• The Journal of the Korea Contents Association
• /
• v.14 no.11
• /
• pp.164-174
• /
• 2014

The purpose of this study is to explore ways to resolve the conflicting issues that are currently applied in medical Act and medical privacy Act through the comparative Analysis of the Privacy Act and the Medical Information Protection Act foreign. the results run to establish the Public Health Act coming for the protection of health information is a characteristic of many countries, France in Europe, the United States and Canada had been running an independent medical information laws are enacted. Prescribes penalties of up to a fairly systematic method from the case records of patients would not have occurred in the management and implementation of the law and the protection of the author of the book focuses on the subject of medical records and physician records between patient confidentiality and privacy it can be seen that the method defined in. This indicates the need for the establishment of an independent medical information laws to protect all records relating to the patient systematically Korea also.

• The Korean Society of Law and Medicine
• /
• v.22 no.4
• /
• pp.3-35
• /
• 2021

Inmitten der Flut der privaten und öffentlichen Information gilt die riesige Informationsmenge als Schlüsselressource im Zeitalter der 4. industriellen Revolution, repräsentiert durch Big-Data. Das Interesse an diesen wächst weltweit. Es gibt eine aktive Diskussion darüber, wie man Daten sichert und akkumuliert und wie man die gesammelten Daten sicher und effektiv nutzt. Gesundheitsdaten werden vor allem als die wertvollste Ressource bewertet, für die Big-DataTechnologie eingesetzt wird. Um Gesundheitsdaten sinnvoll zu nutzen, müssen verteilte Gesundheitsdaten integriert und den Benutzern in einer Form zur Verfügung gestellt werden, die für Forschung oder Inspektion verwendet werden kann. In einer Situation, in der große Länder um den Aufbau bzw. die Führung der Datenwirtschaft konkurrieren, wurden im August 2020 auch in Südkorea die sog. „3-Daten-Gesetze" geändert, die das Datenschutzgesetz(DSG) enthälten. Das DSG führte das Konzept der pseudonymen Informationen ein und baute eine Rechtsgrundlage für deren Verwendung auf. Als Folgemaßnahme kündigte die, Kommission für den Schutz personenbezogener Daten(Personal Information Protection Commission: PIPC)' die „Richtlinien für die Bahandlung mit pseudonymen Informationen" und, Ministerium für Gesundheit und Wohlfahrt' die „Richtlinien für die Verwendung von Gesundheitsdaten" an. Gesundheitsdaten stehen direkt in Zusammenhang mit Leben und Körper des Menschen und damit enthalten viele sensible Daten. Es handelt sich also um ein System, das aus einer vorsichtigeren und konservativeren Sicht unter der Voraussetzung verwendet werden kann, personenbezogene Daten sicherer zu schützen. Um die Hauptinhalte der „Richtlinien für Verwendung von Gesundheitsdaten" zu analysieren, überprüften wir zunächst die Hauptinhalte des überarbeiteten DSG. Danach durch die Analyse der wesentlichen Inhalte der „Richtlinien für Verwendung von Gesundheitsdaten" wurden Probleme wie Konflikte mit anderen Gesetzen und Verbesserungsmaßnahmen überprüft.

• Journal of the Korean Society of Radiology
• /
• v.16 no.5
• /
• pp.627-637
• /
• 2022

The purpose of this study is to comply with the operation and management of medical image information in PACS, the necessity of anonymizing the patient's personal information and the management status of the medical image information related to the personal The purpose of this study was to raise, discuss, and suggest the need for unification and coherence of the law by studying the content of the issues related to information related laws. In order to utilize information related to medical image information, it is necessary to unify the "Medical Act" or the "Bioethics Act" for clear legal application and consider the legal system's consistency. Since there is a possibility of conflict due to issues that are not yet established, systematic coherence of the law is required to find the basic common denominator for the utilization and use of medical image information and to harmonize the law. In addition, the necessity of enacting the "Medical Information Protection Act" that can be practically applied and easily practiced by medical personnel and managers in the clinical field so that sensitive matters of medical image information and personal information can be protected and managed in a specific and systematic way.

