1: The Emergence of Medical Information in the Face of Personal and Societal Ethical Challenges – Medical Information Systems Ethics

1
The Emergence of Medical Information in the Face of Personal and Societal Ethical Challenges

The considerable and ongoing progress made by medicine through applications of technologies and sciences suggests that we are moving toward a veritable “scientification” of the medical approach. These NTICs are becoming means of augmenting flows of information, exchanges, social interrelations and even access to programs, cases of cultural and social mediation notwithstanding. Services and tools are multiplying and being perfected but still are probably only in their early stages, causing real unease for both doctors and patients. Where will the human–machine fields of tomorrow fall, in relation to those of the doctor–machine? Certainly, within medical communication, a dialogue between a doctor, his or her patient, and the IS must now be taken into account.

In this chapter, we will establish why and how the sharing of medical information and its transparency has developed. This will also shed a more precise light on the distinction made between the terms “data”, “information” and “knowledge”. The inflation of medical knowledge and the brevity of its half-life make its control impossible for a single individual and demand a high-performance tool to access, acquire and manage it. This has resulted in the necessity of computerization for the sharing and exchange of data. This type of ethical debate applied to this information is an essential prerequisite for the comprehension, design and architecture of an HIS using it.

Of the information handled by healthcare structures, medical information – the objective of which is to describe the state of health of patients and the acts and procedures practiced on them – constitutes the most important information quantitatively and the most relevant qualitatively, as it is on this information that descriptions of care activities and production are based. It has become an integral part of the care process. All medical information poses the problem of its own legitimacy, of the duty to inform and of the right to disregard. It is a legal, technical, and ethical necessity, but there is a risk that medicine will shift from the dictatorship of the “unsaid” to that of the “everything said”, that is, from paternalism to “information abandon”; these two extremes can have serious effects on the way in which the patient will experience his or her illness.

1.1. An information-consuming society

The society of consumption is a civilization born in the 20th Century, the economy of which is no longer based on the production of the necessary but rather on the production of the superfluous. It is considered to be an evolution. The upheaval of the 20th Century, which begun in the late 19th Century because of the industrial revolution, has reversed the proportions by assigning greater and greater importance to the superfluous and less and less to transcendence. This society has radically transformed mankind, from Homo sapiens to “homo consumens”.

The world of consumption exists only in a representation that is perceived as reality. For this reason, objects consumed by individuals have no real meaning except as symbols. The term “society of consumption” is generally defined by inserting the idea of advertising as a tool bearing information on a product being sold. For a very long time, sales advertising has equaled the satisfaction of needs, with its objective being to satisfy the consumer’s desires. Because desire exists only in mental form as the projection of a fantasy, objects are only images of a satisfaction that exceed their actual possession.

Consumption is no longer a means of fulfilling our primary needs but rather of differentiating ourselves from others. In Western societies, consumption constitutes a structuring element of social relations. It is omnipresent, creating new social relationships between people artificially by inventing symbols, acronyms and codes. It shows how our societies have become prisoners of consumption, which has taken the place of morals, and in which the body becomes an object, and capital subjected to consumption is recreated artificially in the form of symbols [ROD 08].

This is why personal medical information has become the subject of commercial issues. Subjected to pressure from commercial societies, of which they are sometimes promoters, healthcare professionals are likely to venture into the use of systems for the dissemination and use of information concerning their patients “without respecting the rights of the latter or taking into account legislation on the matter or medical ethics, the whole of which constitutes a complex corpus” [DUS 00].

In terms of the commercialization of medical information, it is most often personal medical information or information derived from the same that is at the forefront, that is, information concerning identified or identifiable individuals. An identifiable individual is defined as “a person who can be identified, directly or indirectly, notably by reference to an identification number or to one or more specific elements proper to his or her physical, physiological, physic, economic, cultural, or social identity”1.

In the pharmaceutical industry, medical information is vital for the research and development of products and for the marketing those products. For their part, insurance companies and mutual funds wish to offer their affiliates the best services, and companies are willing to invest in prevention surveys, for example, to reduce the risks of accidents, illnesses and absenteeism.

Thus, to prevent any possible spiraling commercialization of medical information, Law 99-641 of July 27, 1999 introduced in Article 40-12 a new Chapter 5(3) of the law of January 6, 1978 pertaining to the communication of personal medical information and specified that data “issuing from the information systems targeted in article 710-6 [L.6113-7 new] of the code of public health; those issuing from medical files held as part of the liberal exercise of healthcare professions; and those issuing from information systems of health insurance companies, cannot be communicated for statistical purposes of evaluation or analysis of healthcare and prevention practices and activities except in the form of aggregated statistics or patient data put forth in such a way that the individuals concerned cannot be identified”. There are no exemptions to this regulation except specific conditions assessed by the CNIL (Commission Nationale de l’Informatique et des Libertés, or National Commission for Data Protection), which specifically prohibits the interconnection of files likely to be harmful to efforts at anonymity.

In France and Europe, personal medical information is considered to be sensitive data, and the groupe européen d’éthique (European Group on Ethics) defines that this healthcare data “is an integral part of the personality of the individual and should not be considered exclusively as merchandise”.

Today, the supply of goods and services available is greater than the demand. This abundance of products has led humans to surround themselves inexorably with objects. Eventually, humans will swear only by them, progressively abandoning themselves to becoming ever more functional. Consumption is becoming obligatory. As soon as a consumer takes possession of an object, he or she sends an external sign to the people around him or her, thus acquiring a certain power in society. This society has a need to produce objects and, thus, to be able to destroy them in order to exist. This renewal amplifies the idea of abundance and increases our dependence on the tangible.

Moreover, similar to commerce, which knew how to make the customer believe that he or she was king, medicine will be forced to bend to this consumerist principle. Medical relationships will have to fall in line with this model so that responsibilities will be clearly defined and indicated. Even though it is becoming consumerist, the caretaking relationship is not yet fully codified as such, except concerning the minimum necessary in the right to information. Thus, the increasing propagation of information in society imposes a certain degree of legitimacy on this information for the user of the healthcare system [FAI 06]; this legitimacy has been entirely established by the appearance of this significantly different way of interacting between healthcare consumers and healthcare service providers. There is still no model contract for what the doctor–patient relationship will involve in reality; there is more talk of the risks inherent in this medical relationship than there is talk of the objectives and means imposed by it. For this reason, our society is creating ever more possibilities and choices, which are often contradictory. Now the individual must examine, sort and rank each object or item of information on a rational value scale with the goal of being able to make choices and decisions regarding healthcare.

This evolution of consumerism in the field of healthcare marks a significant development in patient demand. These patients naturally wish the way in which they are treated to be accounted for and no longer have blind trust in practitioners. Healthcare professionals have therefore been obliged to adapt their services and the way in which they work to take this new order into account.

1.2. e-Health, m-health, the Quantified Self and Big Data

It is the combination of audiovisual and computer technology and telecommunications that accelerates the progression of these new technologies. The Internet stands as the legitimate heir to the triple alliance of the telephone, television and computer. The 1990s saw the Internet made available to the public at large; nowadays, this telecommunication tool has become an instrument of information, communication and exchange that is inescapable from a professional as well as a personal and familial perspective. The Internet has traveled across the surface of the globe like a water lily on a lake: the farther it goes, the faster it grows, and it is in the process of turning our vision of the world upside down. This is a new way of working, with primary materials consisting of dematerialized information. e-Health is also proving to be a remarkable system for sharing internal and external knowledge, providing enlightened users with a true culture of sharing. It seems to be an accelerator of empowerment, that is, of patients’ management of their own healthcare status, with patients being more involved in medical decision-making.

According to Ewa Mariéthoz and Marika Bakonyi Moeschler [MAR 01], empowerment “enables patients to free themselves partially from the top-down decision-making of doctors in matters of treatment and to establish bilateral patient–doctor relationships based on communication, discussion, and negotiation”. For this reason, this technology is often considered to be an emancipatory technology. It is enabling the patients to become better-informed. However, a usage study indicates that the diversity and complexity of these technologies only partially confirms this perspective. Thus, the notion of the expert patient harks back to elements other than online information alone and sharing with the practitioner remains a vital part of the relationship. The doctor thus retains his or her authority as an advisor while encouraging the patient’s expertise with an eye to autonomization and therapeutic education.

Consequently, the emergence of the Internet in the field of healthcare has contributed to the existence of greater access to medical data for both doctors and patients. In these conditions, these NTICs have the power to act in-depth on social relationships, people’s beliefs and the very nature of knowledge, which also contributes to certain fears and uncertainties because of their multiple (and often complex) uses; their hard-to-measure impacts affecting very different populations and their information, which is not always controlled. For this reason, it is becoming necessary to be more aware of and to better comprehend the use of NTICs in the medical sector.

This new technology has brought about behavioral changes between the actors, ethical reflections and, thus, consequences, such as:

  • – making it possible to access the whole body of medical information that is rich but inconsistent in terms of quality;
  • – increasing the number of exchanges via e-mail;
  • – creating “cyberpatients” through forums dedicated to health [EVE 02];
  • – developing projects to circulate medical data over a network;
  • – increasing awareness on the part of citizens and patients about the quality of healthcare offered and easier access for these individuals to healthcare-related education;
  • – creating a guidance tool in the system (putting the addresses and rates of healthcare professions, the platforms for urgent situations, the performance of healthcare, etc. online);
  • – contributing to epidemiological monitoring;
  • – causing healthcare and healthcare product providers to change and progress.

