Tribune originally published by the APC association, featuring a monthly interview with NGI Zero (NGI0) grant recipients.

The Association for Progressive Communications (APC) is an international network of civil society organisations founded in 1990, dedicated to empowering and supporting people working for peace, human rights, development and protection of the environment, through the strategic use of information and communications technologies (ICTs).

In 2024, InterHop received and NGI0 grant for Goupile, an open source form editor designed for data collection in research, particularly in health, replacing traditional paper case report forms (CRF) with electronic versions (eCRF). Funded by the European Commission, NGI0 supports free software, free data, free hardware and open standards projects. It provides financial and practical support in a variety of forms, including mentoring, testing, security testing, accessibility, dissemination and more.

Find out more about InterHop’s work in this interview, answered collectively by the association.

This interview has been edited for clarity and length.

What motivated you to set up the InterHop non-profit association?

InterHop is the initiative of engineers working in several French hospitals. At the beginning, in the years 2018-2019, we were a simple informal collective. We got together to discuss our practices, interoperability and, more broadly, open source software in healthcare.

In 2019, members of the association were interviewed as part of the Health Data Hub’s prefiguration mission. 1 When a technical choice had to be made, we realised that Microsoft’s cloud, Azure, was likely to be chosen. For a number of reasons, we were against this choice and decided to raise the alarm internally in our hospitals, then to write an article in Le Monde.

The following year, we joined forces with other organisations to appeal to the Council of State. 2 We needed a legal structure and decided to create the association InterHop.org.

What fundamental problems are caused by these political choices of digital solutions?

Our association defends digital freedoms in the field of health. We are therefore not addressing the economic problems that these decisions may cause.

From a legal point of view, our concerns are mainly linked to the extraterritorial nationality of these cloud services operators, in this case, based in the United States. A whole raft of US laws (the CLOUD Act, Foreign Intelligence Surveillance Act, Executive Order 12333) expose health data to the risk of being communicated to the public authorities in the United States. Like the National Commission on Informatics and Liberty (CNIL), we believe that health data “should not be subject to the risk of unauthorised access by authorities in third countries.” 3 And also in line with the CNIL, we urge our decision makers to “use a service provider that is exclusively subject to European law and offers an adequate level of protection.” 3

From a moral point of view, the problem is more profound and directly affects the health care relationship. The chair of the CNIL has stated, “In concrete terms, patients could be subjected to a breach of medical confidentiality, which constitutes a danger that is as personal as it is symbolic, with the integrity of the Hippocratic Oath being called into question.” 4

For us, the greatest risk is a loss of trust in the healthcare system. The trust that underpins the relationship between patients and caregivers is based on a number of factors, including secrecy, which is essential.

Furthermore, these architectural choices are built on centralising models (as opposed to federation or decentralisation). In the event of hacking, the consequences will be greater in terms of the extent of the data potentially compromised.

Finally, free/libre software should be the norm in e-health. The Declaration of Geneva highlights doctors’ responsibility to share knowledge and states: “I WILL SHARE my medical knowledge for the benefit of the patient and for the advancement of healthcare.” 5 It is difficult to imagine how a healthcare professional involved in healthcare innovation could oppose the opening up of his or her work without being in conflict with his or her medical ethics. On the contrary, we must propose that clinicians and the medical community take active steps to prevent the private ownership of the software of digital medicine. Open source must become the norm in medicine. And this applies to all areas: governance, infrastructures, ontologies, algorithms, software, etc.

Faced with these problems and threats, in addition to your advocacy efforts, you have started to develop free software for the healthcare sector. What is your objective in this work?

The InterHop association publishes free software for health research. “Free software”, according to the Free Software Foundation, means software that respects users’ freedom. Basically, it means that “users have the freedom to run, copy, distribute, study, change and improve the software.” 6

We publish Goupile 7, which is software for creating forms for collecting data for research. We also publish a LinkR 8 for low-code analysis, i.e. without (or with few) computer coding skills. Finally, we have just set up LibreDataHub 9, an open source platform that brings together a number of data science software packages (such as Jupyter, RStudio and LinkR) and allows you to manage a project space for teamwork. All these tools are available directly online on the certification of health data hosting providers (HDS) 10 on servers rented by the association.

With this software, we hope to combine a legal commitment, i.e. the litigation we are conducting, with a practical and technical application of our ideas. We are showing that it is possible, with very limited resources – all our members are volunteers, for example – to carry out health research using free digital tools hosted by companies that are strictly subject to European law.

Digital technology, personal and medical information, the right to privacy and access to healthcare in conditions of trust – the problems you outline and the solutions you develop are not restricted to France alone. Could you tell us more about this?

