While the government plans to rely on the American giant to store the health data, a collective initiated by professionals in the sector and computer science medical community is concerned, in a forum at “Le Monde”, about this choice of the private.
The French government is proposing the deployment of a platform named Health Data Hub (HDH) to develop artificial intelligence applied to health. The HDH aims to become a single-window access point to all health data.
The data concerned are those of the hospital centres, the pharmacies, shared medical record and research data from various registers. The amount of data hosted is brought to explode, particularly with the emergence of genomics, imaging and connected objects. It is planned that this data will be stored at Microsoft Azure, the public cloud of the American giant Microsoft. This choice is at the centre of our concerns.
The GAFAM (Google, Apple, Facebook, Amazon and Microsoft), the start-ups and even insurers could access health data and the financial power they represent, if these companies demonstrate that their research projects may have a use for “public interest”, a concept relatively fuzzy.
In addition, the use of Microsoft is governed by licences paid for. Although discussions are being held to ensure the reversibility of the American platform, it seems difficult to change. We are aware of the risks of digital captivity, with in particular the contracts between Microsoft and hospitals.
A breach of doctor-patient confidentiality?
The U.S. government adopted in 2018 a text called the Cloud Act, that allows U.S. justice officials access to stored data in third countries. The President of the National Commission of l’informatique et des libertés (CNIL) said in September, to the National Assembly that this text is contrary to the General Regulation on Data Protection (RGPD), which protects citizens Europeans. Concretely, patients could be subjected to a Breach of medical confidentiality, which constitutes such a personal danger, the integrity of the Hippocratic Oath being restored to its symbolic value.
In addition, the HDH is developing on a centralized model, with the aim to consequence a higher impact in case of hacking. On might think that the GAFAMs offer ultra-secure solutions. This argument does not hold up. Indeed, attacks often come from inside, i.e. personnel with access to the data.
Although the data hosted by the HDH is de-identified, complete anonymity is impossible, because it is enough to cross-reference a number limited data for re-identifying a patient. In addition, the medico-administrative data from the National Health Data System (SNDS), integrated into the HDH, has been criticized by the CNIL for the obsolescence of its encryption algorithm.
The trust that constitutes the care relationship between patients and caregivers is based on multiple factors, including secrecy, which is essential. According to a recent survey, the hospital is even the institution in which the French have the most confidence. What would be the impact of a loss of confidence if massive data leaks were to occur?
There are alternatives
We are convinced of the value of data research and the development of statistical tools in medicine. However, there are alternatives that protect privacy and medical confidentiality, by guaranteeing the independence and collective control of infrastructure.
For several years now, hospitals have been creating data warehouses with the objective of collecting locally generated health data for analyze them. An effort is being made to promote decentralization and exchange between regions and our European neighbours, while preserving data security.
Researchers and hospital centres have expertise in important, because they produce and collect data with, for objective, an evolution towards digital hospitals. Thus, the development of new technologies in hospitals will strengthen the interconnection between care and research.
The European Organization for Nuclear Research (CERN) has recently launched the Malt project, for Microsoft Alternatives, which aims to replace as much commercial software as possible with free/libre software. We could follow this example and promote self-directed clouds.
Decentralisation combined with system interoperability information and federated learning (as opposed to the centralised) helps to promote networked research by preserving, on the one hand, the confidentiality of the data, on the other hand, the their storage.
This technique allows the algorithms to travel in each partner center without centralizing the data. Decentralization maintains local skills (engineers, caretakers) required to the qualification of Cheers.
The exploitation of health data on a “proprietary” platform, such as Microsoft’s, exposes the company to risks multiple. The Cloud Act-RGPD incompatibility, the digital autonomy of Europe and the possible loss of patient confidence are important issues to put at the centre of the debate citizen.
It is essential to keep a firm grip on the technologies used. and prevent the privatization of health care.”
As the National Council of the Medical Association did, we let us reaffirm a fundamental principle: “Let us act so that the France and Europe are not vassalized by the giants supranational digital”. Health data is both a patients and the inalienable patrimony of the community. It is essential to keep control of technology and to prevent the privatization of the health.
The complete list of signatories.