Véronique Legrand: “Let’s be parsimonious with our health data”


MAINTENANCE – You can now group your health documents and medical information in a secure digital safe on My Health Space. But is it really a good idea? The answers of Véronique Legrand, holder of the computer security chair of the National Conservatory of Arts and Crafts.

Le Figaro Santé – What do we mean by “health data”?

Veronique LEGRAND. – A set difficult to define as it is extensive. It can also be a medical appointment specifying the time, place, name of the patient and the practitioner. But also more confidential information such as the pathologies treated. Or even the complete history of a patient as is the case with his personal medical file or his vaccination with the vaccination pass. Control is provided by the National Commission for Computing and Liberties (Cnil), in charge of verifying that the processing of personal data complies with the general data protection regulations (RGPD). This organization gives its definition: the data is “of a personal nature, relating to the physical or mental health, past, present or future, of a natural person (including the provision of health care services)”.

What is the point of collecting and storing this mass of information?

In exchange for his data, the user will obtain a health service. This implies that each health establishment or operator will propose its own collection and processing methods depending on the service it will provide to people. Health data will therefore vary depending on the health operator and the service it offers, some will be directly related to the pathology, its symptoms or the comorbidities that accompany it. Others will be more distant, such as the date of birth of the patient, his place of residence, the practice of a sport, the accompaniment of a sick person or the place of the consultation.

” READ ALSO – Data collection and analysis, a key issue for health

Where is health data stored?

They don’t stay “still”, they travel a lot! The life of the data starts with its collection via a form that the health operator makes available to the user or the patient, in the form of a website, mobile applications or even a sensor that measures a biological parameter (glycaemia or heart rate for example). These forms are linked to one or more health facilities and sometimes to the application provider. Then, the data is conveyed to the servers of the application of these establishments and operators, it will be recorded, enriched, analyzed and stored by each of them, in their own centers. This is what makes it possible to save and above all to classify this data if necessary: ​​it is the big data of health, whether private or public. Finally, this data combined with others, will materialize in a service rendered to the patient: confirmation of a delayed medical appointment; recording of the date of the last blood test or validation of the vaccination pass.

Connected watches record your heartbeat even though they do not always have sufficient security guarantees

Véronique Legrand, holder of the computer security chair of the National Conservatory of Arts and Crafts

How to ensure their safety throughout the trip to the land of waiters?

Data security is highly regulated, both from a legal and technical point of view. For example, data centers and transport infrastructures are protected so that there is no possibility of infringing the privacy of users. According to the principle of the safe, health data hosts are required to have the most rigorous protection systems, implementing specific best practices certified by organizations such as the High Authority for Health (HAS). Data in transit is also protected. They are subject to rigorous encryption standards protecting them using digital certificates to identify the sender and recipient, making them virtually tamper-proof while in transit.

” READ ALSO – Cyberattacks: Why your health data is so fragile and coveted

However, there are flaws…

The risk is in the transit through a vast chain. At each link, there may be flaws. Human, first of all: it is possible for a healthcare professional to transmit information without the “informed consent of the patient”. Technical, then. For example, this spectacular data leak revealed by the press in September 2021: the application used from a pharmacist’s terminal to collect Covid test results had a flaw which led to the leak of nearly 700,000 test results with the identities and emails of users. I would also like to mention connected objects. Today, connected watches can record your heartbeat even though they do not always offer sufficient security guarantees. In addition, this data is stored with manufacturers or software publishers who are not French health players. I would advise against their use.

What can be done to minimize the risks?

You have to learn how to manage your health data. Already, do not give when it is not essential. For example, I don’t use a mobile app to book my medical appointments. It is true that many services can make our lives easier, but they always come at the cost of our data. So let’s save our health data, the use of mobile applications and our connected devices.

.

Leave a Reply

Your email address will not be published. Required fields are marked *