ABSTRACT
The use of digital means has made the public health emergency management more efficient and convenient. However, in the practice of managing public health emergencies, there are dilemmas in the protection of personal health information, such as the imperfect legal system, the weakened right of informed consent and control, the lack of reasonable norms in the collection and use of information, and the disclosure of personal health information. To solve the dilemma of personal health information protection, it is necessary to improve the corresponding legal mechanism, strengthen the classification of health information, standardize the behavior of health information collection and use, enhance the technical support of personal health information protection, build a system combining law and technology, and protect the security of personal health information.
ABSTRACT
According to Article 17 of the Korean Constitution, the privacy of no citizen shall be infringed. There have been considerable advances in the fields of computers and communications technology in the late 20th century. However, processing large amounts of personal information has caused many problems. In Korea, incidents of personal information leakage have been occurring frequently. To solve these problems, the Personal Information Protection Act was enacted in 2011. The most significant feature of this Act is that it applies not only to public institutions, but also to corporate bodies, organizations, and individuals who manage personal information. However, the Act does not allow the management of personal information for public purposes such as public health. Recently, the European Parliament has adopted a legislative resolution on the proposed European Union General Protection Regulation. This regulation allows the management of personal information for public health, reflecting the opinions of European public health experts. According to Article 81 of the proposed regulation, processing of personal data concerning health is permitted for the purposes of preventive or occupational medicine, medical diagnosis, the provision of care or treatment, or the management of health-care services. It is also permitted for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety for medicinal products or medical devices and reasons of public interest in areas such as social protection, in order to ensure the quality and cost-effectiveness of the health insurance system and the provision of health services. The proposed regulation is an example of the balance of privacy and public interest in the management of personal information. Although the management of personal information is allowed in the public interest without the consent of the subject of the information, all measures should be taken for privacy protection. It is time for Korea to take legislative steps for the management of personal health information for public health under conditions of strict privacy protection measures.
Subject(s)
Humans , Computer Security , Constitution and Bylaws , Delivery of Health Care , Diagnosis , European Union , Health Services , Insurance, Health , Jurisprudence , Korea , Occupational Medicine , Privacy , Public Health , Public PolicyABSTRACT
OBJECTIVES: The information security management systems (ISMS) of 5 hospitals with more than 500 beds were evaluated with regards to the level of information security, management, and physical and technical aspects so that we might make recommendations on information security and security countermeasures which meet both international standards and the needs of individual hospitals. METHODS: The ISMS check-list derived from international/domestic standards was distributed to each hospital to complete and the staff of each hospital was interviewed. Information Security Indicator and Information Security Values were used to estimate the present security levels and evaluate the application of each hospital's current system. RESULTS: With regard to the moderate clause of the ISMS, the hospitals were determined to be in compliance. The most vulnerable clause was asset management, in particular, information asset classification guidelines. The clauses of information security incident management and business continuity management were deemed necessary for the establishment of successful ISMS. CONCLUSIONS: The level of current ISMS in the hospitals evaluated was determined to be insufficient. Establishment of adequate ISMS is necessary to ensure patient privacy and the safe use of medical records for various purposes. Implementation of ISMS which meet international standards with a long-term and comprehensive perspective is of prime importance. To reflect the requirements of the varied interests of medical staff, consumers, and institutions, the establishment of political support is essential to create suitable hospital ISMS.
Subject(s)
Humans , Commerce , Compliance , Dietary Sucrose , Hospitals , Medical Records , Medical Staff , PrivacyABSTRACT
OBJECTIVE: To supplement a previous study on the management of medical records with a view to preparing a system capable of ensuring basic patient rights regarding the protection of confidential medical information. The study objectives are to provide detailed guidelines to regulate the access and protection of medical information by analyzing patients' understanding and views regarding the dissemination of medical records. METHODS: A self-administered questionnaire was administered to 781 patients who visited five University hospitals located in Seoul, Busan, Gyeonggi, Chungnam and Jeonnam from July to September, 2008 and asked for copies of medical records to be issued. Data were analyzed by using the statistical program SPSS 13.0. RESULTS: More than 70% of respondents wanted to access their medical records after confirming the required documents. The highest distribution in the range of persons able to receive copies of medical records without the individual patient's consent or required documents was 'only personally' in each variable. Copies of medical records were issued mostly within 1 hour, while the appropriate time of issuing the copies was within one day. Half of respondents approved of a subscription system that did not require a doctor consultation. The results regarding changes in the ways to request/issue copies of medical records to improve the convenience for applicants differed significantly according to age. CONCLUSION: Considering the sensitivity of personal health information, medical records should only be issued with the patient's consent and by confirming the identity of the designated person with required documents. Furthermore, people should be aware of the importance of protecting personal health information, and medical institutes should inform the requirements for bringing the relevant documents. Medical institutes play an important role in protecting personal records, which necessitates generalized guidelines.
Subject(s)
Humans , Academies and Institutes , Coat Protein Complex I , Surveys and Questionnaires , Hospitals, University , Medical Records , Patient RightsABSTRACT
OBJECTIVE: The development of information communication technology (ICT) and the demand for managing the healthy lives of individuals are accelerating the informatization of the health and medical field. Considering this environment and the needs of the individual, this paper has designed and developed a web and mobile storage device-based personal health record (PHR) system that individuals can manage by themselves anywhere, anytime, whether on-line or off-line. Based on the experience of implementing the system, its development method, results, and relevant technical issues are described. SYSTEM DESIGN AND DESCRIPTION: This system is implemented to manage PHR, including vital signs and ingested/consumed calories for a lifetime by connecting a PHR-integrated web server to each hospital's information system, and the PHR programs installed in the individual's PC or USB flash memory drive. To achieve this, an interface module, web server system, and PHR viewer program for individuals are developed. RESULTS: When it is off-line, the PHR program is operated to inquire the data saved in the DB, and the self-measured information can be inputted. When it is on-line, it calls the web service function to inquire the medical information, including hospital visit history, prescription history, diagnosis result, image inspection result and medical treatment result. CONCLUSION: This system connects home and mobile healthcare to hospitals but minimizes information leakage because the data is not accumulated. By loading a plug & play, PHR viewer to an easy-to-carry mobile storage device, the systems supports a sustainable health management.