• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.10a
• /
• pp.552-555
• /
• 2017

It is de-identification that emerged to find the trade-off between the use of big data and the protection of personal information. In particular, in the field of medical that deals with various semi-identifier information and sensitive information, de-identification must be performed in order to use medical consultation such as EMR and voice, KakaoTalk, and SNS. However, there is no separate law for medical information protection and legislation for de-identification. Therefore, in this study, we present the current status of de-identification of personal information, the status and case of de-identification of medical information, and finally we provide issues and solutions for medial information protection and de-identification.

• Proceedings of the Korean Information Science Society Conference
• /
• 2006.10c
• /
• pp.160-165
• /
• 2006

질병을 예방하고 건강을 보호하기 위해서 개인의료정보를 지속적으로 관리하고, 관련 기관이 필요시 손쉽게 이용할 수 있어야 한다. 특히 서로 다른 기관으로부터 발생된 의료정보들을 통합, 관리할 필요가 있다. 이에 본 논문에서는 XML을 기반 기술로 이용하면서, XML만을 이용할 경우 XML 문서의 종류와 개수가 많아지면서 발생하는 문서관리상의 비효율성 문제를 해결하기 위하여 관계형 데이터베이스를 함께 이용한 의료정보 통합모델을 제안한다. 이를 통해 XML과 관계형 데이터베이스의 장점을 함께 이용하여 복잡하고 시간에 따라 변할 수 있는 의료정보를 구조적으로 표현하고, 유연하게 관리하며, 효율적으로 검색할 수 있으며, 향후 시스템 개발에 있어서도 확장성이 용이하다.

• Review of KIISC
• /
• v.20 no.3
• /
• pp.90-96
• /
• 2010

최근 의료기술 발전에 따라 질병의 예방 및 관리에 대한 소비자의 요구사항이 증가하고 있다. 이러한 요구사항에 부응하기 위해 IT와 의료분야의 융합으로 u-헬스케어 서비스가 실현되고 있다. 언제 어디서나 의료서비스를 제공받을 수 있는 u-헬스케어 서비스의 활성화는 의료데이터의 공유 및 활용이 전제조건이 될 것이다. 그러나 의료데이터의 공유 및 활용으로 인해 의료정보에 포함된 개인정보, 병력정보 등의 프라이버시가 침해될 우려가 있다. 본 논문에서는 의료데이터의 공유 및 활용상에서 발생하는 보안 요구사항을 검토한다.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.13 no.3
• /
• pp.250-261
• /
• 2020

Today, data subjects should be considered to utilize various personal data. To support this paradigm, the concept of "My Data" has proposed and has realized in various industrial sectors, including medial sectors. Based on the concept of the medical My Data, this paper proposes a personal health record (PHR) and an electronic medical record (EMR) data trading model. Particularly, this paper proposes a system model to support the medical My Data environment and relevant procedure among stakeholders for PHR/EMR data trading that ensures the rights of data subjects. Based on the proposed system model, this paper also proposes various mathematical models to analyze the behavior of stakeholders and shows the feasibility of the proposed data trading model that satisfies the requirements of both data subjects and data consumers.

• The Korean Society of Law and Medicine
• /
• v.17 no.2
• /
• pp.315-346
• /
• 2016

With the development of big data processing technology, the potential value of healthcare big data has attracted much attention. In order to realize these potential values, various research using the healthcare big data are essential. However, the big data regulatory system centered on the Personal Information Protection Act does not take into account the aspect of big data as an economic material and causes many obstacles to utilize it as a research purpose. The regulatory system of healthcare information, centered on the primary purpose of patient treatment, should be improved in a way that is compatible with the development of technology and easy to use for public interest. To this end, it is necessary to examine the trends of overseas legal system reflecting the concerns about the balance of protection and utilization of personal information. Based on the implications of the overseas legal system, we can derive improvement points in the following directions from our legal system. First, a legal system that specializes in healthcare information and encompasses protection and utilization is needed. De-identification, which is an exception to the Privacy Act, should also clearly define its level. It is necessary to establish a legal basis for linking healthcare big data to create synergy effects in research. It is also necessary to examine the introduction of the opt-out system on the basis of the discussion on the foreign debate and social consensus. But most importantly, it is the people's trust in these systems.