This also leads us to question ourselves about the reason (or reasons) driving citizens to search for information and advice on the Internet rather than asking for it directly from their usual physicians. The search for anonymity and greater freedom of expression are often mentioned. Does consultation no longer appear, as in the past, to be a time of adequate confidentiality and freedom for the patient? Is it possible that the very value of medical secrecy, designed above all to protect the patient, is being questioned? Freedom of expression implies that doctors know how to inspire trust in patients by developing a dialogue on all aspects of health, whatever the real reason for the consultation. Quality of healthcare information and confidentiality of medical data are the two ethical principles that come naturally to all of us. But we are entitled to ask ourselves questions about “freedom of access to medical sites, constraints related to documentary research, ownership of medical data, and traditional practitioner behavior” [EVE 02]. This motivates doctors to invest themselves in their mission of overall care of people. Here, we are part of a true reflection on the role of the physician in society and on the preparation of doctors to exercise their profession with regard to public expectations.

The Internet phenomenon also poses a number of security-related and technical problems, but above all, the issues it has brought about are cultural, as the hospital is obliged to consider itself as a satellite service and no longer as the center of the world. This NTIC raises societal questions, not so much on the part of the ever-increasing numbers of healthcare users who use it but on the part of classic producers of information pertaining to healthcare, including healthcare professionals. How can we best prepare healthcare professionals to use NTICs? How can we encourage the development of the concept of sharing or co-management of medical decision-making? Is the Internet a facilitative element or an obstacle to the duality of the doctor–patient relationship? In the medium term, will the Internet become the key to patient self-management, thus virtually eliminating the family doctor (see [SCH 09])?

However, the Internet can serve as a formidable instrument for accessing expert knowledge or skills remotely when the patient is unable to travel. Telemedicine and “cybermedicine” may in this case contribute to a positive evolution of the doctor–patient relationship as well as the sociocultural aspect of it. This naturally leads to new responsibilities on the part of the doctor – “tele-expert” and “guide” doctor for the patient (with the necessity of means) – as well as technical network providers (with requirements vis-à-vis security and medical secrecy).

This practice has the particular characteristic of separating the doctor from the patient. On the basis of this, we may ask ourselves if this doctor is risking the loss of his or her essence due to disruption of interpersonal relationships. What will be the patient’s place in this system? Is it possible that the dematerialization of the doctor–patient relationship is contrary to a strengthening of human relationships?

Are we in the process of building new inequalities? What will be the guarantees concerning the confidentiality and security of personal data? What guarantees of skill will be established by remote consultation based on transmitted data?

On the basis of these questions, it seems advisable to study the resulting ethical requirements and risks. In this case, the use of this practice:

  • – must contribute a gain to patient care;
  • – must not replace, without a valid reason, a more human, more classical practice of medicine;
  • – must guarantee the fundamental rights of the patient, notably:
    • - to be informed of the actions taken and to use this information freely (free and informed consent of the individual),
    • - to choose his or her own doctor,
    • - to have access to quality healthcare,
    • - to have the benefit of medical secrecy, respect for private life and the confidentiality of personal data,
    • - to obtain an obligation of means but not result,
    • - to have access to compensation for wrongs caused by a possible malfunction of the system [PUE 06];
  • – must not interfere with the rights and responsibilities of the practitioners toward their patients and colleagues: risks of “virtualization” of the healthcare professional and the subsequent “banalization” of radiological interpretation as a simple product of consumption to be delivered. This intrusion by the computer must not truly make a “screen”, where the doctor, who has become “virtual”, will not be listened to as closely by the patient and, conversely, the doctor’s empathy must not be lessened toward a “virtual” patient. When medical actions are exchanged, the responsibilities of each of the healthcare actors increase, rather than responsibility being shared;
  • – must ensure the skill of the healthcare professionals who will be taking care of patients;
  • – must ensure the securitization and confidentiality of medical data against any fraudulent use when these data are archived, such as during their transfer on computer networks;
  • – senders must2 ensure that the receiver guarantees protection for the data received, that is, data are “adequate” or “equivalent” to what they were in the sender’s country;
  • – must create a pricing protocol, controlled if possible, defining various situations in telemedicine;
  • – the singular colloquium between various healthcare professionals and the patient must constitute the pivot of the care support system [LUC 13].

In addition, with “Medicine 2.0”, the mentalities, approaches and practices of medicine are evolving due to access to information, community exchanges and the comparison of experiences. According to a new worldwide survey, Emerging mHealth: Paths for Growth, conducted by the Economist Intelligence Unit (EIU) for PricewaterhouseCoopers (in 2012), the widespread adoption of mobile technology in the field of healthcare, or m-health, is today considered to be inescapable.

By definition, m-health consists of the use of modern mobile, smartphone and tablet technology in particular to deliver, reinforce and improve healthcare services. m-health is therefore a subcategory of e-health that pursues various goals, particularly easier access to care and information related to health; an increased ability to diagnose and monitor diseases; the ability to launch large public health information campaigns and continuing access to education and medical training for healthcare professionals. Given the aging of the population, the steep increase in chronic illnesses, and the increasing cost of healthcare, the development of m-health services may represent a concrete response to the expectations of patients and healthcare professionals.

m-health applications include the use of mobile devices in the community; collection of clinical healthcare data; dissemination of healthcare information for practitioners, researchers and patients; the real-time monitoring of patients’ vital parameters and the direct provision of care (via mobile telemedicine) [GER 05]. Smartphones are constructed to include a certain number of sensors [BEN 13]: an accelerometer, gyroscope, proximity detector, magnetometer and photoelectric proximity switch, and the new generation of sensors, which are more specialized, less costly and have high performance. They are integrated into various types of objects: smartphone peripheral devices, bracelets, helmets, sporting accessories and even in the form of patches applied directly to the skin. The current trend is toward the development of biosensors (sensors used in the medical field) capable of recording biological parameters such as temperature, heartbeat, blood pressure, weight, stress, calories burned, sleep, health practices and respiratory exchanges with the skin.

It is feasible today to imagine a true at-home healthcare solution, which is a necessity given the lack of doctors in some regions. Sensors and wireless measurement devices (glucometers, spirometers, pedometers, geolocation devices, scales) are available commercially and make it possible to relay monitor information on the daily life of an individual and the possible progression of an illness.

Thus, we are witnessing a veritable explosion in the number of connected devices. Combined with mobile applications that collect these data and present them in a user-friendly manner, these devices offer a precise image of our state of health. The success of current m-health applications with professionals as well as the public at large reveals a real desire for richer solutions. Approximately 17,000 m-health applications are currently available in the principal stores of the market, even with a specific category dedicated to them. Alongside applications for well-being (my pregnancy, iSleep), there are more and more applications for the prevention and monitoring of pathologic conditions (diabetes, obesity, etc.).

Healthcare professionals are also the users of mobile services: access to medication databases, official recommendations, medical encyclopedias, etc. In 2010, according to a Kalorama study, more than 50% of physicians used a smartphone or a tablet regularly in their treatment activities.

With the new generation of mobile devices that rely on the datasphere of the Internet (sensors, connected devices, mobile applications, etc.), we consider the practices of the Quantified Self to constitute a symbiotic system of transformation enabling individuals not just to shift from an analog to a digital mode of monitoring via digitalization but to shift from a “quantified self” to a “qualified self” and, thus, to broaden the possibilities of self-action (i.e. of change). For users, the objective is to collect behavioral data, share them and analyze them in order to acquire knowledge about themselves and to make changes in their daily lives.

In this context, the advent of the Quantified Self makes it possible to monitor the personal health indicators on a daily basis: connected health, life hygiene and body upkeep, monitoring of the development of a disease, etc. But, Big Data also disrupts the research practices and the perfecting of new treatments.

Using correlations, digital tools have made it possible for persons to regulate their weight through sleep, stress and the reduction of restrictive treatment with medications. By producing and reclaiming their own data, these persons create a personal informational system, enabling them to recategorize their behaviors. Over the long term, this experience will have enabled them to move from “curative” health practices to “preventive” health practices.

Moreover, after the digitalization of all of the human knowledge accumulated over the centuries, digital services, social networks, mobile devices, and connected objects and sensors are endlessly producing new data – the storage, diffusion, management and usage of which are becoming more and more a part of people’s daily lives.

This “metadata”, or Big Data, represent the fuel driving today’s economy and early 21st Century knowledge. The volume of medical data created each day by our civilization is increasing exponentially. When we connect to the Internet (social networks or various Internet sites), our navigation leaves numerous clues about our personal life, such as our needs, our behaviors and our illnesses. Thus, this “metadata” represents a volume of information that we leave behind us unsuspectingly as soon as we connect to a digital device. These massive quantities of digitized data are stored and archived in data warehouses.