• The Journal of Korean Institute of Next Generation Computing
• /
• v.13 no.6
• /
• pp.66-76
• /
• 2017

In this study, we investigated how to protect personal healthcare information when constructing OMOP (Observational Medical Outcomes Partnership) CDM (Common Data Model). There are two proposed methods; to restrict data corresponding to HIPAA (Health Insurance Portability and Accountability Act) PHI (Protected Health Information) to be extracted to CDM or to disable identification of it. While processing sensitive information is restricted by Korean Personal Information Protection Act and medical law, there is no clear regulation about what is regarded as sensitive information. Therefore, it was difficult to select the sensitive information for protecting personal healthcare information. In order to solve this problem, we defined HIPAA PHI as restriction criterion of Article 23 of the Personal Information Protection Act and maps data corresponding to CDM data. Through this study, we expected that it will contribute to the spread of CDM construction in Korea as providing solutions to the problem of protection of personal healthcare information generated during CDM construction.

• The Korean Society of Law and Medicine
• /
• v.22 no.3
• /
• pp.31-55
• /
• 2021

The Personal Information Protection Act, one of the revised 3 Data Laws, established a special cases concerning pseudonymous data. As a result, a personal information controller may process pseudonymized information without the consent of data subjects for statistical purposes, scientific research purposes, and archiving purposes in the public interest, etc. In addition, as a follow-up to the revised Personal Information Protection Act, a 'Guidelines for Utilization of Healthcare Data' was prepared, which deals with the pseudonymization in the medical sector. The guidelines are meaningful in that they provide practical criteria for accomplices by defining specific interpretations and examples that take into account the characteristics of healthcare data. However, the guidelines need to clarify the purpose of using pseudonymous data and strengthen the fairness of the composition of the data deliberation committee. The guidelines also require establishing a healthcare data compensation framework and strengthening the protection of rights for vulnerable subjects. In addition, the guidelines need to be adjusted for inconsistency with the Bioethics and Safety Act and the Medical Service Act. It is expected that this study will contribute to the creation of a safe environment for the utilization of healthcare data as well as the improvement of related laws and systems.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.10a
• /
• pp.552-555
• /
• 2017

It is de-identification that emerged to find the trade-off between the use of big data and the protection of personal information. In particular, in the field of medical that deals with various semi-identifier information and sensitive information, de-identification must be performed in order to use medical consultation such as EMR and voice, KakaoTalk, and SNS. However, there is no separate law for medical information protection and legislation for de-identification. Therefore, in this study, we present the current status of de-identification of personal information, the status and case of de-identification of medical information, and finally we provide issues and solutions for medial information protection and de-identification.

• The Korean Society of Law and Medicine
• /
• v.24 no.2
• /
• pp.35-77
• /
• 2023

As the amendment to the Personal Information Protection Act, which newly established the basis for the right to request transmission of personal information, was promulgated through the plenary session of the National Assembly, MyData, which was previously applied only to the financial sector, could spread to all fields. The right to request transmission of personal information is the right of the information subject to be guaranteed for the realization of MyData. However, since the right to request transmission of personal information stipulated in the Personal Information Protection Act is designed to be applied to all fields, not a special field such as the medical field, it has many shortcomings to act as a core basis for implementing MyData in Medicine. Based on this awareness of the problem, this paper compares and analyzes major legal trends related to the right to portability of personal health information at home and abroad, and examines the limitations of Korea's Personal Information Protection Act and Medical Act in realizing Medical MyData. Under the Personal Information Protection Act, the right to request transmission of personal information is insufficient to apply to the medical field, such as the scope of information to be transmitted, the transmission method, and the scope of the person obligated to perform the transmission, etc.. Regulations on the right to access medical information and transmission of medical records under the Medical Act also have limitations in implementing the full function of Medical My Data in that the target information and the leading institution are very limited. In order to overcome these limitations, this paper prepared a separate and independent special law to regulate matters related to the use and protection of personal health information as a measure to improve the legal system that can effectively guarantee the right to portability of personal health information, taking into account the specificity of the medical field. It was proposed to specifically regulate the contents of the movement and transmission system of personal health information.

