Health Information Privacy: Asia's Viewpoint


Published on

Theera-Ampornpunt N. Health information privacy: Asia's viewpoint. Presented at: Globalizing Asia: Health Law, Governance, and Policy - Issues, Approaches, and Gaps!; 2012 Apr 16-18; Bangkok, Thailand.

Published in: Health & Medicine, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Health Information Privacy: Asia's Viewpoint

  1. 1. Health Information Privacy: Asia’s Viewpoint Nawanan Theera-Ampornpunt, MD, PhD Faculty of Medicine Ramathibodi Hospital Mahidol University
  2. 2. Privacy: Why?
  3. 3. Privacy: Ethical Principles• Autonomy• Non-maleficencePrimum non nocere (First, do no harm)
  4. 4. Hippocratic Oath...What I may see or hear in the course oftreatment or even outside of thetreatment in regard to the life of men,which on no account one must spreadabroad, I will keep myself holding suchthings shameful to be spoken about....
  6. 6. Levels of U.S. Privacy Laws Federal Level State Level
  7. 7. Health Information Privacy Laws: U.S. Federal Government• Health Insurance Portability and Accountability Act of 1996 (HIPAA) – Privacy Rule regulates use & disclosure of protected health information held by covered entities – Security Rule lays out security safeguards required for compliance • Administrative safeguards • Physical safeguards • Technical safeguards – (New in HITECH Act of 2009) • Breach notification
  8. 8. Health Information Privacy Laws: Privacy RuleSome permitted uses and disclosures• Treatment, payment, health care operations – Quality improvement – Competency assurance – Medical reviews & audits – Insurance functions – Business planning & administration – General administrative activities
  9. 9. Health Information Privacy Laws: U.S. Challenges• Conflicts between federal vs. state laws• Variations among state laws of different states• HIPAA only covers “covered entities”• No general privacy laws in place, only a few sectoral privacy laws e.g. HIPAA
  10. 10. Health Information Privacy Laws: Other Western Countries• Canada - The Privacy Act (1983), Personal Information Protection and Electronic Data Act of 2000• EU Countries - EU Data Protection Directive• UK - Data Protection Act 1998• Austria - Data Protection Act 2000• Australia - Privacy Act of 1988• Germany - Federal Data Protection Act of 2001
  11. 11. Cloud Computing PolicyEnvironment (Report by Business Software Alliance)
  13. 13. Declaration of Patient’s Rights (1998)1. Every patient has the basic rights to receive health service as have been legally enacted in the Thai Constitution BE 2540.2. The patient is entitled to receive full medical services regardless of their status, race, nationality, religion, social standing,political affiliation sex, age, and the nature of their illness from their medical practitioner.3. Patients who seek medical services have the rights to receive their complete current information in order to thoroughlyunderstand about their illness from their medical practitioner. Furthermore, the patient can either voluntarily consent or refusetreatment from the medical practitioner treating him/her except in case of emergency or life threatening situation.4. Patients at risk, in critical condition or near death, is entitled to receive urgent and immediate relief from their medicalpractitioner as necessary, regardless of whether the patient requests assistance or not.5. The patient has the rights to know the name-surname and the specialty of the practitioner under whose care he/she is in.6. It is the right of the patient to request a second opinion from other medical practitioner in other specialties, who is notinvolved in the immediate care of him/her as well as the right to change the place of medical service or treatment, asrequested by the patient without prejudice.7. The patient has the rights to expect that their personalinformation are kept confidential by the medicalpractitioner, the only exception being in cases with theconsent of the patient or due to legal obligation.8. The patient is entitled to demand complete current information regarding his role in the research and the risks involved, inorder to make decision to participate in/or withdraw from the medical research being carried out by their health care provider.9. The patient has the rights to know or demand full and current information about their medical treatment as appeared in themedical record as requested. With respect to this, the information obtained must not infringe upon other individuals rights.10. The father/mother or legal representative may use their rights in place of a child under the age of eighteen or who isphysically or mentally handicapped wherein they could not exercise their own rights.Issued on April 16, 1998 (BE 2541)
  14. 14. Thailand’s Official Information Act (1997)• Ascertains rights of the public to request and obtain access to official information in a government’s control (including public providers)• Except – When disclosure would jeopardize law enforcement or may harm others, etc. – Disclosure of personal information without consent (except otherwise permitted by law)
  15. 15. National Health Act, B.E. 2550 (2007)Section 7. Personal health information shall bekept confidential. No person shall disclose it insuch a manner as to cause damage to him or her,unless it is done according to his or her will, or isrequired by a specific law to do so. Provided that,in any case whatsoever, no person shall have thepower or right under the law on official informationor other laws to request for a document related topersonal health information of any person otherthan himself or herself.
  16. 16. Health Information Privacy Laws: Thailand’s Challenges• Official Information Act only covers governmental organizations• “Disclose as a rule, protect as an exception” not appropriate mindset for health information• National Health Act: One blanket provision with minimal exceptions: raising concerns about enforceability (in exceptional circumstances, e.g. disasters)
  17. 17. Health Information Privacy Laws: Thailand’s Challenges• No general data privacy law in place• Unclear implications from ICT laws (e.g. Electronic Transactions Act)• Governance: No governmental authority responsible for oversight, enforcement & regulation of health information privacy protections• Policy: No systematic national policy to promote privacy protections
  18. 18. Privacy: The Cultural Aspect From Flickr by Bikoy (Victor Villanueva)
  19. 19. Privacy: The Cultural Aspect From Flickr by Saikofish
  20. 20. Health Information Privacy Laws: Recommendations• Each country has its unique context, including legal systems, national priorities, public mindset, and infrastructure• A comprehensive & systematic approach to data privacy and health information privacy is still lacking in some countries such as Thailand• Key issues include enforceable regulations, governance, and national policy