The volume of digital data is increasing exponentially: 90% of all the data available today were created in the past 2 years [BRA 13]. In 2013, people stored more than 2,000 billion gigabytes of new digital data. It is estimated that the volume of data stored worldwide doubles every 4 years [BLO 13]. The data collected are often noisy and imprecise, and must be processed to extract useful information from them; this is done using simple inductive statistical processing algorithms to infer profiles (patterns or models of behavior). This information on information then feeds a very high-value understanding of individual behaviors. Owing to Big Data, each and every person is in a position to compare his or her own data with those of other users to situate himself or herself in relation to the rest of the population. This metadata holds the promise of customizing our medical treatments.

Consequently, the volumes of data recorded and liable to be compared and used, under the cover of anonymity of course, to extract meaning for a healthcare professional are already immense and multiplying quasi-exponentially. These data come from research institutes, epidemiological centers, pharmaceutical laboratories, imaging centers, hospital reports, insurance companies, client files, etc.

For several years now, the digital giants (Amazon, Facebook, Google, Apple) have used these data to improve the quality of the services they offer as well as to sell them back to commercial enterprises. They turn these data into private goods, which are then resold. Today, this target marketing is done solely for business purposes. In these conditions, businesses and institutions are surrounding themselves with “data scientists” able to process the noisy whirlwind of Big Data on a large scale. The objective of these digital marketing specialists is to pick information on the behaviors of the Internet users out of this enormous flood and to anticipate their desires to offer individualized content adapted to their specific needs.

The diffusion of TICs and the arrival of Big Data in healthcare-related sectors, whether pharmaceutical industries, healthcare professionals or care institutions, will, in 2025, pose “as many ethical challenges as scientific and industrial ones” [AUB 09]. The quantity of raw knowledge is continuing to increase exponentially, but the knowledge that results from its processing is progressing much more slowly. The study of this metadata in the service of healthcare gives rise to specific ethical and technical problems and reflections, such as:

  • – what scientific value can be given to this computer-processed medical data?
  • – what role will the practitioner’s judgment play in this new technological setting?
  • – will the development of personalized decision trees endanger respect for the human dimension of the doctor–patient relationship?
  • – the interoperability of data and the security of medical data hosted in different parts of the world.
  • – medical data published in scientific journals do not necessarily reflect the reality of medicine, because they relate to patients corresponding to specific study criteria;
  • – rethinking storage infrastructures;
  • – training healthcare professionals on these NTICs;
  • – the redevelopment of reading, translation and operation tools for these databases constitutes one of the major challenges for research in years to come.

We can now see that the possible side effects of the secondary usage of our personal data via predictive algorithms have as much to do with the concept of protection of private life and confidentiality as with the risk that we will end up analyzing people based not on their real behavior but on their propensity to display the behavior that the data assign to them. It is clear that this permanent connection generates a digital footprint both through the data we diffuse voluntarily via social networks and through our own conduct.

Thus, the activity that we generate by navigating permanently on the Internet constitutes a flow of information that invades our daily life and disrupts the boundaries between the public and private spheres; we are entering the universe of “permanent connection”. The advent of Big Data has destabilized our concept of private life and modified the character of risks related to surveillance. Big Data facilitates the re-identification and reuse of secondary data to such an extent that all of the strategies ensuring the protection of private life – anonymization, prior consent and opt-out – seem ineffective. Now, it is vital to reinvent the protection of private life and to cause the normative and legislative framework associated with this protection to evolve and change. The process of “notification and consent” to guarantee confidentiality seems outdated, and it is impossible to imagine Google contacting all its users to ask their permission to use their searches to predict the flu epidemic.

The “Quantified Self” and other healthcare applications on smartphones are developing exponentially as well. Usages such as this bring up the question of the exploitation of confidential data that may result.

We must not let Big Data entrap us in a social world predefined by probabilities, thus imperiling the potential of each individual. Our human capacity to build our own futures is running the danger of being altered by algorithmic technology that would analyze all of our personal data (social and academic environment, medical history, circle of relationships, etc.). One of the risks would be judging people solely on contextual data and no longer on their actions.

Finally, Big Data risks magnifying the phenomenon of categorization, classification, discrimination and their by-products within society, as the data become more and more closely associated with the person.

Now, with the emergence of Big Data fed by a multitude of technologies to measure and recover various types of information, the world of the readable is progressively being transformed into the world of the predictable, in which Auguste Comte’s maxim “Savoir pour prévoir, prévoir pour pouvoir”, which means “knowledge is power”, takes on its full meaning and importance.

Big Data has the potential to change the way in which companies exploit their data. With the increasing volume, diversity and speed of data, companies must adapt their data management practices as they recover and analyze all this information. These efforts to make the most of Big Data start with:

  • – the use of software that simplifies the integration and manipulation of this metadata;
  • – the growing need to apply data quality procedures;
  • – not applying the principles of project management and governance from the beginning.

In the field of healthcare, Big Data can be very promising, notably as part of technological approaches intended to integrate, process, analyze and put in perspective large volumes of medical data. This approach improves the process of considering data. Previously, owing to technical, conceptual and human limitations, most statistical studies were conducted on the basis of samples claiming to be representative. The interpretations drawn from this were certainly not erroneous, but they were sometimes approximative. Now, with the processing of large volumes of data, we can see a tangible improvement in terms of the precision of studies compared with analyses of data samples.

Today, we also know the principal risk factors for disease. We should know how to correlate them with behaviors. In the near future, we will be able to extrapolate data on behaviors and predispositions via social networks, smartphones, e-mails, etc., and study the probability that a person will have a particular disease at a particular time. We can see that this process is already being applied to the world of finance, in which computer devices centralize information from all of the stock exchanges in history, cross-reference it and develop targeted interpretation models to establish refined predictions for traders or insurers. In these conditions, we may imagine a scientific analysis studying, on a very large scale, the Internet behavior and habits of people with chronic illnesses such as diabetes, to target and note possible correlations between risk factors and navigation habits. This metadata would result in the large-scale non-commercial diffusion of public health messages in order to prevent the risk of chronic diseases worldwide.

In addition, the permanent geolocation of applications and supports (smartphones, tablets, computers, etc.) may make it possible to better understand the lifestyle behaviors of the Internet users and to suggest to them the downloading of applications motivating them to take physical exercise, messages informing them about the often-underestimated calorific value of foods, etc.

In this context, Big Data can be used to analyze and exploit the behaviors of thousands of people via cross-referencing of complex correlations to create a predictive algorithm to anticipate certain medical events such as a flu epidemic. This was the case in 2009, when Google Flu established, using its software and mathematical model, a combination of 45 search terms resulting in “a correlation between predictions and official numbers” [MAY 13] for the H1N1 flu epidemic.

Moreover, Twitter, with more than 500 million tweets per day, is also collecting a considerable amount of metadata that can be the subject of processing and analysis, notably for scientists. Free access to the archives of public data on the site made it possible to follow the spreading of the flu virus in January 2013.

For its part, Facebook has enabled researchers to develop a map of the Americans most prone to obesity. This type of large-scale research would be very expensive if it had to be conducted on millions of individuals. Owing to Big Data, this was possible at a much lower cost. In fact, according to the latest McKinsey report on Big Data, the United States saved more than 17% of potential healthcare costs. This saving of 450 billion dollars out of 2,600 billion dollars is the consequence of the large-scale use of Big Data NTICs for the American healthcare system; these savings involve five areas of healthcare:

  • – prevention with monitoring of healthcare users;
  • – cost control by making reimbursements and fraud detection automatic;
  • – “ventilation” of medical personnel with the making available of professionals best suited to the patient’s case (choice of a GP or a specialist);
  • – innovation for improved exploitation and diffusion of knowledge;
  • – diagnostics aiding healthcare providers to choose the most appropriate treatments.

In these conditions, it is apparent that these digital giants have acquired, because to these algorithms, an extremely in-depth and refined knowledge of the expectations and needs of their Internet users. Therefore, it seems possible to imagine the prevention of health risks using informational messages, targeted advertising, etc. Approaches such as this will make it possible to modify the behaviors of individuals with an interest in prevention. This includes better monitoring and improved knowledge of the impact of the various parameters and factors made possible by a consolidation of medical data emanating from Big Data. IBM has estimated a 20% reduction in the mortality rate of patients owing to the ongoing analysis of their data. These NTICs thus mark the shift from curative medicine to long-term, more personalized preventive medicine; this is “disease management”. Thus, behavioral prevention represents a powerful public health lever, improving care support upstream. In addition, PMFs and the codification of medical actions in the clinical research sector are making it possible to conduct precise studies of the best combinations of therapeutic treatments without the establishment of long and costly full-scale experimental protocols.

Finally, tools to aid medical decision-making in the form of computer, reference and statistical databases are available to practitioners when seeking a diagnosis. These tools are unfortunately limited in their capacities to integrate, summarize or update large amounts of medical data. Now, Big Data technologies may be able to make up for this deficit by rapidly exploiting various types of data and medical information coming from multiple sources.

