French Government Health Services Reimbursed Big Brother Heart Devices
Health data management, a hot topic in France, is shedding light on how far industrial lobbyists and special interest groups have managed to bypass French lawmakers, in way over their heads regarding the legal protections around patient data. Put simply, lobbies are taking advantage of legal complexities and bureaucratic incompetence in data protection to get away with murder.
The French government health services reimbursed illegal devices
A discrete, yet significant, event brought the matter to light recently, when the French government gave the order to Social Security to fund pacemakers and internal defibrillators, while these were non-compliant with French law and medical regulations. Medical reporter Claire Gabillat reports, “In France, 38 000 people carry pacemakers or internal automatic cardioverter-defibrillators, and are tracked around the clock, through tele-cardiology. In effect, the implanted device sends the recorded data to a secure server via a small transmitter”. These devices are financed by government health services. However, they do not comply with French regulations regarding data protection.
Through this matter, the gaping rift between France’s official position regarding privacy rights and the lay of the land became problematic. Commenting on France’s recent push on data protection, William Fry reported that, “The French Data Protection authority (“CNIL”) has published its guidelines on practical enforcement of the General Data Protection Regulation (“GDPR”) and outlined a short period of enforcement flexibility. The CNIL has stated that for the first few months following application of the GDPR (on 25 May), from an enforcement viewpoint, it will make a distinction between long standing fundamental principles of data protection and novel GDPR concepts”. But foreign medical solution providers have already been laughing at France’s porous safeguards for some time, thanks to globalization which enable the extraction of data from a foreign country, out of the reach of French law. It appears now that even French operations consider the CNIL (France’s data privacy government office) to be laughing stock, to the extent that medical companies are getting their government to fund their products, despite their being illegal.
With government-guaranteed funding since the end of the second world war, medical companies have long had their eyes on the gold bullion which the French market represents. According to scopes considered, the general health market in France can be assessed to over 20 billion euros, with an additional 2 or 3 promised by the rise of connected medical devices. To maximize these profits and strengthen their positions on the market, laboratories have deployed immense lobbying effort, which have now completely overrun the government’s and the CNIL’s monitoring and control capacities. A review of online publications, and the lack of the material on the subject, strongly suggests that not only the CNIL is unable to address this privacy breach, but they seem utterly unaware that the problem even exists.
The complicity of French authority
Currently, connected health devices leave many loopholes through which medical data can leak, and the CNIL is unable to address these leaks, or outright unaware of the problem. When addressed on the subject, the CNIL shrugs and says there is nothing they can do about it. Valerie Peugeot, who works simultaneously as a board member for the CNIL and for communications giant Orange, says « Individual data are worthless! Only its aggregation yields added value”, openly admitting the attraction which companies feel for these data repositories. CNIL President Isabelle Falque-Pierrotin adds: “Data ownership is an illusion. Such a market would be imbalanced, with unlimited demand facing a plentiful offer. It would be a data large free-for-all, to the benefit of GAFA. Once they have ownership of the data, they will do as they please”. In other words, aware of the limits which governmental control would encounter, the CNIL decides to do nothing and let private interests dictate the rule. Computer expert Gérard Berry says, “the security of small connected objects offered to the general public is becoming a problem. Today, connected objects are absolute sieves”.
And yet, data management and connected health devices need not be incompatible. Connected pacemakers (which uphold cardiac frequencies) and defibrillators (which prevent tachycardia), could help address effectively the 60 000 heart attacks every year, with immediate detection. But if the public feels that private companies are using their information in a savage and uncontrolled way, the market will shut down and the opportunity to modernize medical practices will be lost for France and recuperated by foreign companies. Google, for instance, is losing no time and is considering purchasing Nokia’s e-health division, as reported by CNET:
Google’s smart home division Nest may be looking to expand its product portfolio to health gadgets. Nokia, which bought a slew of smart home health products from Withings just two years ago, is reportedly in the market to sell its Health division, according to the tech website Wearable.
With the current mismanagement of the issue, things seem to be headed either nowhere or in the wrong direction. The imbalance of powers between overwhelmed and under-qualified governmental powers on the one hand, and private interests free to do as they please and elude legal control on the other hand, is such that any pursuit (or even strengthening) of current policies would amount to nothing. Only a decision of high magnitude (from Isabelle Falque-Pierrotin or possibly from President Macron) and an in-depth reform would bring positive evolutions. Until that decision occurs, either lobbies will continue to help themselves to medical patient data unencumbered, or the legal mess will push the public to simply refuse connected medical devices, causing France to miss the train of the digital revolution.
Samantha King is a freelance investigative journalist.