Since January 1, 2022, all people affiliated with the Health Insurance have been opened a digital “Health Space” where most of their health data will be gathered. A device that raises questions, both in terms of security and ethics.
Since January 1, 2022, the French have been offered a new health tool called “My health space”. On paper, this space, which brings together all of the patient’s health data, is supposed to help medical professionals diagnose a disease more precisely and quickly, and simplify the health procedures for citizens.
However, the tool raises concerns among part of the population. Will this sensitive data be sufficiently well protected? Doesn’t this space risk disproportionately exposing the privacy of patients?
What will My health space contain?
My health space will indeed aggregate a lot of information relating to each person. Each account aims to bring together in a single digital space:
- The shared medical record (DMP) intended to store and share all health data: prescriptions, treatments, examination results, medical imaging, medical history and allergies, hospitalization reports, vaccination;
- Secure messaging for exchanges between patients and healthcare professionals;
- A health agenda to manage medical appointments and receive reminders for key dates for check-ups (check-ups, mammography, vaccination, etc.);
- A catalog of services state-referenced digital health services, to discover the range of useful health services and manage access to its health data.
When we remember that in September 2021, the Assistance publique-Hôpitaux de Paris (AP-HP) suffered a computer attack that led to the leak of the data of the Covid tests of 1.4 million people, there are however enough to ask questions. This attack is indeed far from the first in France. And it points to the vulnerability of our health data and raises the question of their storage, access and computer sharing.
For journalist Coralie Lemke, author of “My data, my health”, there is a ” big lack of clarity “ on the protections put in place as part of the launch of this system. The positive point, according to her, is that the data hosting is provided in France by the company Worldline (via its subsidiary Santeos), for the data of the shared medical file (DMP), and by the company Atos concerning all the other data. of “My health space”. These two companies are approved as a Health Data Host (HDS) in accordance with Article L. 1111-8 of the Public Health Code.. “Their location on French territory places them under the control of the GDPR which stipulates that the processing of data is prohibited”, explains Coralie Lemke.
The author of “My data, my health” judges however that “Regarding protection against cyber attacks, we are in the dark. The least we can do would be to keep us better informed! “.
How to protect our health data?
It is indeed impossible to know, to date, whether our health data will be encrypted or whether external actors will be able to read what will be on the servers. We also have no information on the applications referenced by the State which will be able to connect to “My health space”. All we know is that data protection will be guaranteed by the State, the National Commission for Informatics and Liberties (CNIL) and the National Health Insurance Fund (Cnam).
” It’s not very reassuring »Says Coralie Lemke. ” We all feel like we are invulnerable and have nothing to hide, but in reality we all have something to hide! ” she explains. Because, for lack of optimal security of our data, the risk is there: to see them unveiled in full view, on the web, for malicious purposes or sold on the dark web to unscrupulous companies.
And you don’t necessarily want your boss to know that you are taking antidepressants or an antiretroviral, you don’t necessarily want your parents to find out that you had an abortion at 18 or for your banker to find out that you have undergone hospital withdrawal. “In addition, there is a risk that the hacker will put pressure on the person whose health data has been hacked to obtain a ransom. », Explains Coralie Lemke.
A life-long medical history
In addition to the security of health data, another point alarms users and patient associations: respect for private life and medical confidentiality. On Twitter, some are worried about the weight of their medical history – which can be viewed by all caregivers who monitor them – on their current care. This is particularly what denounces @licornedughetto. The Internet user indicates that, because of these psychiatric history, her throat pain was considered psychosomatic by the medical profession for 4 years, when she actually suffers from a tumor.
The question that arises is the following: do all users agree to share all of their health data with the entity designated by the term “care team”? This term designates, according to article L‧1110-12 of the Health Code, all health professionals who participate in the care of the same patient, from diagnosis to pain relief, in through care and rehabilitation.
This therefore corresponds to the attending physician, to caregivers working in the same health establishment (hospital, clinic, territorial professional health communities (CPTS), etc.), to specialist physicians consulted by the patient as well as to paramedical professionals (physiotherapist, nurse) and to caregivers participating, for example, in emergency care.
Maître Mina Petkovka, lawyer at the court explains that article L. 1110-4 of the Public Health Code provides that the patient’s consent is supposed to be granted for the professionals participating in this care team. ” They are therefore not obliged to ask for his prior consent to ensure his care. “. The lawyer specifies, however, that the patient always has the possibility of withdrawing his consent. This right of opposition can be exercised at any time.
The risk of discrimination in healthcare
For Stuart Pluen-Calvo, master’s degree in Public Health and activist at the Acceptess-T association, the health space presents certain risks, particularly for the safety of trans or HIV-positive people: ” Trans people, such as people living with HIV, are at risk of out during treatment and undergoing medical transphobia or serophobia. Knowing that 15% of trans people have experienced a refusal of care just because they are trans, it is alarming to say the least. ”
Let us remember one last time, consent to share health data with a “care team” can be withdrawn at any time. It is also possible to ask your doctor to hide (without deleting) certain information from the eyes of other caregivers than himself. A final option is to oppose outright the creation of your “Health Space”, by sending an online request for refusal of membership, within six weeks after receipt of the email from the Health Insurance notifying of the creation of space. But to exercise your options, you still have to know that they exist.