On the basis of these observations, we can emphasize the fact that measuring a person’s state of health via smartphone applications may have the consequence of reducing travel and overcrowding of medical offices on the one hand and the “white shirt effect” on the other3. The question of medical desertification may also find answers in these new technologies. In the medium term, this self-measurement over a longer duration may encourage increased awareness and greater daily responsibility on the part of healthcare users, via the self-regulation of their own behaviors. Now, m-health and e-health may help patients to be more informed and knowledgeable, and more able to manage their own illness and state of health so as to be better prepared for their exchanges with their physicians. Thus, every individual is in a position to compare his or her own data with those of other users, to situate himself or herself in relation to the rest of the society. This is why associations and federations of patients with chronic diseases such as high blood pressure or diabetes have a great deal of interest in mobile-connected healthcare. New blood-sugar readers used as a part of diabetes treatments can be used not only to measure patients’ glucose levels but also to regulate insulin injections via regular checks supervised by healthcare professionals. In matters of clinical research, it is now possible to take medical tests without requiring the “guinea pig” to spend several days shut up in a healthcare establishment: measurements of blood pressure, heartbeat, body temperature, etc. can be taken remotely using mobile healthcare technology. This makes patients more comfortable and may even render the clinical study more realistic as people can continue to live without changing their habits.

In addition, the use of medical Big Data includes the promise of personalized medical treatments. Devices can be used to recover, store and study data and present it intelligibly by cross-referencing these medical data with other medical data. This enables us to detect possible anomalies and malfunctions, while improving analytical models and algorithms as time passes. Therefore, Big Data is conducive to prevention, with better patient monitoring, medical diagnosis aiding healthcare professionals to select the most-effected and best-suited treatments, and innovation with better exploitation and diffusion of information.

The study of this metadata enables us to create predictive algorithms. The large-scale processing of Big Data makes it possible, for example, to anticipate a flu epidemic. This was the case for Google Flu, which cross-referenced search words in the Google search engine in correlation with existing health predictions. In these conditions, we can follow in real-time an epidemic of gastroenteritis, ’flu or dengue fever using Google requests. The source that feeds Big Data is not always complete, totally precise or definite, but the law of large numbers delivers reliable and effective final data, particularly in epidemiology and public healthcare.

Ultimately, the dematerialization of medical data is conducive, respecting confidentiality and regulations, to sharing and thus to a better understanding of healthcare practices and optimal patient support in the long run. There is also necessarily the challenge of an economic objective, in the imperative context of limiting healthcare expenses. The challenge of prevention is also a considerable challenge. Understanding ourselves better makes it possible to know the risks to which we may be vulnerable. The medical challenge is to make the best diagnoses, optimize the care path and encourage therapeutic innovation.

However, this metadata cannot fully guarantee accurate interpretation. The protection of personal data means that users must be more responsible for their actions. Finally, perhaps we should draw inspiration from monetary exchanges between banking organizations, which use a money-sharing system called SWIFT. This “trust network” ensures the confidentiality of monetary data. We would point out that this system of exchange has inspired open-source networks for researchers, such as OpenPDS and Open mHealth.

On the basis of this, we can envision introducing similar trust networks for personal medical data, integrating an official contract specifying the possibilities and ethical rules of use of these data. The proper functioning of this secure system of exchange would require these personal data to have an ethical label specifying what can and cannot be done with them.

1.3. Medical secrecy in the face of the computerization of healthcare data

Although modern medicine has gradually distanced itself from classical medicine, questioning some of its erroneous dogma and knowledge and basing itself on rigorous and scientific objectivity grounded in knowledge, it does still claim a part of the Hippocratic legacy4. The question of accessibility of information has progressively become a highly structuring part of our society. This is a major issue within which access is likely to replace ownership as a structuring commodity [RIF 05]. Now, the asymmetry of information in the doctor–patient relationship is progressively being reduced.

Faced with a modern democratic society that puts the accent on communication and the diffusion of information at any price, we are right to ask ourselves if the concept of medical secrecy has become outmoded and obsolete. With the launch of the Vitale 2 and then the DMP cards, Geert Lovink [LOV 08] believes that anonymity has become nothing but a nostalgic idea, and that the protection of medical data is in peril.

Before returning to the core of the debate surrounding medical secrecy and the computerization of medical data, it is important as a preamble to define and characterize this concept of medical secrecy in legislative terms.

1.3.1. Regulatory characteristics of medical secrecy

Generally speaking, the right to respect for private life and privacy and, by extension, to medical secrecy in matters of healthcare must be considered one of the fundamental rights of human beings. According to Louis Portes, president of the Conseil National de l’Ordre des Médecins, “professional secrecy is, in France at least, the cornerstone of the medical edifice and it must remain that way, because there is no medicine without trust, no trust without confidence, and no confidence without secrecy”5.

Historically, medical secrecy is an ancient concept based on respect for the individual, in this case the patient. Confucius was the first to advise all honest people to avoid gossip by being discreet. But it was another century before this idea achieved recognition with its inclusion in the famous Hippocratic Oath. According to Littré’s translation6, medical secrecy was reworded as follows: “Whatever I see or hear in society during the exercise or even outside the exercise of my profession, I will keep silent about what does not need to be divulged regarding discretion as a duty in such cases”. According to the Bulletin de l’Ordre des Médecins, published in March 1998, these Hippocratic values are still topical. According to Laurent Selles [SEL 02], “the intimacy of private life is the primary and vital fundamental element of the concept of secrecy”. The term “secrecy” comes from the Latin secretum, meaning “separated” or “put aside”. According to the author, secrecy is “knowledge hidden from others that is characterized by shared knowledge on one hand, and protected knowledge on the other”. Secrecy thus begins with communication. Its primary function is to protect a feeling, value judgment or opinion. It assumes a relationship of trust [DRA 08].

This medical secrecy is neither a defense nor the right not to answer questions the doctor may ask but rather a constraint that weighs upon him. In other words, secrecy is not a prerogative given to the doctor but an obligation to be discreet and to respect the private lives of others, which is imposed by the law under penalty of legal sanctions. This means creating and maintaining a relationship of trust between the doctor and the patient who confides in him or her [SAR 04]. Situated at the crossroads between the public sphere and private life, it protects the private life of the patient while guaranteeing, by means of a rule of public policy, the trustworthiness of the medical profession. Medical secrecy is the condition necessary for the patient’s trust. It represents a symbol of the respect that the doctor owes to the patient, and through its criminal impact, it is also a symbol of society’s respect for the individual [MAL 04].

According to Jean-François Mattei [MAT 05], respect for medical secrecy falls within the jurisdiction not of ethics but of deontology; it is not a question of reflection but rather a question of application. The deontological code is by definition a system of obligations imposed categorically by the fact that they determine the very survival of the practice of medicine. Ethics appears “in the cracks of deontology” and is revealed when the deontological code and standards are no longer sufficient to clarify the medical situation.

Medical secrecy is emphasized in three articles of the French medical deontological code:

  • – Art. 4 Paragraph 1: “Professional secrecy, imposed in the interest of patients, is required of every physician in the conditions established by law;”
  • – Art. 72 Paragraph 1: “The physician must ensure that the individuals who assist him in his practice are instructed in their obligations with regard to professional secrecy and that they comply with these obligations;”
  • – Art. 73 Paragraph 1: “The doctor must protect against any indiscretion medical documents concerning individuals he has treated or examined, whatever the content or format of these documents”.

When all is said and done, a deontological breach of medical secrecy is a criminal infraction. Indeed, the principle of professional secrecy is included in Article 226-13 of the French criminal code, in the chapter entitled Harm to the personality, which is as follows: “The revealing of information secret in nature by a person who is the holder of this information by virtue of situation or profession, due to a function or temporary mission, is punishable by one year in prison and a fine of 15,000 euros”. Note that certain ideas are very similar, such as the duty of reserve and the obligation of discretion7; these should not be confused.

However, by the very nature of medical practices and of the healthcare establishment, which is considered to be a multidisciplinary structure, healthcare professionals are often obliged to share a certain amount of information and to compare it, comment on it and discuss it with their colleagues. Thus, most of the time, patient support is of a collective and interdisciplinary nature.

It is in this context that jurisprudence recognizes the concept of “shared secrecy”. This is the case in the Crochette judgment, in which the French Council of State ruled that when an individual turns to a healthcare structure, it is to all of the medical staff, barring specific instructions from the patient, that a medical secret is entrusted. This situation was ratified in the law of March 4, 20028, which stated that “When a person’s care is undertaken by a healthcare team in a healthcare establishment, the information concerning this person is considered to have been confided by the patient to the entire team”. The concept of shared secrecy itself has also been the subject of legal recognition. Now, the law, and more particularly Article L1110 fourth paragraph of the Code of Public Health, states that “two or more healthcare professionals may, however, barring opposition from the duly informed individual, exchange information pertaining to a single person being cared for, in order to ensure continuity of care or to determine the best health support possible”. In summary, the law of March 4, 2002, authorizes the sharing of information only between healthcare professionals.

No one considers medical secrecy to constitute the noble face of opaqueness any longer. What then remains of it today, even though transparency and right to security seem to be becoming imperatives more and more exclusive of any individual freedom that accompanies the right to oblivion?

