Protecting and Utilizing Health and Medical Big Data: Policy Perspectives from Korea
10.4258/hir.2019.25.4.239
- Author:
Dongjin LEE
1
;
Mijeong PARK
;
Seungwon CHANG
;
Haksoo KO
Author Information
1. School of Law, Seoul National University, Seoul, Korea. hsk@snu.ac.kr
- Publication Type:Legislation
- Keywords:
Big Data;
De-identification;
Data Protection;
Privacy;
Research
- MeSH:
Computer Security;
European Union;
France;
Government Agencies;
Great Britain;
Humans;
Japan;
Korea;
Privacy;
United States
- From:Healthcare Informatics Research
2019;25(4):239-247
- CountryRepublic of Korea
- Language:English
-
Abstract:
OBJECTIVES: We analyzed Korea's data privacy regime in the context of protecting and utilizing health and medical big data and tried to draw policy implications from the analyses. METHODS: We conducted comparative analyses of the legal and regulatory environments governing health and medical big data with a view to drawing policy implications for Korea. The legal and regulatory regimes considered include the following: the European Union, the United Kingdom, France, the United States, and Japan. We reviewed relevant statutory materials as well as various non-statutory materials and guidelines issued by public authorities. Where available, we also examined policy measures implemented by government agencies. RESULTS: In this study, we investigated how various jurisdictions deal with legal and regulatory issues that may arise from the use of health and medical information with regard to the protection of data subjects' rights and the protection of personal information. We compared and analyzed various forms of legislation in various jurisdictions and also considered technical methods, such as de-identification. The main findings include the following: there is a need to streamline the relationship between the general data privacy regime and the regulatory regime governing health and medical big data; the regulatory and institutional structure for data governance should be more clearly delineated; and regulation should encourage the development of suitable methodologies for the de-identification of data and, in doing so, a principle-based and risk-based approach should be taken. CONCLUSIONS: Following our comparative legal analyses, implications were drawn. The main conclusion is that the relationship between the legal requirements imposed for purposes of personal information protection and the regulatory requirements governing the use of health and medical data is complicated and multi-faceted and, as such, their relationship should be more clearly streamlined and delineated.