Health data: the StopCovid tree that hides the Health Data Hub forest
The StopCovid project for socially "acceptable" tracking using smartphones, initially scheduled for launch on June 2, has caught everyone's attention.
Bernard Fallery, University of Montpellier
Apple and Google were already looking forward to an API (application programming interface) protocol that would be common to many countries, thus confirming their monopoly. But the controversy surrounding the project in France, the fact that Germany has withdrawn from the project, and the failure of the application in Singapore, where only 20% of users use it, mean that StopCovid will soon be abandoned.
"It's not ready and will surely be slowly buried. A la française", estimated a LREM deputy on April 27 to AFP.
Meanwhile, a much larger project continues apace: the Health Data Hub (HDHub).
Health Data Hub, the forest behind the tree
As soon as the Villani report on artificial intelligence (AI) was submitted in March 2018, the French President announced the HDHub project. In October of the same year, a prefiguration mission defines the features of a centralized national system bringing together all public health data, a one-stop shop from which AI could optimize artificial recognition and personalized prediction services.
But the AI ecosystem is also about to take another step forward by gaining access to massive data from hospitals, research, outpatient medicine, connected objects, etc., and to a massive healthcare market (prestigious and of enormous potential value insofar as it accounts for over 12% of GDP). France, with its health insurance system, and the UK, with its National Health Service (NHS), are test cases here, since consistent, reliable data has been maintained there for decades: Amazon already has access to the NHS API to power its voice assistant, and Microsoft has already signed up to host all French healthcare data (storage, log and directory management, computing power and encryption key retention).
HDHub project "on the move
In November 2018, Stéphanie Combes was appointed project manager. By the end of 2018, the choice of Microsoft had already been made (under a "public procurement exemption"), even though the definition of HDHub's principles will wait until July 2019 (in the Health Law), and its missions will not be defined until April 2020, by ministerial ruling. Despite its discussions with Stéphanie Combes, the CNIL still has many questions.
Other voices expressed concern at the hasty management of the project (such as the Conseil national des barreaux, theOrdre national des médecins and a LREM deputy); collectives issued well-founded warnings, such as the professionals of InterHop and free software companies; and some doctors posted videos expressing their revolt.
Health Data Hub, a case study in all digital issues
Getting round the tree that hides the forest means discovering the full extent of the issues raised by "digital transformation" in society, and here in healthcare.
The political issues crystallize here around the choice of Microsoft, which Stéphanie Combes classically justifies by the urgency, without publication of the deliberations: "Microsoft was the only one capable of responding to our requests. We preferred to move quickly, so as not to fall behind schedule and penalize France."
It's a question of national policy, already raised in The Conversation France, since it involves having a public asset managed by a private player, with no hope of reversibility. But it's also a political question of European digital sovereignty, since this American player is subject to the Cloud Acta 2018 law that allows American judges to request access to data on servers located outside the United States.
The technical issues here are revealed in a lively debate between centralization and interoperability of databases. Centralization defines "defense in depth" architectures with successive barriers, for example in the nuclear industry; in the HDHub project, this defense is outsourced to Microsoft.
Stéphanie Combes observes that "if you want to process data on this scale, you have to centralize - it's the only solution". On the other hand, the technical vision of interoperability architectures aims at "not putting all your eggs in one basket": on the one hand, the majority of attacks do not come from outside but from within, with a higher risk in the case of centralization, and on the other hand, anonymity does not withstand the re-identification of a person by cross-referencing data.
This decentralized architecture involves managing network exchanges between databases that remain heterogeneous, and between processing operations distributed across several servers, but integrating these exchanges via interface layers that are now standardized and open source. By way of example, this is the option chosen in the eHop project for a group of hospitals. It has the advantage of maintaining the local skills of engineers and caregivers needed to qualify health data.
The legal issues here concern consent and medical confidentiality. The European principles of the RGPD organize consent right from the design stage of information systems(privacy by design) and through a culture of internal transparency within organizations (via the data protection delegate). Patient data naturally touches on their privacy, but the duration, right of withdrawal and above all the clear purpose of any use of such data, are intangible principles laid down by the CNIL.
Stéphanie Combes gave some perspectives on this point:
"The data is only to be stored during the state of health emergency. At its end, they will have to be destroyed, UNLESS another text provides for this conservation during the final implementation of the Health Data Hub."
In practice, and quite apart from future problems of individual doctor liability, patients could be subjected to a breach of medical confidentiality, a legal principle but also an ethical rule that underpins trust based on the Hippocratic oath. A breach of this trust would, of course, present risks in terms of public health.
Economic issues are crystallizing around the challenges of digital transformation. Neo-liberalists see digital technology above all as a force for creative destruction deregulation and the disengagement of governments encourage disruptive innovation and growth by start-ups. Beyond the purely scientific interest, a rapid development of AI thanks to GAFAMI, the six American giants that dominate the digital market, can therefore be considered as falling within the "general interest", a purpose introduced in 2019 in the Health Law.
On the other hand, advocates of an alternative economic policy see digital technology above all as an opportunity to manage the digital commons, following the analysis of Elinor Ostrom: non-rival immaterial resources, whose rules of access and use are managed by a wide variety of self-organized communities (for example, from the Internet, via Wikipedia, to Open data, free software or huge scientific databases such as the Protein Data Bank). Those who share this vision denounce the idea of the separation between, on the one hand, the qualification of medical data, which takes place thanks to a long process of collection and sorting financed by the public sector and subject to treaties on the free circulation of data, and, on the other hand, the valorization of this data, with the commodification of health by the private sector protected by patent treaties.
Health data control as seen by past and present thinkers
The social issue of sanitary control of our behavior cannot be analyzed without the concepts forged by sociologists. Michel Foucault described the gradual transition to a disciplinary society using the concepts of "biopolitics" (which deals with forms of exercising power over bodies) and "governmentality" (which combines government and rationality, in technologies for governing individuals and the self, to ensure self-discipline: yesterday already, confinement, the school, the hospital, statistics and now the panoptics of the drone and the bracelet).
Gilles Deleuze has described a new transition to a society of control through the electronic collar, with the concepts of "digital language" and access to reality. Whereas Kafka coined the notion of"unlimited procrastination": it's no longer a question of disciplining and ordering, but of controlling by managing all disorder.
Today, sociologists such as A. Rouvroy and D. Quessada are pointing to an imminent shift to the "new". Quessada point to a forthcoming shift to trace society with the concepts of algorithmic governmentality (which goes beyond a mastery of the probable; it's a mastery of the potential itself, to "adjust" our behavior) and of sousveillancewhich is no longer over-surveillance, but under-surveillance through a discreet, immaterial and omnipresent grid of all the types of traces we leave, such as our signals, our productions, our imprints, our passages and our links...
Bernard Fallery, Professor Emeritus in Information Systems, University of Montpellier
This article is republished from The Conversation under a Creative Commons license. Read theoriginal article.