The importance of medical secrecy lies in the fact that it constitutes “a fundamental value of any society desirous of ensuring the protection of the dignity of its members” [MAS 04]. It goes back to the principle of respect for the individual and for his or her private life, and must be one of the rules and the basis of medical ethics. Without medical secrecy there would be no more medicine; therefore, it is no longer a simple question of non-respect for human dignity, but one of the ends of the medicine.

It is for this reason that we assign it the qualities of general and absolute law, to guarantee its inviolability. But these characteristics also constitute an obstacle to the defense of other imperatives. In these conditions, one of the major challenges of healthcare information systems is to guarantee the trust of users, more precisely, to respect the patients’ free choice to define their own compromise between “loss of opportunity” and “level of control” for the access of healthcare professionals to personal health data that sometimes encroaches on medical secrecy. In the interest of the patient, to ensure consistent care for him or her, medical secrecy must be able to be “partially” shared, but the whole problem of sharing lies in this “partially”.

Thus, with the right to medical secrecy, a necessary conciliation must take place between the protection of individual interests and the general interest [ASI 09]. The protection of health constitutes a legitimate limitation to freedom of information (i.e., inform and be informed). But health also concerns the general interest. The French law of March 4, 2002, pertaining to patients’ rights and the quality of the healthcare system reaffirmed the principle of medical secrecy and instituted direct access to files for the patient.

It institutes, for the benefit of the patient, the right to transparency of the information held, granting “direct access for any person to all information concerning his or her health held by healthcare professionals and establishments” (Art. L. 1111-7 CSP). The patient now has a choice of the mode in which he or she will consult his or her medical file. This information can be in the form of test results, consultation reports, therapeutical protocols and prescriptions or correspondence between healthcare professionals [LAU 05]. This right to transparency from which the patient benefits is intended to remove opacity in the event of the breakdown of a therapeutic relationship and the occurrence of an injury (Art. L. 1142-4 CSP)9. If we regard the law of March 4, 2002, more philosophically, a growing unease emerges from the relational context existing between law and medicine as technology disrupts practices.

How can we manage medical “secrecy” and “transparency” in a democracy as they are by definition contradictory concepts? Secrecy is a source of silence, discretion, privacy and opacity. It risks imperiling democracy, which serves transparency, truth and clear policy. It would be dangerous if the implementation of personal medical files and the multiplication of the actors sharing the information recorded in them harmed the confidential nature of the information. The accessibility of these computer data, for both the patient and the healthcare professional, as well as healthcare data-hosting service providers and health insurance companies, risks causing real difficulties for the protection of medical secrecy. The benefit of access to his or her medical file for a patient may pose various risks for this patient:

  • – risk of communication to third parties who are not intended receivers, for example, to a spouse who may then use the information in divorce proceedings;
  • – risk of facing excessive demands from an authority (an employer, an administrator, etc.) who would require knowledge of its employee’s medical file;
  • – an even more serious risk from insurance companies evading the obstacle of medical secrecy.

For this reason, Article 29 of the French law of January 6, 1978, guarded against these risks by emphasizing the fact that “computer technology must be at the service of each citizen … it must not harm human identity, the rights of man, private life, or individual or public freedoms”.

It is also necessary for every healthcare professional to be able to grasp this computerization effectively, particularly in the context of data shared through networking, while remaining responsible for the medical secrecy of which he or she is a guardian. Medical secrecy endures, but its expression in the digital universe assumes that it will be processed in a modern manner in order to be even more effectively protected. This is the essence of section 1.3.2.

1.3.2. Protection of healthcare data

The title of this section itself gives an immediate idea of the substance of the question: is the development of computer systems in the healthcare system liable, despite the considerable progress it represents, not only to be damaging to the quality of information transmitted, but above all to its confidentiality?10

In 2010, cyber attacks on e-commerce increased by 10 times [LEI 11]. In these conditions, the securitization of an IS requires a study of the risks to which it is exposed and of the available technical or organizational solutions that would guarantee its confidentiality, auditability, integrity and availability.

On the whole, we can group the risks incurred by an IS into three major categories depending on their origin:

  • Accidents may correspond to partial or total destruction or to the malfunction of devices, software or the IT equipment in which the information system is located.
  • Errors may occur during the capture of data, its diffusion by the information system or the manipulation of its exploitation functions, or it may be the result of its incorrect use.
  • Malicious acts are always associated with human nature. They include the theft or sabotage of computer devices or the misappropriation or deterioration of intangible assets.

Major risks also include transmission of information via the Internet with divulgence of nominative data or data linked to the use of a single identifier, specifically a social security number, which can lead to wholly reprehensible discriminatory practices, notably on the part of mutual health insurance plans, which are then able to select their own clients according to their medical histories. Other risk factors that have not yet been imagined may also appear as time passes and the system gains scope.

The problem of data security is all the more significant because companies regularly approach practitioners to “computerize” them for free in exchange for the office’s health data. Thus, practitioners anxious to improve their information technology (IT) violate medical secrecy without being aware of it.

According to Professor Bernard Rüedi [RÜE 03] in his article entitled Le secret médical est-il en danger? (Is medical secrecy in danger?), “the threat of confidentiality or medical secrecy is becoming greater with computerization and the evolution of medical practices”. Thus, computer technology facilitates much greater rapidity and ease of access and transfer of data. Partners concerned in these data are numerous, which causes an increased dispersal of information, part or all of which will be and remain in the custody of various depositaries. The response to this questioning is not self-evident, as some people – perhaps even many – believe, conversely, that IT is a means of bringing additional security to sensitive areas. With the rule of medical secrecy having been reaffirmed, a number of protective elements11 have been put in place, thus erecting a considerable number of security barriers, but a minimum of realism makes it necessary to remain cautious as potential risks of the violation of medical secrecy, which are intrinsically connected to the very structure of computer systems, still exist.

In the case of hospital computer systems, the risks and undesirable effects that have occurred have had mainly to do with the excessive number of responsible parties of all types and with their lack of competence in the domain of computer technology. The CNIL seems to believe that increased knowledge in this area will make file management more responsible and thus minimize the dangers. For this reason, it has developed specific measures intended to ensure the confidentiality of medical data. These measures may be implemented on various levels and they are of various types: separation of data pertaining to individual identity and strictly medical information, “thinning out” of data and the use of encryption systems. In this context, recourse to “anonymization” techniques at the source is able to fulfill these confidentiality requirements [VUL 10]. These techniques, based on so-called “hash algorithms”, are used to encode the first and last names and birth dates of patients, that is, to formulate a meaningless and non-identifying number based on these three items of data. This means that information about a single individual can be matched without this individual’s identity being known.

Moreover, the fears generated by the computerization of medical practice on data protection are healthy, because they remind us of the fundamental rules of confidentiality that physicians are obligated to follow and encourage us to compare them with the involuntary negligence that often results from ignorance, carelessness or opportunity. Independent of any computerization, this observation should motivate us to search for better medical dataprocessing procedures than the procedures applied today. In this way, we could put the following basic ethical principles of medical data protection at the forefront:

  • – Data that are personal in nature must be treated honestly and lawfully.
  • – Data that are personal in nature must be used for determined and legitimate purposes and not to be processed subsequently in a way incompatible with these purposes [RUO 03].
  • – Technical and organizational measures should be taken to prevent any unauthorized or illicit processing of personal data and against the accidental loss, error, abuse, destruction or misappropriation of these data.
  • – Responsible processing of personal data must be proven.
  • – Consent necessary for data processing must be given freely [RUO 04a].
  • – Personal data must not be transferred to the whole country because this does not guarantee a degree of protection sufficient for the whole territory.
  • – Security and the protection of confidentiality must be planned [RUO 10].
  • – Personal data must be sufficient, relevant and non-excessive in relation to the end purpose for which they are processed.
  • – Personal data processed for end purposes must not be preserved for longer than necessary for these end purposes [RUO 04b].
  • – Medical information issued by a prescribing physician must be transmitted neutrally without the interference of any private industry (medications, prostheses, home-care workers) with its content.

We may count four principles applicable in the domain of confidentiality and private life concerning medical information [NEA 08]. On the one hand, the patient must be able to control who can see his or her file. If the patient is unable to participate in this action, a plan must be put in place so that the patient can have the necessary control. In addition, the principle of minimum divulgence must be applied to all of the data supplied by analysis. Next, personal data can be used only after authorization from the patient. However, this information should also be available without prior consent of the patient in the event that they involve a significant risk to a third party or to the public at large. Finally, the consent and authorization mechanism should be easy for patients and healthcare professionals to manage.

On the basis of this, it is our responsibility to foresee future and possible dangers, remembering that the gravest dangers are the dangers we underestimate, because they become reality one day without us being aware of it; to increase awareness on the part of the healthcare professionals who minimize them; to not allow the constitution of databases whose possible subsequent usages have not been researched and analyzed; and to rapidly require effective measures for current data processing to prevent their deviant use in the future.

