An order published on April 21st forces hospitals to intensify the sending of your data to Microsoft.
Contrary to the opinion of many stakeholders - National Commission on Informatics and Liberty, National Council of Physicians, National Council of Lawyers, hospitals - the French government relies on the American giant Microsoft to store all health data.We call for the creation of an academic, media, legal, associative and political ecosystem to reaffirm autonomy and “commons” values and, to generate a broad debate in society.
Microsoft collects your health data
The French National HealthDataHub (HDH) is currently being deployed. The HDH is a one-stop shop for access to all health data to develop artificial intelligence applied to health. This data belongs to all French citizens and concerns all computerized systems in hospitals, pharmacies, shared medical records and research data from various registries… The amount of data hosted is set to increase exponetially, particularly with the emergence of genomics, imaging and connected objects. All this data is stored at Microsoft Azure, the cloud computing platform of the American giant Microsoft. By presenting a research project of “public interest” - a legally vague concept - GAFAM (Google, Apple, Facebook, Amazon and Microsoft), start-ups and insurers will now be able to access health data and the financial power they represent.
This privatization of health is perceived as dangerous for many actors:
- LREM (presidential majority) Pierre-Alain Raphan deputy is the first to denounce Microsoft’s software infrastructure in LesEchos
- Martin Hirsch, director of the Paris Hospitals, is concerned about the risk of “compromising patient confidence” in Mediapart.
- a collective initiated by health and medical informatics professionals worries in a forum at World
- the National Council of Lawyers warns of “the risks of breaching medical confidentiality and invasion of privacy”
- a collective of publishing software companies denounces “the failure to respect the principles of equality and transparency in the choice of Microsoft Azure”.
- the National Council of Physicians warns that “data infrastructures, as platforms for data collection and exploitation, constitute a major challenge in scientific, economic and cyber security terms. The location of these infrastructures and platforms, their operation, their purposes and their regulation represent a major sovereignty issue so that, tomorrow, France and Europe will not be vassalized by supranational digital giants”.
- recently the National Commission on Informatics and Liberty points out that, because of the “sensitivity of the data in question”, the storage of data “must be reserved for entities subject exclusively to the jurisdiction of the European Union”.
Hospitals have been resisting
The French applaud every evening at 8pm to thank and encourage the hospital staff - but also to reaffirm the values of mutual aid and solidarity.
The support extended by the private sector and the arrival of many volunteers in hospitals during the coronavirus crisis demonstrates the need for technological and human support to help the public sector. However, the public sector must be the guarantor of our rights to our data. For example, the Paris Hospitals refused Palantir’s proposal - a company submitted to CloudAct and working for the NSA, FBI and CIA - to participate in the development of “digital tools for monitoring the Covid-19 outbreak”.
However, an order published on April 21st forces hospitals to intensify the sending of your data to HDH-Microsoft, showing a new fundamental contradiction between the logic of unconditional care specific to the public sector and the Hippocratic oath, and the demands for efficiency and profitability nowadays denounced by medical and hospital staff through their strike movement and their reaction to the Covid-19 crisis”.
CloudAct or the breach of doctor-patient confidentiality ?
In 2018, the US government passed a law called the Cloud Act which allows the US judiciary to access data stored in third countries. The president of the French National Commission for Information Technology and Liberties stated in September at the National Assembly that this text is contrary to the General Regulation on Data Protection (RGPD) which is supposed to protect European citizens.
In case of political will or cyber attack, patients are subject to a risk of breach of medical secrecy. What would be the impact of a massive health data leak?
There are technological alternatives
We are in favour of the supervised use of artificial intelligence tools in health care. However, there are alternatives to the GAFAMs that emphasize respect for privacy and medical secrecy. They guarantee independence in the face of supra-state geo-political and commercial issues as well as collective control of infrastructures.
Hospitals create local health data warehouses to collect and analyse data generated in situ. Thanks to this decentralisation, data exchange between regions and our European neighbours is possible while preserving data security.
Hospitals produce and collect data. By bringing care providers and researchers from all fields (including artificial intelligence) into local contact, their expertise promotes the development of new technologies and strengthens the interconnection between care and research.
Call : Coronavirus crisis will create a societal debate
Health data is both a commodity for patients and the inalienable heritage of the community. It is essential to maintain control over the technologies deployed (transparent algorithms, autonomous infrastructures), and to prevent the privatization of health care. At a time when the risks of mass surveillance are increasingly topical and when the government wants to use personal data to combat coronavirus, the time has come “to establish our digital autonomy”. We are calling for broad information and citizen mobilization. We want to build an academic, media, legal, associative and political ecosystem around these questions to give rise to a broad debate in society.