THE LAW OF MEDICAL PRIVACY IN THE USA: NOT GOOD ENOUGH FOR COVID-19

This article addresses the privacy of medical and health data in the US. It analyzes the scope and requirements of federal and state laws in the US, and it discusses the weaknesses in the US protection of medical privacy. Then, this article explains how the weak US system of privacy protection was unable to handle many important privacy issues in the COVID-19 pandemic. Finally, the article concludes with some recommendations for action.

FAIDM for Medical Privacy Protection in 5G Telemedicine Systems

5G networks have an efficient effect in energy consumption and provide a quality experience to many communication devices. Device-to-device communication is one of the key technologies of 5G networks. Internet of Things (IoT) applying 5G infrastructure changes the application scenario in many fields especially real-time communication between machines, data, and people. The 5G network has expanded rapidly around the world including in healthcare. Telemedicine provides long-distance medical communication and services. Patient can get help with ambulatory care or other medical services in remote areas. 5G and IoT will become important parts of next generation smart medical healthcare. Telemedicine is a technology of electronic message and telecommunication related to healthcare, which is implemented in public networks. Privacy issue of transmitted information in telemedicine is important because the information is sensitive and private. In this paper, 5G-based federated anonymous identity management for medical privacy protection is proposed, and it can provide a secure way to protect medical privacy. There are some properties below. (i) The proposed scheme provides federated identity management which can manage identity of devices in a hierarchical structure efficiently. (ii) Identity authentication will be achieved by mutual authentication. (iii) The proposed scheme provides session key to secure transmitted data which is related to privacy of patients. (iv) The proposed scheme provides anonymous identities for devices in order to reduce the possibility of leaking transmitted medical data and real information of device and its owner. (v) If one of devices transmit abnormal data, proposed scheme provides traceability for servers of medical institute. (vi) Proposed scheme provides signature for non-repudiation.

Some legal issues of medical privacy in psychiatric practice

The article discusses a number of issues associated with medical privacy in psychiatry, including forensic psychiatric evaluation. Current Law of the Russian Federation “On Psychiatric Care and Guarantees of Citizens’ Rights in Its Provision” requires taking into account the mental state of a person with a mental disorder when informing him about his mental health condition. However this rule misses new realities of digital health and is not included into the legislation on protection of citizens’ health. It is hardly possible to realize in practice and it needs an additional and established by law mechanism of access to medical records, considering specific properties of psychiatric patients. Problems also arise with a mentally disordered person's access to his forensic psychiatric medical record. On the one hand, the report of forensic psychiatric evaluation is an evidence in the court case, and the procedure for its disclosure is regulated by procedural legislation and legislation on state forensic expert activities. On the other hand, the Constitutional Court of the Russian Federation considers such a report as a medical document, for which the rules of legislation on protection of citizens’ health apply. In this paper the authors propose the solution to this dilemma that requires corrections in the position of the Constitutional Court of the Russian Federation. The authors analyze the history of legislation on medical privacy and draw attention to obvious long-term trend that shows in continuing expansion of the range of persons who have right to access such information without consent of the citizen concerned. The authors conclude that medical privacy is gradually losing the nature of the right guaranteed by federal law. Especially worrying are the attempts of a number of state bodies and officials to obtain information about mental health of unspecified groups of people. Too many third parties already have access to medical information for various reasons, and the number is growing with introduction of digital health information systems. The authors come to conclusion that such a development can lead to serious negative consequences for the legally guaranteed rights of citizens and stress the importance of special attention to protection of medical information, including measures against unlawful access and possible leaks.

Attitudes of Patients and Their Families Towards Medical Privacy and Competence of Bearer or Receiver of Bad News

Background: Based on the patients’ and relatives’ views on the level of preservation of privacy rights of individuals, we propose a way to reduce problems and disagreements about the competence of the provider and recipient of bad news. Methods: In the current cross-sectional study, the participants were recruited from the main northwest hospital of Iran. It was also conducted to study the scope of medical privacy and competence of bearers or receivers of bad news. After the literature review, two questionnaires were designed and administered. They contained items pertinent to the scope of medical privacy and competence of bearers and receivers of bad news. Each item of the original questionnaire was scored on a 5-point Likert scale. Results: The model quality and significance level were obtained using KMO and Bartlett tests. The results (patient’s attitudes questionnaire: KMO=0729 and P<0.05 in the Bartlett test; family attitudes questionnaire: KMO=0.764 and P<0.05 in the Bartlett test) confirmed the model efficiency. According to the results from factor variance and their cumulative rate, the predictive power of the model was obtained as 62.019%, based on the overall factor variance rate. The majority of patients wanted to be informed about their disease conditions. They also considered bad news to be medical privacy and disagreed that their medical information should be opened up with others without permission. Conclusion: To preserve medical privacy, it is recommended that a system be designed that allows patients at the admission to the medical center to enlist their eligible family members to whom medical information can be delivered.

Privacy and Integrity of Medical Information

This chapter explores contemporary regulation of medical privacy in the United States and Europe and its challenges. The need for privacy is a fundamental human necessity. Privacy relates to human beings’ ability to maintain their dignity and avoid disclosure of information that might be deemed unpleasant. It is also associated with personal autonomy and informational self-determination. At the same time, however, some degree of data sharing is essential to the appropriate treatment of patients as well as to the proper functioning of society in general and the healthcare system in particular. Thus, privacy cannot be limitless. Hence, this chapter discusses regulatory strengths and shortcomings and highlights gaps in the law. It also suggests further safeguards that policy-makers should implement in order to protect patients and data subjects.

Medical Privacy and Big Data

This chapter explores the challenge that big data brings to medical privacy. Big data promises to significantly enhance the power of medicine to diagnose, treat, and prevent diseases. With this promise, however, come significant privacy risks to data subjects who could suffer unfair discrimination, exposure, extortion, and limited access to health care. To minimize these risks, inappropriate uses of data should be outlawed, and consent must be sought from data subjects, even if it is a limited form of consent such as tiered consent or consent from a data trust. Bad data practices should be made illegal, corporations managing sensitive data ought to respect fiduciary duties and confidentiality, as well as implement the best possible security protocols, and periodically delete data. Regulation must ensure that private companies do not monopolize medical data. I argue that the most effective way of protecting people from suffering unfair medical consequences is by having a public universal health-care system.

Research on electronic medical record access control based on blockchain

For the medical industry, there are problems such as poor sharing of medical data, tampering, and leakage of private data. In view of these problems, a blockchain-based electronic medical record access control research scheme based on the role-based access control model is proposed in this article. First, the appropriate access control strategy is adopted to solve the leakage problem of the user’s medical privacy information during the access process. Then, the information entropy technology is used to quantify the medical data, so that the medical data can be effectively and maximally utilized. Using the distributed general ledger characteristics of blockchain and its inherent security attributes, data islands can be eliminated, data sharing among medical systems can be promoted, access records can be prevented from being tampered with, and medical research and precise medical treatment can be better supported. Through this research, not only can user’s medical privacy information protection be realized during the service process but also patients can manage their own medical data autonomously, which is beneficial to privacy protection under the medical data sharing.