• The Journal of Korean Institute of Next Generation Computing
• /
• v.13 no.6
• /
• pp.66-76
• /
• 2017

In this study, we investigated how to protect personal healthcare information when constructing OMOP (Observational Medical Outcomes Partnership) CDM (Common Data Model). There are two proposed methods; to restrict data corresponding to HIPAA (Health Insurance Portability and Accountability Act) PHI (Protected Health Information) to be extracted to CDM or to disable identification of it. While processing sensitive information is restricted by Korean Personal Information Protection Act and medical law, there is no clear regulation about what is regarded as sensitive information. Therefore, it was difficult to select the sensitive information for protecting personal healthcare information. In order to solve this problem, we defined HIPAA PHI as restriction criterion of Article 23 of the Personal Information Protection Act and maps data corresponding to CDM data. Through this study, we expected that it will contribute to the spread of CDM construction in Korea as providing solutions to the problem of protection of personal healthcare information generated during CDM construction.

• The Korean Society of Law and Medicine
• /
• v.22 no.4
• /
• pp.117-157
• /
• 2021

This research reviewed the HIPAA/HITECH, 21st Century Cures Act, Common Law, and private Guidances from the perspectives in protecting and utilitizing the medical data, while implications were followed. First, the standards for protection and utilization are relatively clearly regulated through single law on personal medical information in the United States. The HIPAA has been introduced in 1996 as fundamental act on protection of medical data. Medical data was divided into personally identifiable information, non-identifying information, and limited dataset under HIPAA. Regulations on de-identification measures for medical information, objects for deletion of limited data sets, and agreement on prohibition of data re-identification were stipulated. Moreover, in the 21st Century Cures Act regulated mutual compatibility for data sharing, prohibition of data blocking, and strengthening of accessibility of data subjects. Common Law introduced comprehensive consent system and clearly stipulates procedures. Second, the regulatory system is relatively simplified and clearly stipulated in the United States. To be specific, the expert consensus and the safe harbor system were introduced as an anonymity measure for identifiable medical information, which clearly defines the process while increasing trust. Third, the protection of the rights of the data subject is specified, the duty of explanation is specified in detail, while the information right of the consumer (opt-out procedure) for identification information is specified. For instance, the HHS rule and FDA regulations recognize the comprehensive consent system for human research, but the consent procedure, method, and requirements are stipulated through the common rule. Fourth, in the case of the United States, a trust-based system is being used throughout the health and medical data legislation. To be specific, Limited Data Sets are allowed to use in condition to the researcher's agreement to prohibit re-identification, and de-identification or consent process is simplified under the system.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.6 no.8
• /
• pp.15-23
• /
• 2016

Recently the interest in secondary use of medical information has emerged. But the domestic legislation or guidelines, such as being able to say that already specialize in healthcare information, can be seen a 'national medical privacy guidelines'. However the guidelines have suggested that only a violation of privacy laws in the medical information, it does not defined clearly with respect to protected health information(PHI) for secondary use. In this paper, we learn the HIPAA(Health Insurance Portability and Accountability Act) Privacy Rule of the US legislation which provides a non-identifiable screen instructions for secondary utilization of medical information, domestic guidelines and other country's guidelines. comparing with the HIPAA, national medical privacy guidelines and the domestic studies, we propose a new domestic target non-identifying information suitable for the domestic field and present future research direction.