions.

Others have expressed concern about the project’s rushed implementation (including the National Bar Council,the National Medical Association, and a LREM lawmaker); various groups have issued well-reasoned warnings, such as the professionals at InterHop and open-source software companies; and some doctors have posted videos online expressing their outrage.

Health Data Hub: A Textbook Example of All the Challenges Facing the Digital Sector

To look beyond the tree that hides the forest is to discover the full scope of the issues raised by “digital transformation” in society—and here, in healthcare.

The political issues here center on the choice of Microsoft, which Stéphanie Combes justifies in a very conventional manner by citing urgency, without publishing the deliberations: “Microsoft was the only company capable of meeting our requirements. We preferred to move quickly so as not to fall behind and put France at a disadvantage.”

This is a matter of national policy, one that has already been raised in The Conversation France, since it involves entrusting the management of a public asset to a private entity, with no hope of reversing the decision. But it is also a political issue concerning European digital sovereignty, since this U.S. entity is subject to the Cloud Act, a 2018 law that allows U.S. judges to request access to data on servers located outside the United States.

Technical issues come to the fore here in a lively debate between database centralization and interoperability. Centralization involves “defense-in-depth” architectures with successive layers of protection—as seen, for example, in the nuclear industry; in the HDHub project, this defense is outsourced to Microsoft.

Stéphanie Combes notes that “if we want to process data on this scale, we have to centralize it—it’s the only solution.” In contrast, the technical vision behind interoperability architectures aims to “not put all your eggs in one basket”: on the one hand, the majority of attacks come not from the outside but from the inside, with a higher risk in the event of centralization; and on the other hand, anonymity cannot withstand the re-identification of an individual through data cross-referencing.

This decentralized architecture involves managing network communications between databases that remain heterogeneous and between processing tasks distributed across multiple servers, while integrating these communications through interface layers that are now standardized and open source. For example, this approach was chosen for the eHop project involving a group of hospitals. It offers the advantage of retaining the expertise of engineers and healthcare professionals locally, which is necessary for validating health data.

The legal issues here concern consent and medical confidentiality. The European principles of the GDPR ensure that consent is incorporated from the very design of information systems (“privacy by design”) and through a culture of internal transparency within organizations (via the data protection officer). Patient data naturally touches on their privacy, but the duration of data retention, the right to withdraw consent, and above all, the clear purpose for which the data is used, are non-negotiable principles established by the CNIL.

Stéphanie Combes offered some insights on this point:

“The data is only supposed to be stored for the duration of the public health emergency. Once it ends, the data must be destroyed, UNLESS another law provides for its retention upon the final implementation of the Health Data Hub.”

In practice, and setting aside future issues regarding the physician’s individual liability, patients could face a breach of medical confidentiality—a legal principle as well as an ethical rule that underpins the trust based on the Hippocratic Oath. A breach of this trust would, of course, pose risks to public health.

Economic issues revolve around the challenges of digital transformation. Proponents of neoliberalism view digital technology primarily as a force for creative destruction : deregulation and reduced government intervention foster disruptive innovation and growth driven by startups. Beyond mere scientific interest, the rapid development of AI driven by GAFAMI—the six American giants that dominate the digital market—can therefore be considered a matter of the “public interest,” a principle introduced in the 2019 Health Act.

In contrast, proponents of an alternative economic policy see digital technology primarily as an opportunity to manage digital commons, in line with Elinor Ostrom ’s analyses: non-rival, intangible resources, whose rules of access and use are managed by highly diverse, self-organized communities (for example, ranging from the Internet to Wikipedia, Open Data, free software, and massive scientific databases such as the Protein Data Bank). Those who share this vision criticize the notion of a separation between, on the one hand, the curation of medical data—which involves a lengthy process of collection and sorting funded by the public sector and subject to treaties on the free flow of data—and, on the other hand, the commercialization of this data, involving the privatization of healthcare by the private sector, which is protected by patent treaties.

The Control of “Health Data” as Seen by Thinkers of the Past and Present

The social issue of health-based control over our behaviors cannot be analyzed without the concepts developed by sociologists. Michel Foucault described the gradual transition to a disciplinary society using the concepts of “biopolitics” (which concerns the forms of power exercised over bodies) and “governmentality” (which combines government and rationality in technologies for governing individuals and the self, to ensure self-discipline: in the past, this included confinement, schools, hospitals, and statistics; today, it includes the panoptic systems of drones and tracking bracelets).

Gilles Deleuze described a new transition toward a society of control through the electronic collar, using the concepts of “digital language” as a means of accessing reality. Kafka, meanwhile, coined the notion of“unlimited procrastination ”: it is no longer a matter of disciplining and commanding, but of controlling by managing all disorder.

Today, sociologists such as A. Rouvroy and D. Quessada point to an impending shift toward the Society of Traces using the concepts of algorithmic governance (which goes beyond a mastery of the probable; it involves a mastery of potential itself, in order to “adjust” our behaviors) and surveillance from below, which is no longer surveillance but rather “sub-veillance”—a discreet, intangible, and omnipresent grid covering all the types of traces we leave behind, such as our signals, our creations, our footprints, our movements, and our connections…The Conversation

Bernard Fallery, Professor Emeritus of Information Systems, University of Montpellier

This article is republished from The Conversation under a Creative Commons license. Readthe original article.