Health data: the StopCovid tree that hides the Health Data Hub forest
The socially "acceptable" contact tracing project using smartphones called StopCovid, initially scheduled to launch on June 2, has attracted widespread interest.
Bernard Fallery, University of Montpellier
Apple and Google were already delighted with the implementation of an API (application programming interface) protocol that would be common to many countries and thus confirm their monopoly. However, the strong controversy surrounding the project in France, combined with Germany's withdrawal and the apparent failure of the app in Singapore, where only 20% of users are using it, suggest that StopCovid will soon be abandoned.
"It's not ready and will surely be quietly buried. In typical French fashion,"said an LREM deputy on April 27 to AFP.
Meanwhile, a much larger project continues to move forward at a rapid pace: the Health Data Hub (HDHub) platform.
Health Data Hub, the forest behind the tree
As soon as the Villani report on artificial intelligence (AI) was submitted in March 2018, the President of the Republic announced the HDHub project. In October of the same year, a preliminary mission defined the features of a centralized national system bringing together all public health data, a one-stop shop from which AI could optimize artificial recognition and personalized prediction services.
But the AI ecosystem is also poised to take a new step forward by gaining access to massive amounts of data from hospitals, research, private practice, connected objects, etc., and to a massive healthcare market (prestigious and with enormous potential value, as it accounts for more than 12% of GDP). France, with its health insurance system, and the United Kingdom, with its National Health Service (NHS), are serving as test cases here, as consistent and reliable data has been maintained there for decades: Amazon already has access to the NHS API to power its voice assistant, and Microsoft has already signed a deal to host all French health data (storage, log and directory management, computing power, and encryption key storage).
The HDHub project carried out at a rapid pace
In November 2018, Stéphanie Combes was appointed project manager. By the end of 2018, Microsoft had already been selected (under a "public procurement exemption"), even though the principles of HDHub would not be defined until July 2019 (in the Health Act) and its missions would not be defined until April 2020, by ministerial decreeDespite its discussions with Stéphanie Combes, the CNIL continues to have many questions.
Other voices have expressed concern about the hasty management of the project (such as the National Bar Council,the National Medical Association, and even a member of parliament from the LREM party); groups such as InterHop professionals and free software companies have issued well-argued warnings; and some doctors have posted videos online expressing their outrage.
Health Data Hub, a textbook case on all digital issues
Bypassing the tree that hides the forest means discovering the full extent of the questions raised by "digital transformation" in society, and here in healthcare.
Political issues are crystallizing here around the choice of Microsoft, which Stéphanie Combes justifies in a very traditional manner by citing urgency, without publishing the deliberations: "Microsoft was the only company capable of meeting our requirements. We preferred to move quickly so as not to fall behind and penalize France."
This is a matter of national policy, already raised in The Conversation France, since it involves the management of a public asset by a private entity, with no hope of reversibility. But it is also a political issue of European digital sovereignty, since this US entity is subject to the Cloud Act, a 2018 law that allows US judges to request access to data on servers located outside the United States.
Technical issues are hotly debated here, with centralization versus database interoperability. Centralization defines "defense in depth" architectures with successive barriers, for example in the nuclear industry; in the HDHub project, this defense is outsourced to Microsoft.
Stéphanie Combes observes that "if we want to process data on this scale, we have to centralize; it's the only solution." In contrast, the technical vision of interoperability architectures aims to "not put all your eggs in one basket": on the one hand, the majority of attacks do not come from outside but from within, with a higher risk in the case of centralization, and on the other hand, anonymity does not withstand the re-identification of a person through data cross-referencing.
This decentralized architecture consists of managing network exchanges between databases that remain heterogeneous and between processes distributed across several servers, but integrating these exchanges through interface layers that are now standardized and open source. For example, this option was chosen in the eHop project for a group of hospitals. It has the advantage of maintaining the skills of engineers and caregivers locally, which are necessary for the qualification of health data.
The legal issues here concern consent and medical confidentiality. The European principles of the GDPR organize consent from the design stage of information systems (privacy by design) and through a culture of internal transparency within organizations (via the data protection officer). Patient data obviously concerns their privacy, but the duration, right of withdrawal, and above all the clear purpose of using this data are intangible principles established by the CNIL.
Stéphanie Combes provided some insight on this point:
“The data is only supposed to be stored during the state of health emergency. At the end of this period, it must be destroyed, UNLESS another text provides for its retention when the Health Data Hub is finally established.”
In practice, and without considering future issues of individual physician liability, patients could be subject to a breach of medical confidentiality, a legal principle but also an ethical rule that underpins trust based on the Hippocratic oath. A breach of this trust would, of course, pose risks in terms of public health.
Economic issues are crystallizing around the challenges of digital transformation. Proponents of neoliberalism see digital technology primarily as a force for creative destruction : deregulation and the disengagement of states promote disruptive innovation and growth through start-ups. Beyond purely scientific interest, the rapid development of AI thanks to GAFAMI, the six American giants that dominate the digital market, can therefore be considered to be in the "public interest," a concept introduced in 2019 in the Health Act.
On the other hand, proponents of alternative economic policies see digital technology primarily as an opportunity to manage digital commons, following the analyses of Elinor Ostrom: non-rival intangible resources, whose rules of access and use are managed by highly diverse self-organized communities (for example, from the Internet, through Wikipedia, to open data, free software, and huge scientific databases such as the Protein Data Bank). Those who share this vision denounce the idea of separating the qualification of medical data, which is done through a long process of collection and sorting financed by the public sector and subject to treaties on the free movement of data, from the exploitation of this data, with the commodification of health by the private sector protected by patent treaties.
The control of "health data" as seen by thinkers of yesterday and today
The social issue of health control over our behavior cannot be analyzed without the concepts developed by sociologists. Michel Foucault described the gradual transition to a disciplinary society using the concepts of "biopolitics" (which concerns the forms of power exercised over bodies) and "governmentality" (which associates government and rationality, in technologies of government of individuals and of the self, to ensure self-discipline: yesterday, confinement, school, hospital, statistics, and now the panopticons of drones and bracelets).
Gilles Deleuze described a new transition towards a control society through electronic collars, with the concepts of "digital language" for accessing reality. Kafka, meanwhile, coined the notionof "unlimited procrastination": it is no longer a question of disciplining and ordering, but of controlling by managing all disorder.
Today, sociologists such as A. Rouvroy and D. Quessada are predicting an imminent shift to trace society with the concepts of algorithmic governmentality (which goes beyond mastery of the probable; it is mastery of potential itself, in order to "adjust" our behavior) and surveillance, which is no longer surveillance, but sub-surveillance through a discreet, immaterial, and omnipresent grid of all the types of traces we leave behind, such as our signals, our productions, our footprints, our movements, and our connections...
Bernard Fallery, Professor Emeritus in Information Systems, University of Montpellier
This article is republished from The Conversation under a Creative Commons license. Readthe original article.