Introduction Taiwan government health data service and some programs in #APrIGF2018.
I think our government wants to connect different database in different government departments, but need to do risk assessment and have mechanisms to people to talk about the regulation.
To business, they need to think about how to protect the personal information about their customers during the transmission and user agreement.
To user who use IoT or wearable devices, need to consider about the data ownership, who uses your data.
Health Database and Regulations in Taiwan (APrIGF2018)
1. Health Database
and Regulations
in Taiwan
Ying-Chu Chen
Taiwan Institute of Economic Research
Twitter: @yinchuchen
Mail: ycchen17@gmail.com
2. National Health Insurance
Research Database
• NHIRD Website:
https://nhird.nhri.org.tw/en/index.html
• National Health Insurance Program:
• 99.9% of Taiwan’s population were enrolled
(National Health Insurance Annual Report
2014-2015.)
• Foreigners in Taiwan are also eligible for this
program.
• Charge:
• 500 NTD / CD
• 200 NTD / 1GB
• Terminated: June 28, 2016
3. My Health Data Bank
• Website: https://myhealthbank.nhi.gov.tw/
• Register with:
• National Health Insurance Card or
• Citizen Digital Certificate
• Service:
• One-year of personal medical data with: Name, dates of visits, diagnoses,
medical orders, medical procedures, operation, allergy histories, medical
expenses, medical examinations, etc..
• Personal schedule
• Personal health or diseases assessment.
• Download their own personal insurance and health data
• Introduction: https://youtu.be/4udxvl3hQMo
4. MyData Project
• Website: https://mydata.nat.gov.tw/
• Register with: Citizen Digital Certificate
• Services for personal data provider:
• Integrate personal data in different government department
• Authorize to the third-party
• Personal health data management (Future: with My Health Data Bank)
• Analysis for personal expenditure.
• Apply social welfare
5. Cybersecurity, Data Protection and Privacy
• Regulations:
• Personal Data Protection Law in Taiwan
• Cybersecurity law in Taiwan will be implemented in January, 2019
• Personal Data Protection Laws in other country
• Cross border data usage limitation:
• APEC: Cross Border Privacy Rules System
• EU: General Data Protection Regulation
• Personal Privacy protection:
• Self awareness
• Capacity building
• Education
6. About Health Technology
• Wearable devices or other technology applications:
• People use wearable devices to management their personal
health data, e.g. Apple watch, Fitbit, smart watches or fitness
trackers.
• Where is the data?
• Who owns data?
• Who can use or review data?
• Does use know who has reviewed his/her personal data?
• Emerging Technology - Blockchain
• Smart Contract in Insurance
• Against RTBF
• Risk: lost your private key, lost everything
7. Data Breaches and Risk Assessments
News:
• Singapore: Singapore: Hackers stole data of PM
Lee and 1.5 million patients (July, 2018)
• A new data leak hits Aadhaar, India's national ID
database(March, 2018)
• Malaysia: Personal data of 220,000 organ donors
leaked online (January, 2018)
• A security breach in India has left a billion people
at risk of identity theft (January, 2018)
• Top 10 Biggest Healthcare Data Breaches of All
Time
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
Editor's Notes
We had National Health Insurance Research Database before, not public. The database was management by an academia institute. And 99.9% of Taiwan’s population were enrolled in that database, foreigners in Taiwan also eligible for the program.
If you want to review the database, you have to fill a apply form, if you want to download the data to use, you need to pay for it by size or format.
The program was finished in 2016 for human rights and privacy protection.
But recent years, our government realizes our health data could benefit or encourage small business to innovate new services or application. They don’t open the health data, but they have another program called My Health databank. They want to help citizens to manage their own health data. It includes personal data, One-year of personal medical data, personal health or diseases assessment.
Besides, they are running a program called MyData. They want to change the citizen’s data cross the different departments, to provide better service. In the first step is to connect with the personal health data their own-selves.
People can manage or access their personal health history by themselves for the website or mobile applications.
We have data protection law and cybersecurity law in Taiwan.
There are data protection law in different country, but sometimes I think that may acceleration the internet fragmentation.
So people have wearable device these years, so some of companies will have customers’ health data. And the consumers will know about the health data assessments.
But people wouldn’t not know where is the database, in the local or in the other country with government surveillance issue or selling the whole dataset to have more money. Sometimes you use some service or products. But you don’t know:
Who own the data set?
How do them to protect the data?
Can customers know who is reading their data?
These data breaches news are collected from some cybersecurity news.
We need to think carefully what is the purpose to have the health or biomedical database or data program?
Whether government or enterprise wants to do this , do they try to have a risk assessment? Or other backup program if met cybersecurity incidents?
And to the SMEs, does government provide any channel or mechanism to help them to have less loss in the data leaks incidents.