What Is at Stake with Personal Health Data?April 20, 2021 2021-04-20 10:00
What Is at Stake with Personal Health Data?
What Is at Stake with Personal Health Data?
Data is a term that broadly refers to digital data that is collected or processed for reference or analyses. So naturally, we find it in healthcare. Personal health data represents information about the physical or mental health (past, present or future) of a person including their health status. In France, this data comes from various sources, such as clinical trials, medical records, health insurances, etc. It is collected for a specific purpose to improve diagnosis and prevention processes, as well as the treatment of diseases.
The behavior of the French towards data is complex. On one hand, they share their information willingly on major web platforms such as GAFAM (Google, Apple, Facebook, Amazon and Microsoft), but on the other hand, half of them do not wish to share their personal health data. This shows that French people remain reluctant and therefore keep a certain reserve about sharing their data.
In order to understand this reluctance, we note that the use of health data raises many ethical questions, apart from the fact that it offers great opportunities. Technological advances have made it much easier to collect data via connected objects. That said, while at one time the amount of data was limited to a dozen or so per patient, today we have the ability to collect hundreds. Some data such as heart rate, blood glucose readings, blood pressure or the number of steps, to name a few, are collected in a less transparent way, especially via smartphones or smartwatches. This information is generally stored and managed by web giants. Nevertheless, access to this data remains secure, ensuring its confidentiality, anonymization and protection. It is clearly prohibited to disclose and exploit these data for commercial purposes. And for clinical trials, patients must give their informed consent for data collection and investigators must send a statement to the CNIL, the French Data Protection Authority.
But the problem lies elsewhere, especially in cases where data is collected without users’ knowledge, for example during searches on the Internet. Naively, some people deliver their information on websites and apps. It is precisely in this transmission of personal data that the question of ethics arises. At the same time, in order to store and exploit this huge volume of data, systems require increasingly complex algorithms and programs. Costs related to the storage of this data can also be high. Another issue is the heterogeneity of the information collected. In other words, this information is becoming more and more diverse in its nature, format, and level of dispersion in several information systems. Before this complex data can be integrated into databases, it must actually be structured and coded.
However, data represents a major issue for healthcare because it allows for significant medical progress. First of all, health data can identify risk factors for certain diseases, most often chronic ones (cancer, diabetes, etc.), and help in their prevention. Therefore, thanks to this numerous data, treatments become more effective, with greater personalization and more advanced diagnosis. But this data can be even more beneficial as it can help to detect health threats, such as epidemics, and allow for the implementation of real prevention programs for the population. With this wealth of information on the health status of individuals, organizations also have the opportunity to monitor the impact of diseases and risk behaviors.
In terms of health data management, there are several databases. In France, the National Health Data System (SNDS), the most known of them all, collects data from various public health agencies such as the social security, hospitals, etc. There is also the Health Data Hub, which has the purpose to enrich the SNDS and to allow for the development of innovations, notably through artificial intelligence.
In France, personal health data must comply not only with European rules on GDPR (General Regulation on the Protection of Personal Data) and Network and Information Security, but also with the Computer and Freedom Act. The GDPR defines health data as sensitive information that must be handled with care. Thus, the state plays an important role in imposing a law for security reasons. Indeed, the law on the modernization of our health system (promulgated in January 2016) prohibits the exploitation of a person’s health data, and the sale of it. Therefore, data should not be used to identify the person and cannot be used to promote a product.
In addition, it is still possible to use a person’s data under certain conditions. It is imperative that individuals give their “clear and explicit” consent and that they be aware about the use of their personal data. As a matter of fact, data processing is only allowed when data is processed for medical reasons, such as preventive medicine or medical diagnosis. The role of the State is then also to maintain ethics in the use of data.
In sharing personal data, trust is fundamental. This relationship of trust between health professionals and patients must be transparent, while most French people consider health data processing essential to develop overall health and improve research in clinical trials.
The challenge for e-health players is therefore to find the right balance between user data protection and scientific progress. It is understandable that data security and confidentiality must be a priority for all these players. Startups, in particular, must ensure that data collection on a cloud platform is done according to the state of the art and respects HDS (Health Data Hosting) and GDPR regulations. Today, many technologies and several providers are available to create this climate of trust around their ecosystem, which will be the only way to convince health professionals and users to adopt their solutions. Bodyo embraces this transparency approach and plays its role as a messenger to consumers to make them understand that by sharing their personal data, they contribute to the improvement of tomorrow’s healthcare system.