• The Korean Society of Law and Medicine
• /
• v.17 no.2
• /
• pp.315-346
• /
• 2016

With the development of big data processing technology, the potential value of healthcare big data has attracted much attention. In order to realize these potential values, various research using the healthcare big data are essential. However, the big data regulatory system centered on the Personal Information Protection Act does not take into account the aspect of big data as an economic material and causes many obstacles to utilize it as a research purpose. The regulatory system of healthcare information, centered on the primary purpose of patient treatment, should be improved in a way that is compatible with the development of technology and easy to use for public interest. To this end, it is necessary to examine the trends of overseas legal system reflecting the concerns about the balance of protection and utilization of personal information. Based on the implications of the overseas legal system, we can derive improvement points in the following directions from our legal system. First, a legal system that specializes in healthcare information and encompasses protection and utilization is needed. De-identification, which is an exception to the Privacy Act, should also clearly define its level. It is necessary to establish a legal basis for linking healthcare big data to create synergy effects in research. It is also necessary to examine the introduction of the opt-out system on the basis of the discussion on the foreign debate and social consensus. But most importantly, it is the people's trust in these systems.

• The Korean Society of Law and Medicine
• /
• v.21 no.2
• /
• pp.75-103
• /
• 2020

There is a growing voice that medical information should be shared because it can prepare for genetic diseases or cancer by analyzing and utilizing medical information in big data or artificial intelligence to develop medical technology and improve patient care. The utilization and protection of patients' personal information are the same as two sides of the same coin. Medical institutions or medical personnel should take extra caution in handling personal information with high environmental distinct characteristics and sensitivity, which is different from general information processors. In general, the patient's personal information is processed by medical personnel or medical institutions through the processes of collection, creation, and destruction. Still, the use of terms related to personal information in the Medical Service Act is jumbled, or the scope of application is unclear, so it relies on the interpretation of precedents. For the medical personnel or the founder of the medical institution, in the case of infringement of Article 24(4), it cannot be regarded that it means only medical treatment information among personal information, whether or not it should be treated the same as the personal information under Article 23, because the sensitive information of patients is recorded, saved, and stored in electronic medical records. Although the prohibition of information leakage under Article 19 of the Medical Service Act has a revision; 'secret' that was learned in business was revised to 'information', but only the name was changed, and the benefit and protection of the law is the same as the 'secret' of the criminal law, such that the patient's right to self-determination of personal information is not protected. The Privacy Law and the Local Health Act consider the benefit and protection of the law in 'information learned in business' as the right to self-determination of personal information and stipulate the same penalties for personal information infringement such as leakage, forgery, alteration, and damage. The privacy regulations of the Medical Service Act require that the terms be adjusted uniformly because the jumbled use of terms can confuse information subjects, information processors, and shows certain limitations on the protection of personal information because the contents or scope of the regulations of the Medical Service Law for special corporations and the Privacy Law may cause confusion in interpretation. The patient's personal information is sensitive and must be safely protected in its use and processing. Personal information must be processed in accordance with the protection principle of Privacy Law, and the rights such as privacy, freedom, personal rights, and the right to self-determination of personal information of patients or guardians, the information subject, must be guaranteed.

• The Korean Society of Law and Medicine
• /
• v.20 no.2
• /
• pp.261-285
• /
• 2019

The essential policy of suicide prevention is to continuously manage and treat suicide attempted people through data base related to suicide retry rate and follow-up study report. In Korea, only few people are allowed to follow-up by the Personal Information Protection Act. As a result, the research participation rate and the service participation rate are rather low, so that the research participants is limited to a part of the suicide attempted people. Therefore, the policy proposals to be improved in the Ministry of Health and Welfare Act were examined comparatively in order to increase the practical utilization of the suicide prevention about Article 14 and Article 20 of the Suicide Prevention Act. As a criterion for policy improvement, measures for non-discrimination of information to be considered in terms of technical and ethical dimensions and non-profit research and medical information for medical purposes were suggested. In addition to the severity of the suicide, the suicide risk was assessed and the criteria for the objective assessment of the follow-up observation were considered in consideration of the severity of the suicide.