Health Data: The StopCovid Tree That Hides the Forest Health Data Hub
The “socially acceptable” smartphone-based contact-tracing project known as StopCovid, which was originally scheduled to launch on June 2, has captured everyone’s attention.
Bernard Fallery, University of Montpellier
Apple and Google were already looking forward to the implementation of a common API (application programming interface) protocol across many countries, which would effectively cement their monopoly. But the intense controversy the project sparked in France, combined with Germany’s withdrawal and the apparent failure of the app in Singapore—where only 20% of users are using it—suggests that StopCovid will soon be abandoned.
“It’s not ready yet, and it will likely be quietly shelved. In typical French fashion,”a LREM lawmaker told AFP on April 27.
Meanwhile, a much larger project is moving full steam ahead: the Health Data Hub (HDHub) initiative.
Health Data Hub: Seeing the Forest for the Trees
Shortly after the release of the Villani Report on artificial intelligence (AI) in March 2018, the President of the Republic announced the HDHub project. In October of that same year, a planning task force outlined the features of a centralized national system that would consolidate all public health data—a one-stop shop from which AI could optimize services for artificial recognition and personalized prediction.
But the AI ecosystem is also poised to take another step forward by gaining access to massive amounts of data from hospitals, research, private practice, connected devices, and more, as well as to a massive healthcare market (a prestigious sector with enormous potential value, given that it accounts for more than 12% of GDP). France, with its health insurance system, and the United Kingdom, with its National Health Service (NHS), serve as test cases here, since consistent and reliable data has been maintained there for decades: Amazon already has access to the NHS API to power its voice assistant, and Microsoft has already signed a deal to host all French health data (storage, log and directory management, computing power, and encryption key storage).
The HDHub project is moving full steam ahead
In November 2018, Stéphanie Combes was appointed project manager. By the end of 2018, the decision to select Microsoft had already been finalized (under a “public procurement exemption”), even though the principles governing HDHub would not be established until July 2019 (in the Health Act) and its specific responsibilities would not be defined until April 2020, by ministerial order. Despite its discussions with Stéphanie Combes, the CNIL still has many questions.
Others have expressed concern about the rushed handling of the project (including the National Bar Council,the National Medical Association, and a member of parliament from LREM); various groups have issued well-reasoned warnings, such as the professionals at InterHop and open-source software companies; and some doctors have posted videos online expressing their outrage.
Health Data Hub: A Textbook Example of All the Challenges Facing the Digital Sector
To look beyond the trees and see the forest is to grasp the full scope of the issues raised by “digital transformation” in society—and here, in healthcare.
The political issues here center on the choice of Microsoft, which Stéphanie Combes justifies in the usual way by citing urgency, without publishing the deliberations: “Microsoft was the only company capable of meeting our requirements. We chose to move quickly so as not to fall behind and put France at a disadvantage.”
This is a matter of national policy, one that has already been raised in The Conversation France, as it involves entrusting the management of a public asset to a private entity, with no prospect of reversing the decision. It is also a political issue concerning European digital sovereignty, since this U.S. entity is subject to the Cloud Act, a 2018 law that allows U.S. judges to request access to data on servers located outside the United States.
Technical issues come to the fore here in a lively debate between database centralization and interoperability. Centralization involves “defense-in-depth” architectures with successive layers of security, as seen in the nuclear industry; in the HDHub project, this security is outsourced to Microsoft.
Stéphanie Combes notes that “if we want to process data on this scale, we have to centralize it; it’s the only solution.” In contrast, the technical vision behind interoperability architectures aims to “not put all your eggs in one basket”: on the one hand, the majority of attacks do not come from the outside but from the inside, with a higher risk in the event of centralization, and on the other hand, anonymity does not withstand the re-identification of a person through data cross-referencing.
This decentralized architecture involves managing network communication between databases that remain heterogeneous and between processes distributed across multiple servers, while integrating this communication through interface layers that are now standardized and open-source. For example, this approach was chosen for the eHop project for a group of hospitals. It has the advantage of retaining locally the expertise of engineers and healthcare professionals, which is necessary for validating health data.
The legal issues here concern consent and medical confidentiality. The European principles of the GDPR ensure that consent is built into the design of information systems (privacy by design) and foster a culture of internal transparency within organizations (through the data protection officer). Patient data naturally touches on their privacy, but the duration, the right to withdraw consent, and above all the clear purpose of using this data are intangible principles established by the CNIL.
Stéphanie Combes offered some insights on this point:
“The data is only supposed to be stored for the duration of the public health emergency. Once it ends, it must be destroyed, UNLESS another regulation provides for its retention upon the final implementation of the Health Data Hub.”
In practice, and setting aside future issues regarding the physician’s individual liability, patients could face a breach of medical confidentiality—a legal principle as well as an ethical rule that underpins the trust established by the Hippocratic Oath. A breach of this trust would, of course, pose risks to public health.
Economic issues are increasingly centered on the challenges of digital transformation. Proponents of neoliberalism view digital technology primarily as a force for creative destruction : deregulation and the withdrawal of the state promote disruptive innovation and growth driven by startups. Beyond mere scientific interest, the rapid development of AI thanks to GAFAMI—the six American giants that dominate the digital market—can therefore be considered a matter of “the public interest,” a principle introduced in 2019 into the Health Act.
In contrast, proponents of an alternative economic policy see digital technology primarily as an opportunity to manage digital commons, following the analyses of Elinor Ostrom: non-rival, intangible resources, whose rules of access and use are managed by highly diverse, self-organized communities (for example, ranging from the Internet to Wikipedia, and extending to open data, free software, or massive scientific databases such as the Protein Data Bank). Those who share this vision criticize the notion of a separation between, on the one hand, the qualification of medical data—which is achieved through a lengthy process of collection and sorting funded by the public sector and subject to treaties on the free flow of data—and, on the other hand, the monetization of this data, involving the commodification of health by the private sector, which is protected by patent treaties.
The Control of “Health Data” as Seen by Thinkers of the Past and Present
The social issue of health surveillance of our behaviors cannot be analyzed without the concepts developed by sociologists. Michel Foucault described the gradual transition to a disciplinary society using the concepts of “biopolitics” (which concerns the forms of exercising power over bodies) and “governmentality” (which links government and rationality, through technologies of governing individuals and the self, to ensure self-discipline: yesterday, confinement, school, the hospital, statistics, and now the panopticons of drones and tracking bracelets).
Gilles Deleuze described a new transition toward a society of control through electronic monitoring, using the concepts of “digital language” as a means of accessing reality. Kafka, meanwhile, coined the notion of“unlimited procrastination ”: it is no longer a matter of disciplining and organizing, but of controlling by managing all disorder.
Today, sociologists such as A. Rouvroy and D. Quessada point to an imminent shift toward Society of Traces using the concepts of algorithmic governmentality (which goes beyond mastering the probable; it involves mastering potential itself, in order to “adjust” our behavior) and surveillance, which is no longer surveillance but rather “sub-veillance”—a discreet, intangible, and omnipresent grid that tracks all the traces we leave behind, such as our signals, our creations, our footprints, our movements, and our connections…
Bernard Fallery, Professor Emeritus of Information Systems, University of Montpellier
This article is republished from The Conversation under a Creative Commons license. Readthe original article.