These 6 issues around health data that the law must regulate

by bold-lichterman

The global boom in health data raises new questions about how to collect and use it. By 2020, their volume will be multiplied by fifty, according to a Orange Healthcare infographic. In 2016, 4.9 million patients worldwide will use remote health management devices.

Much more than in the sport, marketing or agriculture; in healthcare, the question of the confidentiality of this data is a sensitive subject. In fact, to whom will we allow access to this information which touches on private life? On the one hand, they could constitute a treasure trove of information for researchers in medicine and pharmacy, for the pharmaceutical industries and for insurers. On the other hand, respect for confidentiality regarding the health of patients remains essential.

Adopted at first reading on April 14 in the National Assembly, the bill on health, known as the “Touraine law”, has yet to be examined by senators. The Ministry of Health had instructed DREES* to steer the governance of access to health data. The instance made public this week the synthesis of his work preparatory. Six issues emerge that will be the focus of attention in the Senate, but also in the context of the next Digital Law attached to the Secretary of State of Axelle Lemaire.

  • Precisely define the scope of health data

For the DREES, this would be data concerning the health of patients treated in France, and intended for statistical processing. Some were collected directly during epidemiological surveys and biomedical research; others were originally collected for other purposes. They are then either taken from the medical files of the patients, or from documents sent to the Health Insurance by the patients, or the hospitals within the framework of the pricing of their activities.

  • Define the people who will have access to this data

The DREES underlines the risk that a person (natural or legal) may search a file in order to obtain data on a known person and disclose it to the press, or on an employee in order to verify the correlation of his dates of care and those of his work stoppages, etc. It will therefore be necessary to clearly regulate access to health data in order to avoid such abuses.

With this new regulation, it is a question of ensuring the anonymity of the data, in particular those related to theopen data that is to say freely accessible to all. The body recommends a solution: that of combining the technique known as “data disturbance”, with that of “generalization” or that of “aggregation” and possibly that of “sampling”.

  • Prevent re-identification

The Ministry of Health wishes to ensure that health data used statistically cannot be linked to specific people. There is indeed a risk of re-identification even once the data has been de-identified for the first time. By re-identification is meant here: to be linked again to a natural person by name.

  • Find an acceptable distribution and different levels of supply

The authors propose to set up graduated access:

– an offer for all audiences with direct Internet access,

– a more limited offer intended for a targeted audience (this concerns data with low identification risk),

– a limited offer for files allowing indirect identification of patients.

  • Simplify procedures and set up a trusted third party

The DREES also insists on the benefit of simplifying procedures, in particular via the national identification number, pairings and underlines the role of a trusted third party. A role that could be played by the ” Secure data access center »Today used by a thousand researchers from Genes (Group of national schools of economics and statistics).

In the end, no miracle solution to protect personal data emerges. “No single method of securing data can meet the conflicting objectives of ensuring both the richness of the data made available, a low cost of preprocessing and that is applicable to any statistical database environment , while ensuring infallible protection of privacy. There is currently no consensus on the best method ”, warns the DREES at the conclusion of this summary.

The whole issue of the text is indeed to find a happy medium in access to data. It will also remain to clarify a question that is not addressed in this synthesis and yet essential: how to train health professionals in the collection of data and their archiving?

The main provisions of the bill adopted on first reading have been summarized by theASIP Health in this presentation:

Read also:

>> E-health: 7 French start-ups to watch closely

>> E-health: how far will Big Data go to heal us?

* Department of research, studies, evaluation and statistics

Photo credit: Fotolia, royalty-free stock images, vectors and videos