Consequently, computerized management of healthcare data calls for increased vigilance and can only be imagined in accordance with certain conditions. Patients will have to be clearly informed of the details of the collection, updating, use and conservation of their medical data, as well as of the conditions in which they can access their data. All healthcare professionals managing medical files on the Internet must have the necessary equipment and must have received appropriate training on it. They must also be previously informed of the conditions of use of these files so that the integrity, security and confidentiality of the data will be fully guaranteed. The healthcare data-hosting service provider must have specific security conditions and must strongly encrypt healthcare data that are circulated on the Internet. The decryption of data must be carried out only by healthcare professionals with specific rights of access to these data.

This leads us to ask ourselves questions about the protection of healthcare data and medical secrecy. Has the concept of medical secrecy become obsolete and outmoded, a relic from another age and anachronistic in a modern democratic society, which gives top propriety to the circulation of information, any information, at any price? Under the cover of the argument for protecting the private life of the patient, is it possible that secrecy has become the armed wing of a redoubtable medical paternalism that might return in a new form? From another perspective entirely, is it not possible that this mad drive toward transparency, rejecting the slightest confidentiality, might in the long term involuntarily turn against the interests of the patients, creating a cold, dehumanized society in which there is no longer any place for the warmth and subtlety of human relationships?

It is always a very delicate matter for a society to place itself in a medial position. Perhaps ethical reflection will contribute to this, helping to preserve a place for confidentiality, especially for confidence and for trust, which remain fundamental to every human relationship.

1.4. Cultural evolution of mentalities surrounding legitimacy of information

Historically, our society developed a culture of assisting others. But under the influence of northern Europe, for several years we have witnessed a true shift of this culture toward another culture more oriented toward individual liberty, giving rise to new rights. Information plays a significant role in these new prerogatives and has even become a requirement. This lawfulness of informing the individual leads us to ask ourselves some questions on the subject. The problem is not the problem of informing but rather the problem of knowing how to inform and who to inform. In fact, it is not really the legitimacy of information that is being called into question here but rather the rightfulness of addressing this information to all ill citizens.

For several years, medical information has had more and more to do with the loved ones of the ill person. This goes back to the core of the proximological approach12, which claims the preeminence of relationships in the care process. This brings to light the preponderant role and impact of the presence and accompaniment of a close person on the quality of care. In most cases, the doctor–patient relationship is part of a representative familial and friendly surrounding group on which the care-providing team can rely. Dominique Maraninchi [MAR 05] characterizes the people close to the patient as “natural helpers” who participate indirectly in the therapeutic process.

On the one hand, this triangular situation can cause ethical problems when demands made by the patient’s entourage differ from those made by the patient himself. In these conditions, it is preferable to apply the ethical principle of respect for the patient’s autonomy, as it would be inconceivable for the principal person concerned to be kept out of any discussions regarding healthcare decisions and thus his or her therapeutic and human future. Thus, this principle must induce the patient’s right to be informed about the nature of his or her illness.

On the other hand, it may occur that well-informed loved ones request the stoppage of the patient’s therapeutic treatment, seeing that the cancer is not diminishing and that the patient’s health is declining further and further. It has been noted that the first request for euthanasia or discontinuation of treatment is often made by the patient’s loved ones, who protest that there is a certain pointless therapeutic determination on the part of the doctor. Even under this pressure from the family, practitioners must devote all their energy and medical knowledge to caring for their patients.

This is why communicating does not consist solely of delivering precise information but also of evaluating all the interactions engaged in by the patient and the systems that accompany him or her (family, social environment, carers). In this specific context, the significance of medical information can be considered to be

  • – a subject for sharing;
  • – an intersection between relationships and care processes for patients;
  • – a fundamental right of individuals being cared for or caring for or accompanying a patient;
  • – a challenge to have an active and responsible attitude for more effective care.

The issue of access to medical information no longer concerns the patient alone but also the people around him or her: family, close friends and colleagues. From the moment an illness is diagnosed and throughout its treatment, a complex interrelationship is established around the patient between his or her family, the treating physician, specialist physicians and caretaking staff. The end purpose of proximology thus consists of believing that a better understanding of the exceptional relationship between the patient and the people surrounding him or her must be used to facilitate the task of the entourage to achieve greater quality in the treatment plan.

Our society is now facing several types of legal, reparational and medical problems pertaining to new requirements in terms of information. In fact, informing to inform would be a response to a legal problem, informing to indicate the responsibility for medical errors would be a response to a reparational problem and informing to help a sick person recover more effectively would be a response to a medical problem [PAL 03].

1.5. Processing of personal data in law

For many researchers, as soon as you leave pure science you enter the domain of politics or law. The ethical approach is thus confused with political choices or legal decisions. Of course, this sort of detailed ethical reflection influences political decisions, and all of this interacts to a great extent as it evolves through time. Ethics is closely related to sociology, legal matters, economics and politics, but is distinct from them and must have a personal space for reflection. According to Jean-Michel Cornu [COR 08], in his book ProspecTIC, nouvelles technologies, nouvelles pensées?, “ethics is often confused with legal study. However, where ethics call on what Emmanuel Kant called goodwill, legality intervenes in cases where this is not enough or is not present, and puts labels on the actions of men in society”.

The author is careful to distinguish between:

  • – the ethical approach, which implies voluntary choice by the individual and value judgments (possibly with rules that put self-regulation above all) and
  • – regulation imposed by the power of a sovereign government that supervises behavior under threat of sanctions.

The objective of the latter is to ensure values, but it is based on outside arbitration that can be based only on judgments of facts.

Although they are very different in nature, these two approaches interact with one another and are complementary; ethics requires a deliberate personal choice and the law is limited by the ability to judge values from the outside. According to Emmanuel Kant, in Les fondements de la métaphysique des mœurs (1785), “law has to do only with concrete relationships between individuals, with their exterior duties, while ethics also concerns the deep beliefs of individuals, their interior actions” [KAN 93]. Thus, ethics is the representation of a personal belief or the belief of a group of individuals whereas law is based on a legislative and legal mechanism designating a place of compromise between the various economic, political and ideological pressures of society. However, individual ethics cannot skip over collective law, as it is drawn from principles that apply to everyone. The political life that determines the law can be inspired by our ethical attitudes, but it is ethics on which law and politics are based and never the reverse. A person may be law-abiding regarding the legislation, while being in the wrong from an ethical point of view. When applied to intentions, this situation acquires a specific dimension with the emergence of NTICs and the virtual world we live in, where the line between action and intention has become blurry. It seems that law must now rely on ethics to judge what happens in the virtual world, where it is necessary to take into account the fact that what is expressed there often consists of intentions.

Moreover, when we look at reality and the development of practices, a reverse trend emerges. Connected objects (Quantified self [GAD 12]), game consoles and smartphones offer usages that can be voracious consumers of sensitive data, and the use of this technology in the field of healthcare has given rise in particular to the problem of protecting patients’ medical data. This is also the case with medical information websites, social networks, mobile applications, etc. Telehealth applications increase in number each day, and we cannot help but note the rapid emergence of one of the most dynamic sectors in the healthcare industry; these are more and more new uses that cannot be controlled by traditional regulations.

Thus, it is a question of knowing how these new practices to existing regulations should be adapted. The question of regulation is also being asked at the European level; it appears that with the development of the market and new ways of adding value to personal data, public authorities are no longer able to frame and implement an effective system of regulation that works with the new uses. This causes new issues and “brings up new challenges for data protection authorities” [LES 13]. It seems appropriate to hope for an evolution in the law, as well as the development of ethical reflection on the adaptation of present designs to the development of constantly evolving uses.

Finally, it seems that, depending on the culture, the mentalities and morals of a country or a continent and regulations relative to personal medical data are not the same. We believe it is of interest to establish an overview of the legal aspect surrounding the processing of these data, to focus on the differences and common points. To do this, we will now give descriptions of the European, North American and Asian legal frameworks.

1.5.1. European regulations concerning the processing of medical data

The early 21st Century should see a change of paradigm in matters of healthcare data protection, a major theme in medical law, if we take the word of Petra Wilson, jurist, ex-European Commission, director of Internet solutions for professionals in the healthcare domain at Cisco. As we have previously seen, patients used to be considered passive actors in their own healthcare and wanted their doctors to be the holder and protector of information concerning their health. With time, and due in part to technological advancements, mentalities have evolved, and now patients want this information to be able to be shared by various participants when needed. It is no longer solely a relationship between a healthcare provider and a patient, but that between a team and a person who is informed and, in theory, made responsible. But exchanges necessarily mean the securitization and regulation of data.

In truth, apart from healthcare professionals, healthcare users do not want their data be made available to everyone, especially their insurers or bankers. It is not so much the sharing of information that is problematic at a time when digital technology has simplified information transfer, but rather it is an issue of knowing to whom and above all to what the patient actually wishes to give access. The theme of this regulatory challenge concerning medical data was the central subject of the 16th Global Congress on Medical Law held in Toulouse in 2006.

For Roberto Lattanzi, a member of Italy’s Data Protection Authority, habeas corpus, the literal right to have one’s body has been transposed into medical law following the principle of informed consent. The evolution of recording the healthcare data into digital form means that a habeas data now exist as well. In addition to his or her physical dimension, the patient has now taken on a virtual dimension. A transition has occurred between simple medical secrecy and the protection of medical data, which is an entity much more vast, covering everything from the collection to the exploitation of virtual information not only by healthcare professionals but also by the organizations responsible for conveying, storing or exploiting these data. If the exchange of “sensitive” data within networks has existed for several decades, even before the appearance of the Internet, the fact that this information concerns healthcare has humanized these transfers.

