• Journal of the Korea Society of Computer and Information
• /
• v.24 no.11
• /
• pp.109-117
• /
• 2019

Recently, the invasion of privacy in medical information has been issued following the interest in the secondary use of mass medical information. The mass medical information is very useful information that can be used in various fields such as disease research and prevention. However, due to privacy laws such as the Privacy Act and Medical Law, this information, including patients' or health professionals' personal information, is difficult to utilize as a secondary use of mass information. To do these problem, various methods such as k-anonymity, l-diversity and differential-privacy that can be utilized while protecting privacy have been developed and utilized in this field. In this paper, we discuss the differential privacy processing of the various methods that have been studied so far, and discuss the problems of differential privacy using Laplace noise and the previously proposed differential privacy. Finally, we propose a new scheme to solve the existing problem by adding a 1-bit status field to the last column of a given data set to confirm the response to queries from analysts.

• The Korean Society of Law and Medicine
• /
• v.14 no.1
• /
• pp.209-236
• /
• 2013

The concept of expectation rights considers 'the expectation' that the patient should be given proper medical treatment as the benefit and protection of the law, so it would be the benefit and protection of the law due to personal rights different from 'the legal principle that has the possibility to a considerable extent' being in an extension of life and body. However, the problem how the patient's expectation of medical service sets up in order to make it the benefit and protection of the law would be still left in the vague concept of the patient's 'expectation', thus, in the first place, the medical practice following formed medical standard in every particular medical institutes should be the standard because these medical services are normally within a range of the patients' expectations. In addition, it should be naturally constituted as mental profit to get the subjective circumstances such as 'the patient's expectation' to be an object, and also, different from the profit and protection of the law such as life and body that should be absolutely protected, the origin of violation behavior should be regarded simultaneously to define the denotation of expectation rights. Therefore, the expectation rights violations would be problematic in case it fails to reach the medical standard that is expected for common doctors to practice properly. This is the concept of expectation rights that gets subjective matters such as the patient's expectation to be objectivity as medical practices that can be expected by generalized abstract doctors. This standard should be defined as the minimum standard that is naturally expected for doctors to practice, different from medical standard that decides the level of doctors.

• Review of KIISC
• /
• v.21 no.5
• /
• pp.12-20
• /
• 2011

개인정보보호법이 전면적인 법 시행을 앞두고 있고 지금까지 규제대상이 아니던 기업 종업원의 개인정보는 물론, 종이 문서형태의 개인정보까지를 규제대상으로 삼고 있어 개인정보보호 시장이 크게 확대될 것으로 전망된다. 규제범위도 정보통신, 교육, 의료, 금융 분야까지 다루고 있어서, 정부/공공기관 및 민간기업의 철저한 사전준비가 필요한 시점이다. 개인의 프라이버시 보호에 대한 이러한 발전추세에는 국내외 표준화가구를 통한 활발한 표준화작업이 밑바탕이 되고 있으며, 특히 미국, 영국, 독일, 일본, 한국 등의 나라를 중심으로 국제표준화를 활발히 추진하고 있다[1]. 표준화의 분야에는 개체의 신분확인을 위한 표준, 개인식별정보와 바이오인식 정보가 같이 사용되는 상황에서 이들의 바이오인식 프라이버시 및 보안요구조건을 위한 표준, 프라이버시 프레임워크, 프레임워크 기반 구현을 위한 프라이버시 레퍼런스 아키텍쳐 등 다양한 표준화 분야가 있다. 본 논문에서는 프라이버시 표준화를 위한 국외 표준화 동향을 소개하고, 향후 추진해야할 중점 표준화 항목을 도출한다.

• Fire Science and Engineering
• /
• v.20 no.4 s.64
• /
• pp.77-90
• /
• 2006

This is for Criminal Law problem that can be happened during the rescue working of 119 rescue member. There are mainly 3sections can be Criminal Law Problem. At first, denying a rescue request. Second, thing that do not transfer patient or people need someone's help by their refusal. Third, emergency medical management. It can be criminal act if somebody do the 3sections thing under Law about emergency medical treatment. It also can be homicide under Criminal Law or accidental homicide, a charge of injuring a person if people need rescue die or become worse through the work. Rescuers are responsible for a criminal case by their carelessness and fault. A plan has to remain to protect them when they do violence to the life and health of a people inevitably. This paper examines the plan can protect them through the analysis and application of related Law about rescuer's work which can be Criminal Law Problem, presents rational establish plan of Rescuer Protect Law to make them their job well as a rescuer.

