• The Korean Society of Law and Medicine
• /
• v.13 no.1
• /
• pp.359-395
• /
• 2012

In a broad term, health and medical data means all patient information that has been generated or circulated in government health and medical policies, such as medical research and public health, and all sorts of health and medical fields as well as patients' personal data, referred as medical data (filled out as medical record forms) by medical institutions. The kinds of health and medical data in medical records are prescribed by Articles on required medical data and the terms of recordkeeping in the Enforcement Decree of the Medical Service Act. As EMR, OCS, LIS, telemedicine and u-health emerges, sharing and protecting digital health and medical data is at issue in these days. At medical institutions, health and medical data, such as medical records, is classified as "sensitive information" and thus is protected strictly. However, due to the circulative property of information, health and medical data can be public as well as being private. The legal grounds of health and medical data as such are based on the right to informational self-determination, which is one of the fundamental rights derived from the Constitution. In there, patients' rights to refuse the collection of information, to control recordkeeping (to demand access, correction or deletion) and to control using and sharing of information are rooted. In any processing of health and medical data, such as generating, recording, storing, using or disposing, privacy can be violated in many ways, including the leakage, forgery, falsification or abuse of information. That is why laws, such as the Medical Service Act and the Personal Data Protection Law, and the Guideline for Protection of Personal Data at Medical Institutions (by the Ministry of Health and Welfare) provide for technical, physical, administrative and legal safeguards on those who handle personal data (health and medical information-processing personnel and medical institutions). The Personal Data Protection Law provides for the collection, use and sharing of personal data, and the regulation thereon, the disposal of information, the means of receiving consent, and the regulation of processing of personal data. On the contrary, health and medical data can be inspected or delivered of the copies, based on the principle of restriction on fundamental rights prescribed by the Constitution. For instance, Article 21(Access to Record) of the Medical Service Act, and the Personal Data Protection Law prescribe self-disclosure, the release of information by family members or by laws, the exchange of medical data due to patient transfer, the secondary use of medical data, such as medical research, and the release of information and the release of information required by the Personal Data Protection Law.

• Journal of Arbitration Studies
• /
• v.31 no.2
• /
• pp.119-135
• /
• 2021

South Korea has the most advanced technology in the Fourth Industrial Revolution era because of its high-speed Internet commercialization. However, the industry is shrinking due to its various regulations in building and its utilization of personal information as big data. Currently, South Korea's personal data utilization business is in its early stages. In the era of the 4th Industrial Revolution, it is difficult for startups to use data. There are various causes here. Above all, legal regulations to protect personal information are emphasized. This study confirms that transactions of personal medical records through My Data can be made. Moreover, it confirms that there is a need for a mediating role between stakeholders. This study lacks statistical access in the process of performing stakeholder roles. However, personal medical records will be traded safely in the future, and new subjects will enter the market. Furthermore, the domestic bio-industry will develop. Through this study, various problems were derived in establishing Medical MyData in Korea. Moreover, it looks forward to continuing various studies in the health care sector in the future.

• The Journal of the Korea Contents Association
• /
• v.17 no.6
• /
• pp.600-612
• /
• 2017

The purpose of the research is that how awareness of importance of personal medical data, laws regarding personal medical data and perception gap regarding information of medical data system may affect usage of hospital convenience between a regular patient who has experienced hospital service and medical professionals. Preceding research analysis was conducted previous on establishing research model; 150 questionnaires to a regular patient and 150 questionnaires for a medical professional, total of 300 questionnaires were gathered for conducting a question investigation. First of all, the research concluded that there are a regular perception differences between a regular patient and medical professional. Moreover, there are perception differences among the different gender, age, and area of residence. Furthermore, medical professionals tend to consider that convenience of hospital usage will be increased if user strengthens recognition of security of personal medical data. Results of hypothesis stress that higher awareness of exposure of personal medical data and medical information system affect decision making convenience for a better usage of hospital. On the other side, awareness of laws related with personal medical information security does not affect decision making convenience of hospital usage and transaction. The results of the research analyzes with proof that strengthening awareness of personal medical data security positively increase convenience of decision making and transactions in selection of provided medical service.

• The Journal of Korean Institute of Next Generation Computing
• /
• v.13 no.6
• /
• pp.66-76
• /
• 2017

In this study, we investigated how to protect personal healthcare information when constructing OMOP (Observational Medical Outcomes Partnership) CDM (Common Data Model). There are two proposed methods; to restrict data corresponding to HIPAA (Health Insurance Portability and Accountability Act) PHI (Protected Health Information) to be extracted to CDM or to disable identification of it. While processing sensitive information is restricted by Korean Personal Information Protection Act and medical law, there is no clear regulation about what is regarded as sensitive information. Therefore, it was difficult to select the sensitive information for protecting personal healthcare information. In order to solve this problem, we defined HIPAA PHI as restriction criterion of Article 23 of the Personal Information Protection Act and maps data corresponding to CDM data. Through this study, we expected that it will contribute to the spread of CDM construction in Korea as providing solutions to the problem of protection of personal healthcare information generated during CDM construction.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.13 no.3
• /
• pp.250-261
• /
• 2020

Today, data subjects should be considered to utilize various personal data. To support this paradigm, the concept of "My Data" has proposed and has realized in various industrial sectors, including medial sectors. Based on the concept of the medical My Data, this paper proposes a personal health record (PHR) and an electronic medical record (EMR) data trading model. Particularly, this paper proposes a system model to support the medical My Data environment and relevant procedure among stakeholders for PHR/EMR data trading that ensures the rights of data subjects. Based on the proposed system model, this paper also proposes various mathematical models to analyze the behavior of stakeholders and shows the feasibility of the proposed data trading model that satisfies the requirements of both data subjects and data consumers.

