Go to Home

Search

-Advanced Search   -Search Guidelines

Healthc Inform Res.  2019 Oct;25(4):239-247. 10.4258/hir.2019.25.4.239.

Protecting and Utilizing Health and Medical Big Data: Policy Perspectives from Korea

Affiliations
  • 1School of Law, Seoul National University, Seoul, Korea. hsk@snu.ac.kr

Abstract


OBJECTIVES
We analyzed Korea's data privacy regime in the context of protecting and utilizing health and medical big data and tried to draw policy implications from the analyses.
METHODS
We conducted comparative analyses of the legal and regulatory environments governing health and medical big data with a view to drawing policy implications for Korea. The legal and regulatory regimes considered include the following: the European Union, the United Kingdom, France, the United States, and Japan. We reviewed relevant statutory materials as well as various non-statutory materials and guidelines issued by public authorities. Where available, we also examined policy measures implemented by government agencies.
RESULTS
In this study, we investigated how various jurisdictions deal with legal and regulatory issues that may arise from the use of health and medical information with regard to the protection of data subjects' rights and the protection of personal information. We compared and analyzed various forms of legislation in various jurisdictions and also considered technical methods, such as de-identification. The main findings include the following: there is a need to streamline the relationship between the general data privacy regime and the regulatory regime governing health and medical big data; the regulatory and institutional structure for data governance should be more clearly delineated; and regulation should encourage the development of suitable methodologies for the de-identification of data and, in doing so, a principle-based and risk-based approach should be taken.
CONCLUSIONS
Following our comparative legal analyses, implications were drawn. The main conclusion is that the relationship between the legal requirements imposed for purposes of personal information protection and the regulatory requirements governing the use of health and medical data is complicated and multi-faceted and, as such, their relationship should be more clearly streamlined and delineated.

Keyword

Big Data; De-identification; Data Protection; Privacy; Research

MeSH Terms

Computer Security
European Union
France
Government Agencies
Great Britain
Humans
Japan
Korea*
Privacy
United States

Cited by  1 articles

Data Pseudonymization in a Range That Does Not Affect Data Quality: Correlation with the Degree of Participation of Clinicians
Soo-Yong Shin, Hun-Sung Kim
J Korean Med Sci. 2021;36(44):e299.    doi: 10.3346/jkms.2021.36.e299.