• Fire Science and Engineering
• /
• v.19 no.2 s.58
• /
• pp.45-62
• /
• 2005

This thesis has defined the legal status of 119 rescue who plays a major role in the Korean prehospital emergency medical system and reviewed the various issues that may occur depending on work related legal liabilities. As a result, the purpose of this study was to represent the countermeasures for legal protection of 119 rescue required for the quality improvement of prehospital emergency medical system and as well as the countermeasures for risk management prepared for its related lawsuits. The legal liabilities of 119 rescue officers can be divided largely into public law liabilities and civil and criminal liabilities. In order to decrease the incidences of legal problems and provide the legal protection to rescue officers, the liability of supervising physician should be emphasized when the emergency medical practice is performed by a rescue officer under their supervision by consolidating medical control and the rescue officer should have legal liability on his emergency medical practice. itself Also, the emergency medical service guideline for 119 rescue officers should be prepared and their works should be performed according to such a guideline and procedures. In addition, the accurate legal documentation on emergency medical system from on-site to ER and related mobilization should be framed and preserved. Moreover, it is required to enact a new law such as the Good Samaritan Act or the Rescue Officers Protection Act.

• The Korean Society of Law and Medicine
• /
• v.22 no.4
• /
• pp.117-157
• /
• 2021

This research reviewed the HIPAA/HITECH, 21st Century Cures Act, Common Law, and private Guidances from the perspectives in protecting and utilitizing the medical data, while implications were followed. First, the standards for protection and utilization are relatively clearly regulated through single law on personal medical information in the United States. The HIPAA has been introduced in 1996 as fundamental act on protection of medical data. Medical data was divided into personally identifiable information, non-identifying information, and limited dataset under HIPAA. Regulations on de-identification measures for medical information, objects for deletion of limited data sets, and agreement on prohibition of data re-identification were stipulated. Moreover, in the 21st Century Cures Act regulated mutual compatibility for data sharing, prohibition of data blocking, and strengthening of accessibility of data subjects. Common Law introduced comprehensive consent system and clearly stipulates procedures. Second, the regulatory system is relatively simplified and clearly stipulated in the United States. To be specific, the expert consensus and the safe harbor system were introduced as an anonymity measure for identifiable medical information, which clearly defines the process while increasing trust. Third, the protection of the rights of the data subject is specified, the duty of explanation is specified in detail, while the information right of the consumer (opt-out procedure) for identification information is specified. For instance, the HHS rule and FDA regulations recognize the comprehensive consent system for human research, but the consent procedure, method, and requirements are stipulated through the common rule. Fourth, in the case of the United States, a trust-based system is being used throughout the health and medical data legislation. To be specific, Limited Data Sets are allowed to use in condition to the researcher's agreement to prohibit re-identification, and de-identification or consent process is simplified under the system.

• The Korean Society of Law and Medicine
• /
• v.21 no.2
• /
• pp.37-73
• /
• 2020

Medical practice with medical adaptability is not illegal. Consent to medical practice is also not intended to exclude causes of Illegality. The patient's consent to medical practice is the exercise of the right to self-determination, and the patient's right to self-determination is take shape through the doctor's information. If a doctor violates his duty to inform, failure to inform or lack of inform constitutes an act of illegality of omission in itself. As a result, the legal interest of self-determination is violated. The patient has the right to know and make decisions on his or her own, even when it is not connected to the benefit of life and body as the subject of the body. If that infringed and lost, the non-property damage shall be recognized and the immaterial damage must be compensated. On the other hand, the violation of the duty of information does not belong to deny the compensation for physical damage. Which the legal interest violated by violation of the obligation to inform is the self-determination, and loss of opportunity of choice is recognized as ordinary damage. However, if the opportunity of choice was lost because of the infringement of the right to self-determination and the patient could not choice the better way, that dose not occur plainly bad results, under the prove of these causal relationship, that bad results could be compensated. But the unexpectable damage could not be compensated, because the physical damage is considered as the special damage due to the violation of the right of the self-determination.

• The Korean Society of Law and Medicine
• /
• v.13 no.1
• /
• pp.359-395
• /
• 2012

In a broad term, health and medical data means all patient information that has been generated or circulated in government health and medical policies, such as medical research and public health, and all sorts of health and medical fields as well as patients' personal data, referred as medical data (filled out as medical record forms) by medical institutions. The kinds of health and medical data in medical records are prescribed by Articles on required medical data and the terms of recordkeeping in the Enforcement Decree of the Medical Service Act. As EMR, OCS, LIS, telemedicine and u-health emerges, sharing and protecting digital health and medical data is at issue in these days. At medical institutions, health and medical data, such as medical records, is classified as "sensitive information" and thus is protected strictly. However, due to the circulative property of information, health and medical data can be public as well as being private. The legal grounds of health and medical data as such are based on the right to informational self-determination, which is one of the fundamental rights derived from the Constitution. In there, patients' rights to refuse the collection of information, to control recordkeeping (to demand access, correction or deletion) and to control using and sharing of information are rooted. In any processing of health and medical data, such as generating, recording, storing, using or disposing, privacy can be violated in many ways, including the leakage, forgery, falsification or abuse of information. That is why laws, such as the Medical Service Act and the Personal Data Protection Law, and the Guideline for Protection of Personal Data at Medical Institutions (by the Ministry of Health and Welfare) provide for technical, physical, administrative and legal safeguards on those who handle personal data (health and medical information-processing personnel and medical institutions). The Personal Data Protection Law provides for the collection, use and sharing of personal data, and the regulation thereon, the disposal of information, the means of receiving consent, and the regulation of processing of personal data. On the contrary, health and medical data can be inspected or delivered of the copies, based on the principle of restriction on fundamental rights prescribed by the Constitution. For instance, Article 21(Access to Record) of the Medical Service Act, and the Personal Data Protection Law prescribe self-disclosure, the release of information by family members or by laws, the exchange of medical data due to patient transfer, the secondary use of medical data, such as medical research, and the release of information and the release of information required by the Personal Data Protection Law.

