Health informatics. Guidelines on data protection to facilitate transborder flows of personal health data

The United Kingdom’s Data Protection Act 2018 introduces a new public interest test applicable to the research processing of personal health data. The need for interpretation and application of this new safeguard creates a further opportunity to craft a health data governance landscape deserving of public trust and confidence. At the minimum, to constitute a positive contribution, the new test must be capable of distinguishing between instances of health research that are in the public interest, from those that are not, in a meaningful, predictable and reproducible manner. In this article, we derive from the literature on theories of public interest a concept of public interest capable of supporting such a test. Its application can defend the position under data protection law that allows a legal route through to processing personal health data for research purposes that does not require individual consent. However, its adoption would also entail that the public interest test in the 2018 Act could only be met if all practicable steps are taken to maximise preservation of individual control over the use of personal health data for research purposes. This would require that consent is sought where practicable and objection respected in almost all circumstances. Importantly, we suggest that an advantage of relying upon this concept of the public interest, to ground the test introduced by the 2018 Act, is that it may work to promote the social legitimacy of data protection legislation and the research processing that it authorises without individual consent (and occasionally in the face of explicit objection).

The Policy Effect of the General Data Protection Regulation (GDPR) on the Digital Public Health Sector in the European Union: An Empirical Investigation

International Journal of Environmental Research and Public Health ◽

10.3390/ijerph16061070 ◽

2019 ◽

Vol 16 (6) ◽

pp. 1070 ◽

Cited By ~ 8

Author(s):

Bocong Yuan ◽

Jiannan Li

Keyword(s):

European Union ◽

Financial Performance ◽

Data Protection ◽

Digital Health ◽

Rapid Development ◽

Health Data ◽

Personal Health ◽

The European Union ◽

General Data Protection Regulation ◽

General Data

The rapid development of digital health poses a critical challenge to the personal health data protection of patients. The European Union General Data Protection Regulation (EU GDPR) works in this context; it was passed in April 2016 and came into force in May 2018 across the European Union. This study is the first attempt to test the effectiveness of this legal reform for personal health data protection. Using the difference-in-difference (DID) approach, this study empirically examines the policy influence of the GDPR on the financial performance of hospitals across the European Union. Results show that hospitals with the digital health service suffered from financial distress after the GDPR was published in 2016. This reveals that during the transition period (2016–2018), hospitals across the European Union indeed made costly adjustments to meet the requirements of personal health data protection introduced by this new regulation, and thus inevitably suffered a policy shock to their financial performance in the short term. The implementation of GDPR may have achieved preliminary success.

EL CONSENTIMIENTO PARA TRATAMIENTO DE DATOS PERSONALES DE SALUD EN TIEMPOS DEL COVID-19

YachaQ Revista de Derecho ◽

10.51343/yq.vi11.366 ◽

2020 ◽

pp. 145-164

Author(s):

RAÚL VÁSQUEZ RODRÍGUEZ

Keyword(s):

Data Processing ◽

Data Protection ◽

Personal Data ◽

Emergency Situation ◽

Health Data ◽

Fundamental Rights ◽

Health Protection ◽

Personal Health ◽

Constitutional Development ◽

Personal Data Protection

El presente artículo se centra en la interacción entre los derechos fundamentales a la protección de los datos personales y a la protección de la salud, en el marco de la lucha contra el covid-19 en el Perú. Se inicia el estudio con el desarrollo constitucional de tales derechos, para luego revisar sus respectivas normas legales, teniendo como objetivo esclarecer una de las herramientas básicas que permiten superar los conflictos que se presenten entre ambos en la presente circunstancia de emergencia nacional por el covid-19, concerniente al consentimiento para el tratamiento de datos personales. Adicionalmente, se estudiarán dos casos de tratamiento de datos personales en acciones de prevención del covid-19, que evidencian la pacífica coexistencia entre los derechos constitucionales y los intereses surgidos de la actual situación sanitaria. This paper focuses on interaction between fundamental rights of personal data protection and health protection, in the frame of fighting against covid-19 in Peru. This research begins with constitutional development of those rights, in order to review their related laws, having like an objective clarifying one of their basic legal resources which allow overcome any struggling between those rights during the current emergency state due to covid-19, related to c onsent for personal health data processing. In addition, twocases of personal data processing in preventing covid-19 actions will be studied, which show a peaceful interaction between aforementioned rights and interests arising from current emergency situation.

Protecting Personal Health Data through Privacy Awareness

Proceedings of the ACM on Human-Computer Interaction ◽

10.1145/3492830 ◽

2022 ◽

Vol 6 (GROUP) ◽

pp. 1-22

Author(s):

Melanie Duckert ◽

Louise Barkhuus

Keyword(s):

Conceptual Framework ◽

Data Protection ◽

Data Privacy ◽

Digital Health ◽

Health Data ◽

Design Guidelines ◽

Personal Health ◽

Health Records ◽

Perception Of Security ◽

Health Care Records

Digital health data is important to keep secure, and patients' perception around the privacy of it is essential to the development of digital health records. In this paper we present people's perceptions of the communication of data protection, in relation to their personal health data and the access to it; we focused particularly on people with chronic or long-term illness. Based on their use of personally accessible health records, we inquired into their explicit perception of security and sense of data privacy in relation to their health data. Our goal was to provide insights and guidelines to designers and developers on the communication of data protection in health records in an accessible way for the users. We analyzed their approach to and experience with their own health care records and describe the details of their challenges. A conceptual framework called "Privacy Awareness' was developed from the findings and reflects the perspectives of the users. The conceptual framework forms the basis of a proposal for design guidelines for Digital Health Record systems, which aim to address, facilitate and improve the users' awareness of the protection of their online health data.