Reference

1. Raghupathi W, Raghupathi V. Big data analytics in healthcare: promise and potential. Health Inf Sci Syst. 2014; 2:3.
Article
2. Korea Ministry of Government Legislation. Framework Act on Health and Medical Services [Internet]. Sejong, Korea: Ministry of Government Legislation;2008. cited at 2019 Oct 1. Available from: http://www.law.go.kr/lsInfoP.do?lsiSeq=86439&chrClsCd=010203&urlMode=engLsInfoR&viewCls=engLsInfoR#0000.
3. Federal Trade Commission. Protecting consumer privacy in an era of rapid change: recommendations for businesses and policymakers [Internet]. Washington (DC): Federal Trade Commission;2012. cited at 2019 Oct 1. Available from: https://www.ftc.gov/reports/protecting-consumer-privacy-era-rapid-change-recommendations-businesses-policymakers.
4. Organisation for Economic Co-operation and Development. OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (Paragraph 3: Different degrees of sensitivity) [Internet]. Paris, France: Organisation for Economic Co-operation and Development;c2019. cited at 2019 Oct 1. Available from: https://www.oecd.org/internet/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm.
5. Council of Europe. Recommendation CM/Rec(2019)2 of the Committee of Ministers to member States on the protection of health-related data [Internet]. Strasbourg, France: Council of Europe;c2019. cited at 2019 Oct 1. Available from: https://search.coe.int/cm/pages/result_details.aspx?objectid=090000168093b26e.
6. EUR-Lex. Directive 2003/98/EC of the European Parliament and of the Council of 17 November 2003 on the re-use of public sector information [Internet]. Paris, France: EUR-Lex;2003. cited at 2019 Oct 1. Available from: https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex:32003L0098.
7. UK National Data Guardian. Caldicott review: information governance in the health and care system [Internet]. London, UK: National Data Guardian;2013. cited at 2019 Oct 1. Available from: https://www.gov.uk/government/publications/the-information-governance-review.
8. UK Biobank. Consent form [Internet]. London, UK: UK Biobank;2006. cited at 2019 Oct 1. Available from: http://www.ukbiobank.ac.uk/wp-content/uploads/2011/06/Consent_form.pdf.
9. Genomics England [Internet]. London, UK: Genomics England;c2019. cited at 2019 Oct 1. Available from: https://www.genomicsengland.co.uk/.
10. Legifrance. Law No. 78-17 of 6 January 1978 relating to data, files and freedoms [Internet]. Paris, France: Légifrance;1978. cited at 2019 Oct 1. Available from: https://www.legifrance.gouv.fr/affichTexte.do?cidTexte=LEGITEXT000006068624&dateTexte=19781031.
11. US Department of Health & Human Services. The HIPAA Privacy Rule [Internet]. Washington (DC): US Department of Health & Human Services;c2019. cited at 2019 Oct 1. Available from: https://www.hhs.gov/hipaa/for-professionals/privacy/index.html.
12. Hoffman S. Electronic health records and medical big data: law and policy. New York (NY): Cambridge University Press;2016.
13. Personal Information Protection Commission. Act on the Protection of Personal Information (Act No. 57 of 2003) [Internet]. Tokyo, Japan: Personal Information Protection Commission;2003. cited at 2019 Oct 1. Available from: https://www.ppc.go.jp/files/pdf/290530_personal_law.pdf.
14. Japanese Association of Medical Sciences. Guidelines for genetic tests and diagnoses in medical practice [Internet]. Tokyo, Japan: Japanese Association of Medical Sciences;2011. cited at 2019 Oct 1. Available from: http://jams.med.or.jp/guideline/genetics-diagnosis_e.pdf.
15. European Commission. What is Horizon 2020? [Internet]. Brussels, Belgium: European Commission;c2019. cited at 2019 Oct 1. Available from: https://ec.europa.eu/programmes/horizon2020/en/what-horizon-2020.
16. The AEGLE Project [Internet]. Brussels, Belgium: AEGLE;c2019. cited at 2019 Oct 1. Available from: http://www.aegle-uhealth.eu/en/.
17. Making NHS data work for everyone [Internet]. York, UK: Healthwatch York;2018. cited at 2019 Oct 1. Available from: https://www.healthwatchyork.co.uk/news/making-nhs-data-work-for-everyone/.
18. NHS Digital. Data sets [Internet]. London, UK: NHS;c2019. cited at 2019 Oct 1. Available from: https://digital.nhs.uk/data-and-information/data-collections-and-data-sets/data-sets.
19. About the Portal Epidemiology – France [Internet]. Paris, France: Epidemiology – France;c2019. cited at 2019 Oct 1. Available: https://epidemiologie-france.aviesan.fr/en/epidemiology/pages/portal-epidemiology.
20. Commission Nationale de l'Informatique et des Libertés. Un nouveau guide de la sécurité des données personnelles [Internet]. Paris, France: Commission Nationale de l'Informatique et des Libertés;2018. cited at 2019 Oct 1. Available from: https://www.cnil.fr/fr/un-nouveau-guide-de-la-securite-des-donnees-personnelles.
21. US Department of State. Open Government Plan [Internet]. Washington (DC): US Department of State;2016. cited at 2019 Oct 1. Available from: https://www.state.gov/wp-content/uploads/2019/04/Open-Government-Plan.pdf.
22. US Department of Health and Human Services. Guidance regarding methods for de-identification of protected health information in accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule [Internet]. Washington (DC): US Department of Health and Human Services;2012. cited at 2019 Oct 1. Available from: https://www.hhs.gov/hipaa/for-professionals/privacy/special-topics/de-identification/index.html.
Full Text Links
  • HIR
Actions
Cited
CITED
export Copy
Close
Share
  • Twitter
  • Facebook
Similar articles

Cited

Download

Close

Save citations to file

Download

Close

Email citations

Send Email
recaptcha 영역

Close

Copyright © 2024 by Korean Association of Medical Journal Editors. All rights reserved.     E-mail: koreamed@kamje.or.kr