The global aspect of these exchanges worries the patient, while it opens up possibilities for researchers that were unimaginable even 15 years ago. This revolution has caused the legal framework proper to these exchanges to evolve by requiring legislators to regulate new disciplines such as telemedicine, for example. It seems necessary, therefore, to seize this opportunity to sketch out – without claiming exhaustiveness – a comparative study of the European, American and Asian systems of personal data protection, covering the activities of justice systems and internal affairs.

1.5.1.1. Directive 95/46 CE of the European Parliament and Council

In terms of European legislation, Directive 95/46/CE13 relative to the protection of natural persons with regard to data of a personal nature and to the free circulation of these data pursues a double objective in its plan to harmonize legislation among the member states of the European Community; it is aimed at allowing the free circulation of personal data, which is confirmed as necessary to the creation and functioning of the common market while also guaranteeing respect for the fundamental freedoms and rights of (natural) persons. According to Christian Hervé et al. [HER 07], the directive prohibits the processing of sensitive data14 for the reason that data susceptible by its nature to harm fundamental freedoms or private life should not be the subject of processing15.

According to these authors, seven situations make it permissible to lift the interdiction on using medical data:

  • – obtaining of the express consent of the person concerned to this effect16;
  • – processing is necessary to respect the specific obligations and rights of the processing officer in matters of labor law, provided that he or she is authorized by federal legislation including adequate security17;
  • – processing is essential to the defense of the vital interests of the person concerned or of another person in the event that the individual concerned is physically or legally unable to give consent18;
  • – processing is carried out as part of legitimate activity and with appropriate security by a foundation, association or any other non-profit structure for political, philosophical, religious or union-related ends, subject to the condition that this processing relates only to members of this organization or people with regular contacts with it related to this end purpose and that the data are not given to a third party with the consent of the persons involved19;
  • – processing involves data deliberately made public by the person concerned or necessary for the reporting, exercise or defense of a legal right20;
  • – when the processing of data is necessary for the purposes of preventive medicine, medical diagnoses, the administration of care or treatments or the management of healthcare services21;
  • – data can be processed on the condition that the reason for this processing is an important public interest, which supposes the effective demonstration of the existence of this reason in each case by the member state22.

In addition, on December 7, 2011, the European Commission unveiled a new plan of action anticipating the development of the e-health problem over the period 2012–2020. The objective of this plan is “to face up to the constraints limiting a mass use of digital solutions in European healthcare systems”.

The plan of action sets a series of objectives requiring a clarification of the legal framework. Today, one observation is manifest: “the healthcare situation is in a situation comparable to that of banks or industrial groups for which IT is an essential service” [BIC 10]. The field of healthcare is a massive producer of information [VEN 13] and new technologies can provide decisive aid to physicians.

However, although it is undeniable that telehealth offers the very strong likelihood of drastically improving public health, the digitization of medicine involves certain risks that must be taken into consideration.

The defining feature of TICs applied to the healthcare sector lies in the existing normative framework. In this field, we can see the coexistence of one set of regulations pertaining to IT and communications and another set pertaining to healthcare, existing mainly within the code of public health. What emerges from the observation of this “legislative and regulatory stacking” [BIC 10] is the necessity of respecting a certain number of principles: confidentiality, respect for private life, security, etc. Today, these principles are being sorely tested by practice (outsourcing, the cloud, connected objects, etc.).

Although it is necessary to regulate the use of healthcare data with the aim of preserving a number of principles, particularly a minimum of confidentiality, it is also necessary to think about the development of information systems and the sharing of healthcare data in harmony with the evolution of these usages. In this sense, it seems crucial – because the ethical and societal challenge is a major change – to find a balance between the rights of the individuals concerned (be they patients or not) and the needs of healthcare professionals (treatment or research).

In addition, the question of the definition of personal data is vital to put the legal framework in place. This definition makes it possible to determine the material field of application of the protection offered by regulation. Consequently, for Directive 95/46 CE, data of a personal nature represent:

any information concerning an identified or identifiable natural person (person concerned); a person is considered to be identifiable who can be identified, directly or indirectly, particularly by referring to an identification number or to one or more specific components proper to his or her physical, physiological, psychic, economic, cultural, or social identity.

The provision for regulation of January 25, 2012, includes a major modification of the 1995 directive; the term “personal data” is no longer defined per se 23 but by reference. In fact, the proposal for regulation (Article 4) provides for the definition of personal data as “any information of which the end purpose is to identify the person concerned”. It also specifies that the term “person concerned” translates to:

an identified natural person or a natural person who can be identified, directly or indirectly, by means reasonably likely to be used by the person responsible for treatment or by any other natural person or legal entity, notably by referring to an identification number, location data, an online identifier, or one or more specific elements proper to his or her physical, physiological, genetic, psychic, economic, cultural, or social identity.

For Professor Rochfeld [ROC 13], “the proposition of regulation may seem, by linking the definition of data and that of the person, to have made an ideological choice in favor of a personalist conception of data and to have diverted the path of its total reification”.

Finally, the ownership of data is a central subject in the debate around the balance between protection and freedom of processing of data. The question on the appropriation of personal data is directly related to the commercialization that results from it. Thus, patrimonialization, that is, the likelihood of “assigning a monetary value to this data” [COR 10], is becoming a phenomenon of the highest importance. The personal data market has become a market in its own right. The circulation of these data, and their subsequent commercialization, require some legal clarifications. Personal data are linked to a fundamental right. Any commercial exploitation of data represents a potential violation of a fundamental right and must be justified by legitimate interest, consent, the execution of a contract, etc.

Directive 95/46 CE of the European Parliament and Council of October 24, 1995, evokes the “free circulation of this data”, a point that leads us conclude that, in the context of commodification, data must circulate as freely as merchandise, assets, capital, etc. These data are also likely to come from the private sphere of the individual, and therefore it is necessary to reconcile the circulation of these data and the protection of private life. The phenomenon of commodification is disturbing this balance between protection and freedom of data processing. Thus, it appears to be of primordial importance to reflect on the fundamental tenets of a new harmonization between the protection of private life and the freedom of circulation of these data.

1.5.1.2. European and EU instruments protecting private life

Europe has several legal texts and community tools designed to protect the private life of its citizens. In fact, respect for private life has been guaranteed since the 1950 adoption by the Council of Europe of the Convention de sauvegarde des droits de l’homme et des libertés fondamentales or Convention for the Protection of Human Rights and Fundamental Freedoms (CEDH): “every individual has the right to respect for his private and family life, his residence, and his correspondence” (Article 8). In substance, the concept of “the right to private life” included in the CEDH can be described as a right preventing public authorities from taking measures constituting an intrusion into private life unless certain conditions are present. Emphasis is placed on protection against intrusion by public authorities and not by private organizations.

Moreover, Article 17 of the December 16, 1966 United Nations International Covenant on Civil and Political Rights specifies that “No one shall be the subject of arbitrary or illegal intrusions into his or her private life, family, residence, or correspondence, or to illegal attacks upon his or her honor and reputation. Every individual has the right to the protection of the law against such intrusions or attacks”.

We may also cite the European Charter of Fundamental Rights24, which indicates that:

Every individual has the right to respect for his private and familial life, for his residence and his communications. (Art. 7)

Every individual has the right to the protection of data of a personal nature concerning him or her. This data must be treated honestly for predetermined purposes and on the basis of the consent of the person concerned or on the basis of another fundamental reason provided for by the law. Every individual has the right to access the data collected concerning him or her and to correct it. (Art. 8)

Note that this charter also includes the express right to protection of data of a personal nature. Respect for private life and the protection of personal data are closely linked but are treated as separate and distinct fundamental rights in Articles 7 and 8 of the EU Charter of Fundamental Rights, adopted in 2000 and proclaimed again in 2007.

Although, effectively, the concept of protection of “data of a personal nature” is linked to that of the protection of data concerning private life, the protection of personal data provides more extensive protection than the protection of private life.

The right to protection of data of a personal nature is established in Article 8 of the Charter and in Article 16 of the Treaty on the Functioning of the European Union, as well as in Article 8 of the CEDH. In fact, the history of data protection begins with Article 8 of the European Convention on the Rights of Man. This provision defines private life as the “right to be left alone”, related to the right of private life for individuals. The right not to be subject to the revelation of information related to the “private sphere”, whether it is physical (as in the familial residence) or the expression of a relationship to another person (as in secrecy of correspondence), can be defined as the “right to be left alone” [WAR 90].

Thus, as we have just seen, European regulations around personal medical data are currently a major theme of medical law and law concerning new technologies. The importance of the subject lies in the increasing exploitation of information and communication technologies in the healthcare sector and the new risks this causes for the rights and freedoms of citizens.

This is why this regulation of medical data represents a major issue to be resolved on the subject in years to come, to ensure the protection of citizens with regard to the processing of medical data. This regulation involves in-depth reflection on the legitimacy of use of these data, as well as on an analysis of legal texts addressing this subject in a precise manner.

