Estimated at approximately 4 billion euros by the Court of Auditors, fraud in health insurance benefits is now under scrutiny by the French government. But are the proposed measures the most effective way to reduce the cost?

According to the High Council for the Financing of Social Protection, total social fraud in France is estimated at 13 billion euros. Specifically, fraud in health insurance benefits is estimated by the Court of Auditors to amount to between 3.8 and 4.5 billion euros. In a La Tribune article on October 6, Michel Barnier expressed his intent to address this issue. The Prime Minister stated in the interview that he aims to “secure health insurance cards by linking them to digital identity cards.”

Is the idea relevant?

“Digitalization inevitably enhances security. However, we must remember that a significant portion of people still face challenges accessing digital tools. The State is obligated to provide an offline version, and that’s a good thing. Moreover, it’s worth noting that identity cards are not mandatory in France. For French citizens today, possessing a health insurance card is more essential for accessing healthcare than having an identity card,” says Vincent Rémon, Chief Information Security Officer at the Ministry of Culture and formerly a cybersecurity expert at Onepoint.

Electronic Identity and Health Insurance Cards: Two Separate Applications

Based on the latest updates, France is moving toward an electronic health insurance card that will operate independently from the France Identité application.

“France Identité is a solid application, having undergone numerous bug bounty tests and being highly secure. It would have been ideal to integrate health card validation into France Identité, but this isn’t happening due to the complexity of rationalizing the two applications. The electronic health insurance card will thus have its own app. However, it will be possible to use France Identité for the dematerialization process of the health card, bypassing the 48-hour manual validation period. This is excellent since the more human involvement you have in the process, the higher the risk of errors,” explains Vincent Rémon.

Another reason for maintaining separate applications for France Identité and the dematerialized health card is the different nature of the data involved. “For identity cards, the focus is on preventing identity theft and its associated consequences. For dematerialized health cards, it’s the confidentiality of medical information that’s at stake. Both applications are equally important, and it’s wise to keep them separate,” adds Vincent Rémon.

A unified application in the future?

A unified “meta-application” is likely to emerge in the coming years, but it’s not on the horizon yet.

“One day, we might see a ‘super app’ (a sort of digital wallet) managing everything. However, its use must remain optional. Citizens could then integrate France Identité and/or the dematerialized health insurance card if they wish. This optional nature is crucial because requiring an electronic identity card for obtaining a dematerialized health card effectively mandates having an identity card, which is against the law. Initially, France Identité was envisioned as this ‘meta-app,’ but in practice, it currently only manages identity,” Rémon explains.

Patrick Butor, President of the International Collective Intelligence Company, cites Estonia as an example: “A single chip can have at least a dozen separate compartments, entirely isolated from one another. In Estonia, everything is integrated. The same card can optionally hold your driver’s license, identity card, bank card, health insurance card, your children’s grades… I believe France isn’t ready for this yet. The hesitation is psychological: when everything is integrated, traceability significantly increases, as the central system notifies you whenever someone accesses your data.”

The digital shift: Fighting the right battle

Will digitalizing health cards and linking them to identity cards effectively combat social fraud?

Rémon’s answer is a clear no: “We must remember that the traditional plastic health card will remain in use. Fraudsters won’t rush to exploit the digital version. They’ll continue creating fake cards with fake photos. It’s much easier than hacking a private key. As long as the physical version of the card isn’t entirely phased out, fraud won’t be eradicated. This will likely take one or two generations,” he observes.

Butor also regrets the limited data currently stored on the health card. “The health insurance card is practically useless today since it doesn’t store prescriptions, diagnoses, vaccinations, or test results. For example, when you’re vaccinated against the flu or COVID, no record is stored on your health card chip,” he points out.

Conclusion

Rémon emphasizes, “Digitalization is an absolute necessity, but the reasons cited for it are misguided. The shift to digital represents greater sovereignty and enhanced citizen data security. Using ‘straw men’ arguments to claim we’re solving social fraud misses the point entirely.”

Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.