The digitization of medical data remains a sensitive issue in France. Like the Health Data Hub, a government-created health data mega-archive, whose project sparked debate because of its American host, Microsoft.
For about five years, teleconsultation booths have multiplied in pharmacies and communities, to respond to the complex problem of medical deserts. Faced with these new practices, public policies must be adapted to better regulate them, particularly with regard to the handling of medical data.
In addition, dans le cadre du Projet de loi finance de la sécurité sociale (PLFSS) 2023, currently under debate at the National Assembly, article 28 to strengthen the verification of the compliance of companies with respect to the protection of personal information. The second objective is to facilitate the flow of data between all health platforms.
The country has several companies in the market for teleconsultation booths, including Medadom, Tessan and H4D, surveyed by Tech&Co. These booths appear as a solution for a patient who needs a quick appointment with a doctor.
Thus, the patient finds a doctor who belongs to the company’s network, in 15 minutes. It is up to him to create an account by providing some medical data, inserting his Vitale card, before being guided by the health professional via videoconference to use the medical devices in the cabin.
Who has access to the data?
For the Tessan network, the patient must indicate name, date of birth, weight, height, address or even mutual insurance. “The doctor has access to this information to verify the dosage of certain drugs, in order to deliver them to the patient or not”, indicates Maxime Leneylé, CEO of Tessan. As for video consultations, Tessan and Medadom assure that they go through an encrypted flow from patient to doctor, without subsequent recording.
At the beginning of the year, the Mon Espace Santé service replaced and improved the Shared Medical Record. Each person covered by health insurance can find their medical information and documents. Doctors in teleconsultation, like any doctor, have access to it.
To protect this information, the three companies ensure that patient data is stored on servers certified as “health data hosts,” says HDS. On Tessan’s side, the data is hosted on a Microsoft Azure server certified by HDS, “which meets the conditions defined by the Ministry of Health.”
Medadom stores the data on Amazon servers (AWS), “which has certifications for all levels”, specifies Nathaniel Bern. H4D, meanwhile, chose Orange. In addition, the law requires that the servers be located in France. “The company is responsible for verifying that the data is encrypted and routed to the correct server,” says Franck Baudino, founder of H4D.
With Tech&Co, the lawyer specializing in digital law Eléonore Scaramozzino reminds that these companies must respect all the components of the RGPD (General Data Protection Regulation) and “not only the issue of storage and HDS. They must also show the possible beneficiaries of the data and guarantee the quality of the healthcare pathway”.
Article 28, advance or blockade?
This is already the case of the company H4D “which is the only class II certified in Europe, both in the medical aspect (care course) and in the aspect of data protection”, says its manager. And Franck Baudino to argue: “there are legitimate fears on the part of the citizens and it is up to the entire sector to give guarantees”.
To strengthen these guarantees and perpetuate the system, Deputy Thomas Mesnier (Horizons) presented three amendments to article 28 of the PLFSS 2023, approved in committee.
“Data use is a sensitive topic and is the subject of many fantasies. There is a transparency imperative. Obviously I worked in relation to the players in the sector. They have a quite favorable opinion on the progress of the frameworks, even if some wanted us to be faster,” he explains to Tech&Co.
The MP also insists on the interoperability of the system: ensuring that digitized medical data flows more easily and securely between all health platforms.
France and Europe work in a sovereign cloud so as not to depend on American players. But Medadom didn’t choose AWS by accident. “We prefer to have American players that have all the security and stability guarantees than less reliable European players, which we have already tested,” the company explains to Tech&Co.
Does this mean that France is behind in terms of a sovereign cloud for health data? The Health Data Hub itself suffers from the data hosting problem. Stéphanie Combes, director of the Health Data Hub, acknowledges that French or European solutions are not at the level of succeeding Microsoft. First scheduled for the end of 2022, the transition to a European host has been postponed until 2025.
Faced with the acceleration of the digitization of medical data, Franck Baudino considers it important to remember that “the patient always has a choice, that he owns his data and that French law is quite well designed to protect him”.
Source: BFM TV