• The Korean Society of Law and Medicine
• /
• v.24 no.2
• /
• pp.35-77
• /
• 2023

As the amendment to the Personal Information Protection Act, which newly established the basis for the right to request transmission of personal information, was promulgated through the plenary session of the National Assembly, MyData, which was previously applied only to the financial sector, could spread to all fields. The right to request transmission of personal information is the right of the information subject to be guaranteed for the realization of MyData. However, since the right to request transmission of personal information stipulated in the Personal Information Protection Act is designed to be applied to all fields, not a special field such as the medical field, it has many shortcomings to act as a core basis for implementing MyData in Medicine. Based on this awareness of the problem, this paper compares and analyzes major legal trends related to the right to portability of personal health information at home and abroad, and examines the limitations of Korea's Personal Information Protection Act and Medical Act in realizing Medical MyData. Under the Personal Information Protection Act, the right to request transmission of personal information is insufficient to apply to the medical field, such as the scope of information to be transmitted, the transmission method, and the scope of the person obligated to perform the transmission, etc.. Regulations on the right to access medical information and transmission of medical records under the Medical Act also have limitations in implementing the full function of Medical My Data in that the target information and the leading institution are very limited. In order to overcome these limitations, this paper prepared a separate and independent special law to regulate matters related to the use and protection of personal health information as a measure to improve the legal system that can effectively guarantee the right to portability of personal health information, taking into account the specificity of the medical field. It was proposed to specifically regulate the contents of the movement and transmission system of personal health information.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.2
• /
• pp.587-608
• /
• 2022

The European Union recently established the General Data Protection Regulation (GDPR) for secure data use and personal information protection. Inspired by this, South Korea revised their Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, and the Credit Information Use and Protection Act, collectively known as the "Three Data Bills," which prescribe safe personal information use based on pseudonymous data processing. Based on these bills, the personal data store (PDS) has received attention because it utilizes the MyData service, which actively manages and controls personal information based on the approval of individuals, and it practically ensures their rights to informational self-determination. Various types of PDS models have been developed by several countries (e.g., the US, Europe, and Japan) and global platform firms. The South Korean government has now initiated MyData service projects for personal information use in the financial field, focusing on personal credit information management. There is also a need to verify the efficacy of this service in diverse fields (e.g., medical). However, despite the increased attention, existing MyData models and frameworks do not satisfy security requirements of ensured traceability, transparency, and distributed authentication for personal information use. This study analyzes primary PDS models and compares them to an internationally standardized framework for personal information security with guidelines on MyData so that a proper PDS model can be proposed for South Korea.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.251-260
• /
• 2010

Through the convergence of medical services and the IT technique, the patient's personal health information computerization has been rapidly spread with propagation of electronic medical record(EHR). In addition, by entering u-health, the demand of the secondary use for public health, medical research, and medical service using electronic patient health care records are increasing. The personal health information secondary uses for the development of academic medical area and service, are very good thing. But, carelessly to use personal health information, the patient privacy would be damaged. However, there are not yet systematic studies about secondary use of personal health information. Therefore, in this paper, we analyze the difference of the internal and external bill for personal medical data secondary use and propose the direction of the medical service development and preservation of the individual's privacy.

• Journal of Information Management
• /
• v.36 no.1
• /
• pp.125-154
• /
• 2005

Due to the development of Internet and the collection and usage of the individual information, the infringements of the personal data have been increased rapidly. Regarding the personal data protection in the medical industry, it is clearly described in 'Act on Promotion of Information and Communication Network Utilization and information Protection, etc.'. the law is ratified on the basis of the service provider, therefore, it has its own limitation to be applied to medical industry. Therefore, this paper is to set the security standard and to discuss the range of legal application and considerations on its basis for the domestic medical institution at the electronic medical record system. We exemplify specific applicable content of the electronic signature in the electronic medical record also, present a security assessment item in electronic medical system and set the criteria for the security standard in the medical industry.

• Korea Journal of Hospital Management
• /
• v.24 no.2
• /
• pp.1-11
• /
• 2019

Purpose: The purpose of this study is to identify relationship between work unstability and personal medical expenditure ratio focusing on wage workers' contract period. Method: This study analyzed 2015 yearly data beta version of Korea Health Panel, co-managed by Korea Institute for Health and Social Affairs and National Insurance Corporation for data analysis. When executing linear regression, Household income was applied with equivalized income, and the proportion of personal medical expenditure was naturally logged to perform linear regression and the demographic and socioeconomic factors were taken into account. The demographic and socio-economic factors were also considered. Findings: As a result of reviewing the used factors, it was found that the more unstable work status, the higher personal medical expenditure ratio. This result corresponds to 'The Theory of Fundamental Causes' by Link & Phelan. Conclusion : It indicates that policy efforts should be made to improve the working environment and health level of socially unstable workers.