• The Korean Society of Law and Medicine
• /
• v.24 no.4
• /
• pp.67-101
• /
• 2023

The utilization of generative AI in the medical field is also being rapidly researched. Access to vast data sets reduces the time and energy spent in selecting information. However, as the effort put into content creation decreases, there is a greater likelihood of associated issues arising. For example, with generative AI, users must discern the accuracy of results themselves, as these AIs learn from data within a set period and generate outcomes. While the answers may appear plausible, their sources are often unclear, making it challenging to determine their veracity. Additionally, the possibility of presenting results from a biased or distorted perspective cannot be discounted at present on ethical grounds. Despite these concerns, the field of generative AI is continually advancing, with an increasing number of users leveraging it in various sectors, including biomedical and life sciences. This raises important legal considerations regarding who bears responsibility and to what extent for any damages caused by these high-performance AI algorithms. A general overview of issues with generative AI includes those discussed above, but another perspective arises from its fundamental nature as a large-scale language model ('LLM') AI. There is a civil law concern regarding "the memorization of training data within artificial neural networks and its subsequent reproduction". Medical data, by nature, often reflects personal characteristics of patients, potentially leading to issues such as the regeneration of personal information. The extensive application of generative AI in scenarios beyond traditional AI brings forth the possibility of legal challenges that cannot be ignored. Upon examining the technical characteristics of generative AI and focusing on legal issues, especially concerning the protection of personal information, it's evident that current laws regarding personal information protection, particularly in the context of health and medical data utilization, are inadequate. These laws provide processes for anonymizing and de-identification, specific personal information but fall short when generative AI is applied as software in medical devices. To address the functionalities of generative AI in clinical software, a reevaluation and adjustment of existing laws for the protection of personal information are imperative.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2021.11a
• /
• pp.301-304
• /
• 2021

4차 산업혁명 시대가 도래함에 따라 사물인터넷(IoT)이 다양한 산업의 영역에서 활용되고 있다. 특히 IoT 기술 및 서비스를 활용하는 분야 중 하나인 스마트 의료 분야는 최근 소프트웨어 및 네트워크의 연결성이 강화되면서 사이버보안 사고가 급증하고 있다. 따라서 스마트 의료 기기·서비스 개발단계부터 보안을 고려하여 안전하게 개발하는 것이 필요하며, 서비스 제공시에도 보안을 고려하여 안전하게 관리 및 서비스를 제공하는 것이 필요하다. 이에 본 연구에서는 IoT 서비스 활용 분야 중 스마트 의료 분야에서 원격의료 서비스의 개인정보 침해 요인을 도출하고 이를 토대로 어택트리 기반의 시나리오 분석을 수행하고자 한다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.47-49
• /
• 2021

According to the revision of the Data 3 Act in 2020, personal information of medical data can be processed anonymously for statistical purposes, research, and public interest record keeping. However, unidentified data can be re-identified using genetic information, credit information, etc., and personal health information can be abused as sensitive information. In this paper, we derive the need for homomorphic encryption to protect the privacy of personal information separated by sensitive information.

• Review of KIISC
• /
• v.22 no.1
• /
• pp.47-57
• /
• 2012

미국의 개인정보보호 정책은 시장의 자율규제에 입각하여 소비자의 권리를 보호하는 것에 초점을 맞추고 있다. 관리되는 법률로는 연방정부기관이 보유하고 있는 개인정보에 관한 보호법규인 1974년의 프라이버시법(Federal Privacy Act 1974)과 각 주단위로 규정된 프라이버시권 관련 법률들이 있다. 현재 공공과 개인을 아울러서 총괄하는 법은 존재하지 않지만 다양한 영역별로 접근 방식을 택하여 세부적으로 공공, 금융, 통신, 교육, 의료, 비디오 감시, 근로자 정보 등 각 영역별로 제정하여 시행하고 있다. 본고에서는 미국의 개인정보보호 법제 현황에 대해 살펴보았으며, 최근에 국내에서도 수행기관이 지정된 개인정보영향평가에 대한 내용을 분석하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.251-260
• /
• 2010

Through the convergence of medical services and the IT technique, the patient's personal health information computerization has been rapidly spread with propagation of electronic medical record(EHR). In addition, by entering u-health, the demand of the secondary use for public health, medical research, and medical service using electronic patient health care records are increasing. The personal health information secondary uses for the development of academic medical area and service, are very good thing. But, carelessly to use personal health information, the patient privacy would be damaged. However, there are not yet systematic studies about secondary use of personal health information. Therefore, in this paper, we analyze the difference of the internal and external bill for personal medical data secondary use and propose the direction of the medical service development and preservation of the individual's privacy.