保护与利用健康和医疗大数据:来自韩国的政策视角
Protecting and Utilizing Health and Medical Big Data: Policy Perspectives from Korea.
作者信息
Lee Dongjin, Park Mijeong, Chang Seungwon, Ko Haksoo
机构信息
School of Law, Seoul National University, Seoul, Korea.
出版信息
Healthc Inform Res. 2019 Oct;25(4):239-247. doi: 10.4258/hir.2019.25.4.239. Epub 2019 Oct 31.
OBJECTIVES
We analyzed Korea's data privacy regime in the context of protecting and utilizing health and medical big data and tried to draw policy implications from the analyses.
METHODS
We conducted comparative analyses of the legal and regulatory environments governing health and medical big data with a view to drawing policy implications for Korea. The legal and regulatory regimes considered include the following: the European Union, the United Kingdom, France, the United States, and Japan. We reviewed relevant statutory materials as well as various non-statutory materials and guidelines issued by public authorities. Where available, we also examined policy measures implemented by government agencies.
RESULTS
In this study, we investigated how various jurisdictions deal with legal and regulatory issues that may arise from the use of health and medical information with regard to the protection of data subjects' rights and the protection of personal information. We compared and analyzed various forms of legislation in various jurisdictions and also considered technical methods, such as de-identification. The main findings include the following: there is a need to streamline the relationship between the general data privacy regime and the regulatory regime governing health and medical big data; the regulatory and institutional structure for data governance should be more clearly delineated; and regulation should encourage the development of suitable methodologies for the de-identification of data and, in doing so, a principle-based and risk-based approach should be taken.
CONCLUSIONS
Following our comparative legal analyses, implications were drawn. The main conclusion is that the relationship between the legal requirements imposed for purposes of personal information protection and the regulatory requirements governing the use of health and medical data is complicated and multi-faceted and, as such, their relationship should be more clearly streamlined and delineated.
目的
我们在保护和利用健康与医学大数据的背景下分析了韩国的数据隐私制度,并试图从分析中得出政策启示。
方法
我们对健康与医学大数据的法律和监管环境进行了比较分析,以期为韩国得出政策启示。所考虑的法律和监管制度包括:欧盟、英国、法国、美国和日本。我们审查了相关的法定材料以及公共当局发布的各种非法定材料和指南。如有可能,我们还研究了政府机构实施的政策措施。
结果
在本研究中,我们调查了各司法管辖区如何处理因使用健康和医学信息而可能产生的法律和监管问题,涉及保护数据主体权利和保护个人信息。我们比较和分析了各司法管辖区的各种立法形式,并考虑了诸如去识别化等技术方法。主要研究结果如下:需要简化一般数据隐私制度与健康和医学大数据监管制度之间的关系;数据治理的监管和体制结构应更清晰地界定;监管应鼓励开发适用于数据去识别化的方法,并且在此过程中应采取基于原则和基于风险的方法。
结论
经过比较法律分析后得出了启示。主要结论是,为保护个人信息而施加的法律要求与管理健康和医学数据使用的监管要求之间的关系复杂且多面,因此,它们之间的关系应更清晰地简化和界定。
Zotero 插件