• The Korean Society of Law and Medicine
• /
• v.24 no.4
• /
• pp.67-101
• /
• 2023

The utilization of generative AI in the medical field is also being rapidly researched. Access to vast data sets reduces the time and energy spent in selecting information. However, as the effort put into content creation decreases, there is a greater likelihood of associated issues arising. For example, with generative AI, users must discern the accuracy of results themselves, as these AIs learn from data within a set period and generate outcomes. While the answers may appear plausible, their sources are often unclear, making it challenging to determine their veracity. Additionally, the possibility of presenting results from a biased or distorted perspective cannot be discounted at present on ethical grounds. Despite these concerns, the field of generative AI is continually advancing, with an increasing number of users leveraging it in various sectors, including biomedical and life sciences. This raises important legal considerations regarding who bears responsibility and to what extent for any damages caused by these high-performance AI algorithms. A general overview of issues with generative AI includes those discussed above, but another perspective arises from its fundamental nature as a large-scale language model ('LLM') AI. There is a civil law concern regarding "the memorization of training data within artificial neural networks and its subsequent reproduction". Medical data, by nature, often reflects personal characteristics of patients, potentially leading to issues such as the regeneration of personal information. The extensive application of generative AI in scenarios beyond traditional AI brings forth the possibility of legal challenges that cannot be ignored. Upon examining the technical characteristics of generative AI and focusing on legal issues, especially concerning the protection of personal information, it's evident that current laws regarding personal information protection, particularly in the context of health and medical data utilization, are inadequate. These laws provide processes for anonymizing and de-identification, specific personal information but fall short when generative AI is applied as software in medical devices. To address the functionalities of generative AI in clinical software, a reevaluation and adjustment of existing laws for the protection of personal information are imperative.

• The Korean Society of Law and Medicine
• /
• v.23 no.4
• /
• pp.29-74
• /
• 2022

As social disasters occur under the Disaster Management Act, which can damage the people's "life, body, and property" due to the rapid spread and spread of unexpected COVID-19 infectious diseases in 2020, information collected through inspection and reporting of infectious disease pathogens (Article 11), epidemiological investigation (Article 18), epidemiological investigation for vaccination (Article 29), artificial technology, and prevention policy Decision), (3) It was used as an important basis for decision-making in the context of an infectious disease crisis, such as promoting vaccination and understanding the current status of damage. In addition, medical policy decisions using infectious disease data contribute to quarantine policy decisions, information provision, drug development, and research technology development, and interest in the legal scope and limitations of using infectious disease data has increased worldwide. The use of infectious disease data can be classified for the purpose of spreading and blocking infectious diseases, prevention, management, and treatment of infectious diseases, and the use of information will be more widely made in the context of an infectious disease crisis. In particular, as the serious stage of the Disaster Management Act continues, the processing of personal identification information and sensitive information becomes an important issue. Information on "medical records, vaccination drugs, vaccination, underlying diseases, health rankings, long-term care recognition grades, pregnancy, etc." needs to be interpreted. In the case of "prevention, management, and treatment of infectious diseases", it is difficult to clearly define the concept of medical practicesThe types of actions are judged based on "legislative purposes, academic principles, expertise, and social norms," but the balance of legal interests should be based on the need for data use in quarantine policies and urgent judgment in public health crises. Specifically, the speed and degree of transmission of infectious diseases in a crisis, whether the purpose can be achieved without processing sensitive information, whether it unfairly violates the interests of third parties or information subjects, and the effectiveness of introducing quarantine policies through processing sensitive information can be used as major evaluation factors. On the other hand, the collection, provision, and use of infectious disease data for research purposes will be used through pseudonym processing under the Personal Information Protection Act, consent under the Bioethics Act and deliberation by the Institutional Bioethics Committee, and data provision deliberation committee. Therefore, the use of research purposes is recognized as long as procedural validity is secured as it is reviewed by the pseudonym processing and data review committee, the consent of the information subject, and the institutional bioethics review committee. However, the burden on research managers should be reduced by clarifying the pseudonymization or anonymization procedures, the introduction or consent procedures of the comprehensive consent system and the opt-out system should be clearly prepared, and the procedure for re-identifying or securing security that may arise from technological development should be clearly defined.