The technical solutions that we are developing can be used in a broad, European or even global context. This is undoubtedly why we have received European funding from the NLnet Foundation, and therefore from the European Commission 11, to improve Goupile, the tool we use to create forms for research purposes.

As far as the legal issues of the extraterritoriality of US law are concerned, all Europeans are affected. This is why, like the CNIL, we are urging publishers to use cloud providers whose head offices are strictly located in Europe.

In fact, the only French specificity is the “Hébergeur de Données de Santé” HDS certification. The aim of this certification is to reinforce the technical protection of personal health data. It is also potentially a regulatory brake on the use of open source software in healthcare, as servers are more expensive. That’s why we are proposing to install open source software on these HDS servers, which are rented by the association. We deliver our own software such as Goupile, LinkR and LibreDataHub; we also deliver other open source software such as Cryptpad 12.

How do Interhop and your digital projects work financially?

InterHop is a non-profit association under the French Law 1901. Our funding therefore comes partly from membership fees and donations (tax-exempt). In the context of health research, when we make our tools available on our HDS servers, we ask for a financial contribution 13. Finally, we regularly respond to calls for public funding. Our first success was via the aforementioned NLnet Foundation.

Did you hesitate to apply for an NGI0 grant via the NLnet Foundation?

Not really. We found the selection process, especially compared with other calls for projects, rather simple and straightforward.

This money will enable us to greatly improve the tool. Our objectives are available online 14. We also support the petites singularités association’s call for the European Union to continue funding free software 15.

How, in the current political context, can we take part in defending our rights in terms of health, privacy and access to care and medicine?

Some would say that democracies seem to be in decline, that nations are closing in on themselves. On the other hand, free software and the InterHop association stand for transparency and openness to others. We promote discussion and exchange, and run a wide network to enable researchers to work together more effectively 16.

We are doing our bit to ensure that (digital) health is accessible to as many people as possible at the right cost. We promote mutual aid as the driving force behind the development of societies, rather than proprietorship and competition.

On a day-to-day basis, we defend the digital autonomy of healthcare players 17. Digital autonomy can be understood at several levels: individuals, institutions (social security, regions, departments, towns, hospitals, etc.), nations, Europe, platform states or even humanity. It is defined as the capacity for self-determination in the cyber environment.

All our digital tools (Goupile, LinkR, LibreDataHub) can therefore be used directly on the association’s HDS servers without the need for installation. However, some hospitals have decided to go further by installing our digital tools locally. They are on the road to greater digital autonomy.

Finally, one of the fundamental principles of the GDPR – the EU’s General Data Protection Regulation – is the minimisation of data collection 18 with regard to the purposes for which it is to be processed 18. Far from the centralising US and Chinese platforms, we are trying, like others before us 19, to offer a less mercantile and more decentralising vision. Whenever possible, we use technologies that can be federated, such as Fediverse 20. Also, to guarantee the secrecy of exchanges, we advocate the widest possible use of end-to-end encryption.

  1. https://sante.gouv.fr/ministere/documentation-et-publications-officielles/rapports/sante/article/rapport-health-data-hub-mission-de-prefiguration 

  2. https://interhop.org/2020/10/08/attaque-du-secret-medical 

  3. https://www.cnil.fr/fr/cloud-les-risques-dune-certification-europeenne-permettant-lacces-des-autorites-etrangeres  2

  4. https://interhop.org/2019/12/10/donnees-de-sante-au-service-des-patients 

  5. https://www.conseil-national.medecin.fr/medecin/devoirs-droits/serment-dhippocrate 

  6. https://www.gnu.org/philosophy/free-sw.en.html 

  7. https://interhop.org/projets/goupile 

  8. https://interhop.org/projets/linkr 

  9. https://interhop.org/2024/09/08/libredatahub 

  10. https://interhop.org/projets/hds 

  11. https://interhop.org/2024/11/11/goupile-nlnet 

  12. https://cryptpad.fr 

  13. https://interhop.org/2023/04/06/brochure-recherche ︎ 

  14. https://interhop.org/2024/11/11/goupile-nlnet 

  15. https://interhop.org/2024/09/10/open-letter-to-the-commission 

  16. https://interhop.org/projets/interchu 

  17. https://interhop.org/2020/11/12/coup-data 

  18. https://www.cnil.fr/fr/definition/minimisation  2

  19. https://degooglisons-internet.org/fr/ ︎ 

  20. https://www.radiofrance.fr/franceinter/podcasts/veille-sanitaire/veille-sanitaire-du-vendredi-08-septembre-2023-8005700 ︎