1.5.2. American legal framework surrounding personal healthcare data

Under the influence of North American debates, the recognition of a right of ownership of personal data has been advanced [DÉT 09]25. The attribution of a right of ownership to personal data would be seen in Europe as a regression of the current protection founded on individual rights, whereas in the United States its objective is to strengthen the protection of personal data collected and processed by private individuals, which is currently ensured by self-regulation and criminal responsibility and lacks general federal regulations.

Some North American regulations suggest giving individuals the right of ownership over their personal data. This type of right would enable people to better control the obtaining and use of their data, in particular their resale to third parties by the processing agent, by giving them ways to act concretely on a market that has so far developed without taking their interests into account. To this end, Professors James Rule and Lawrence Hunter [RUL 99] proposed the creation of a new right of ownership over personal data. According to these American authors, the right of ownership and the logic of the market would make it possible to better apportion both data, conceived as a good endowed with its own economic value, and private life, perceived as a rare resource that is worthy of protection. This is a deft manifestation of the prevailing American adage that “privacy is your business”. In these conditions, aside from certain data collected by banks or hospitals, which benefit from greater protection, businesses are free to exploit data as long as they do not commit “dishonest practices”.

The principal document in American legislation covering the processing of data by governmental agencies was adopted in 1974. The Privacy Act (law on the protection of private life) is the main legal framework protecting personal data held by the public sector in the United States. It protects files held by American governmental agencies and requires them to apply fair information practices. It is composed of five legal principles:

  • – Principle of transparency (e)(4): “Any agency maintaining a system of files must […] publish in the federal register, at the time of setup or revision, a notice of existence and the nature of the file system…;”
  • – Principles of access and correction (d) on “access to files;”
  • – Data security, which is addressed in the section on “agency requirements” (e)(5)(10);
  • – Principle of end purpose limitation (e)(1), stipulating that each agency must “keep in its files only information concerning an individual that is relevant and necessary to accomplish an end goal of the agency, which must be executed by law or a presidential decree”.

Thus, it is in the United States that the right to privacy was born. This right, which is a result of the development of the press and its indiscretions regarding the private life of individuals, was only given this name following an article written by Samuel Warren and Louis Brandeis, attorneys in Boston in the late 19th Century. These authors notably developed the concept of privacy against threats of snapshot photography in major newspapers. Brandeis, who was a justice of the US Supreme Court, vigorously defended the trend of common law to extend the protection of individuals and goods (logically implying recognition) to the particulars of a new right, the right to privacy. It should be clarified that these authors did not invent the expression “right to privacy”, which was not new, but they did conceptualize a theoretical mechanism to legitimize this right and help it to take root in substantive law. All that Warren and Brandeis ever claimed to invent was a legal theory that illuminated a “right to private life”, a common denominator that was already present in a wide variety of concepts and legal precedents in numerous areas of common law. According to Professor Glancy, this is why their article reads as if the authors had literally pillaged all the traditional domains of common law they could find, such as contracts, goods, deeds of trust, author’s rights, protection of commercial secrecy and infractions, to uncover the existing legal principle underlying all of these various parts of common law. This fundamental legal principle was the right to private life, and their new legal theory shaped and gave form to this principle [GLA 79].

In the United States, the right to privacy protects both secrecy and freedom in an extended sphere of individual life. This right is inspired by the idea that this sphere belongs to every person, or, more precisely, since it does not involve ownership, that each person must be sovereign in this sphere in relation to others, who must respect its secrecy and freedom, and sovereign in relation to the government and all public authorities, the laws of governments or federal laws themselves.

Moreover, after the Privacy Act of 1974, federal legislators developed a series of laws framing the protection of personal data in the private sector, including

  • – HIPAA (Health Insurance Portability and Accountability Act) on the protection of healthcare data;
  • – GLBA (Gramm–Leach–Bliley Act) on the protection of financial data;
  • – COPPA (Children’s Online Privacy Protection Act) on the protection of data concerning children;
  • – FCRA (Fair Credit Reporting Act) on the regulation of solvency profiles of individuals;
  • – ECPA (Electronic Communications Privacy Act) on the protection of telecommunications data;
  • – VPPA (Video Privacy Protection Act) on the protection of data regarding video rentals;
  • – Cable TV Privacy Act on the protection of data on the choices of individuals regarding television programs;
  • – Can-SPAM Act on the prohibition of advertising messages.

It is also important to note that federal constitutionalism coexists with state constitutionalism and that it is completed by the latter. Constitutional law on the respect for private life is directly guaranteed in the constitutions of certain states. Of these, Californian constitutional law on the respect for private life is also applicable to private parties.

Article 1 (sec. 1) of the constitution of the State of California stipulates that “Every individual is free and independent and possesses inalienable rights. These include the possession and defense of life and liberty, the acquisition, possession, and protection of goods, and the pursuit and acquisition of safety, happiness, and respect for private life”. An Office of Privacy Information has also been established in California, and a new data security law is in the process of being developed, which would amend the law on notice of violation to require those who are subject to it, government agencies and individuals or companies operating in California, when they inform individuals of a violation of their personal data, as defined, to inform the Office of Privacy Protection as well. This would only be applicable in the case of notifications made via the “substitution” method, which uses means of mass communication rather than individual notifications [BEL 09].

Note that the absence of comptrolling authorities responsible for the protection of independent data in the United States undoubtedly constitutes, from a European point of view, a weakness in the system, especially in this period of rapid technological advancement.

Finally, the protection of private life was recognized in the 1969 American Convention on the Rights of Man. According to Article 11, “No one can be the subject of arbitrary or abusive intrusions into his or her private life or the private lives of his or her family, in his or her residence or correspondence, or of illegal attacks on his or her honor and reputation (…)”.

1.5.3. Laws pertaining to personal data in Asia

After analyzing the various legislations pertaining to personal data in Asia, we have concentrated our study mainly on five large Asian countries or cities, specifically Japan and China, with a focus on Hong Kong.

1.5.3.1. In Japan

Because Japan is a member of the Organisation for Economic Co-operation and Development, its legislation on private life is influenced by the regulations of this institution. The country ratified an international convention on civil and political rights (PIDCP) in 1979 and also Article 17 relative to private life, which is an integral part of Japanese law.

Article 13 of the Constitution of Japan (1946) specifies that “All people must be respected as individuals. The right to life, liberty, and the pursuit of happiness is, provided that it does not interfere with the public well-being, the supreme consideration in legislation and in other governmental affairs”. This article indicates that the freedom of citizens in private life must be protected against the exercise of public authority, … each individual has the right to protect his personal information so that it is not divulged to a third party or rendered public without good reason26.

In addition, on April 22, 1999, the Japanese Ministry of Health and Social Affairs proposed the electronic preservation of all clinical files. Deliberations on legislation and the divulgence of personal data took place at that time.

Japan currently has a sophisticated and unique system for the protection of data, notably in the private sector; this system is applicable to the domains of telecommunications, financial services, transportation and medicine. This law covers the protection of personal information (PPI) that can be used to identify an individual (name, date of birth or any other description of the individual).

Finally, the law on the PPI27 governs the collection and use of personal data in Japan. All forms of data processing are covered, but the PPI law is applicable only to situations involving the personal information of 5,000 or more people.

1.5.3.2. In China

China does not have a complete legal framework for data protection. Chinese regulations are based on a multitude of general and specific laws applicable to various sectors of industry. The right to private life is generally recognized and protected by the Constitution and the general principles of civil law in China.

The seventh amendment to the criminal law of 2009 mentions a criminal infraction for employees of governmental institutions or private organizations in the domains of finance, telecommunications, transportation, education or medicine, in the event that they sell or provide illegally to third parties the personal data of any citizen that have been obtained in the exercise of their duties or services.

Moreover, the permanent committee of the National People’s Congress has published an initial series of laws at the national level specifically regulating the confidentiality of online data and handing down a decision on the reinforcement of the Information Protection Network, which became effective on December 28, 2012.

Finally, since February 1, 2013, the General Administration of Supervision of Quality and Inspection has imposed specific requirements for each stage of the collection, processing, transmission and deletion of personal data. These directives specifically prohibit the outsourcing of personal data barring the express consent or approval of the personal involved, the appropriate competent authorities or the law. Note that the divulgence and transfer of information may potentially fall under the auspices of the law on the protection of state secrets.

Hong Kong, officially the Special Administrative Region of Hong Kong of the People’s Republic of China (PRC), is the largest and most populated of the two Special Administrative Regions of the PRC. It has a complete legislative system that is in overall compliance with the directives on data protection of the European Union and regulates the manner in which a data user must collect, conserve and use personal data.

The Personal Data (Privacy) Ordinance imposes the notification of and consent to a growing number of requirements for data users seeking to sell, use or supply personal information for direct marketing. Penalties are specified if users do not comply with these requirements. This ordinance thus protects information relating directly or indirectly to a living person, which makes it possible to identify that living person.

The Commissioner for private life is also authorized to provide legal assistance to wronged persons who may appeal in this direction to request compensation.