The implementation of a national strategy for artificial intelligence in the health sector requires the collection of data, their organization and the regulation of their access and use. Article L1462-1 of the French Public Health Code, based on Act No. 2019-774 of 24 July 2019 on the organisation and transformation of the health system , thus creates a public interest group called “Health Data Hub“.
This Hub replaces the National Institute of Health Data (“Institut national des données de santé” or INDS) and expands its missions, with the objective of ensuring wide sharing of health data.
1 – The creation of a health data hub: the prior expansion of the SNDS
The creation of the Health Data Hub aims to centralize data from multiple sources and provide access to it both to public and private health professionals as well as economic players in the health sector.
This is one of the most important aspects of the draft law: hub’s purpose is to facilitate access to all health data, which will make it possible to develop scientific research to promote better patient care and the development of artificial intelligence in the health field.
The purpose of the Health Data Hub is to create a “one-stop shop” for data from a variety of sources: the National Health Data System (“Système national des données de santé” or SNDS), hospital patient records, community medicine and patients themselves.
In order to promote the use and increase the potential for the exploitation of health data, both in terms of clinical research and new uses, particularly those related to the development of artificial intelligence methods, it was decided to extend the scope of the data included in the SNDS.
As a reminder, the SNDS already includes all the major medical files (SNIIRAM, PMSI, BCMD, the medico-social data of the departmental homes of disabled people and the representative sample of reimbursement data by beneficiaries transmitted by mutual insurance companies); Article L1462-1 of the French Public Health Code now includes all clinical data collected by health professionals as part of their activities and related to the reimbursed medical acts or services.
In this respect, the CNIL, which was asked for an opinion, considered that:
“Beyond a simple extension, this evolution changes the very dimension of the SNDS, which would aim to contain all the medical data giving rise to reimbursement collected by health professionals in France. While the extension provided for in the draft law can be justified by the purposes of supporting research and innovation in the field of health […] the Commission already draws attention to the major problem of compliance, in practice, with the principles of purpose limitation and data minimisation by these new processings, which are taking place in a context of data accumulation to feed artificial intelligence algorithms.“
In short, the creation of the Health Data Hub, which requires an expansion of both the SNDS and the broader sharing of health data, must necessarily include guarantees to ensure their protection.
2 – The evolution of the health system through data production and sharing: what measures to ensure their protection?
Algorithms and artificial intelligence need a lot of data to learn, function and improve. However, the use of health data to develop scientific and medical knowledge must not restrict the protection of such data, especially since they are considered “sensitive“.
The implementation and operation of the Health Data Hub must, through technical and organisational measures, comply with (i) the obligations relating to the hosting of health data (ii) the SNDS security reference framework (iii) the French Code of Public Health (iv) and more particularly the regulations on the protection of personal data.
In a short way, following the CNIL’s opinion, the lawmaker has provided the following protective measures:
In this respect, the CNIL “considers it essential that the decree […] specify the global and technical architecture [of this hub], the framing of which will be carried out in collaboration with the Agence nationale de la sécurité des systèmes d’information (ANSSI)” and “alerts on the inherent risks in the possible concentration of sensitive data on the technological platform, which will require the implementation of appropriate security measures adapted to the risks“.
The CNIL thus recommended that: “Health Data Hub should be entrusted with an additional mission of informing patients and promoting and facilitating their rights, in particular regarding opposition rights or, where applicable, portability”. This recommendation is made under article L1462-1-2° of the French Public Health Code.
The “trusted third party” responsible for re-identifying the data subjects in the SNDS has been removed: the anonymisation of the data is complete. On the other hand, the Villani report noted that “the possibilities for processing SNDS medical and administrative data are limited by the obligation of non-identification. However, the training capacities of automated technical systems depend strongly on the quality of the data and the ability to follow the patient in its care and treatment“.
Regarding the other data accessible on the Hub (i.e. coming from other channels than the SNDS), it is not certain that they will all be anonymized, particularly given the artificial intelligence algorithms that may require, to be effective, directly or indirectly identifying data.
At the end of January, a call for projects was launched to identify those who could benefit from “end-to-end support” for their development and contribute to the creation of the Hub’s catalogue of data and tools. During the month of April, ten projects were selected that will allow the gradual implementation of the Hub “based on the health ecosystem“.
The first step is to launch a ” minimum viable product ” of the platform with the first user-tests from these ten projects. According to the government’s roadmap, the launch of the first version of the platform with the Hub’s services being made available to the public is scheduled for the end of 2019.
By Deborah Brimberg
 Law on the organization and transformation of the health system available here: https://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT000038821260&categorieLien=id
 CNIL, Deliberation No. 2019-008 of 31 January 2019 on an opinion on a draft law on the organisation and transformation of the health system (request for opinion No. 19001144)
 “About artificial intelligence and health data“, Report No. 401 (2018-2019) by Mr. Gérard LONGUET and Mr. Cédric VILLANI on behalf of the parliamentary office for the evaluation of scientific and technological choices, presented on 21 March 2019
 Article L1461-7 of the French Public Health Code
 CNIL, Deliberation abovementioned
 CNIL, Deliberation abovementioned
 Article L1461-2 du French Public Health Code
 “Giving meaning to artificial intelligence: For a national and European strategy“, VILLANI Report presented on March 2018
 Stéphanie Combes, Report of the prefiguration mission of the Health Data Hub, October 12, 2018