Healthcare Information
                    Privacy & Confidentiality
                                  How To Work Very We...
(Draft) Personal Data
Protection Act
Development
     l
Aug 1, 2006           Cabinet approved in principle
Oct 6, 2009   ...
Key Concept
• Personal data means
  – Data specific to an individual, such as education, financial 
    status, health rec...
Exclusions
• This legislation does not apply to
         g                   pp y
   – Governmental organizations under th...
Key Mandates
• Informed consent for data collection/use/disclosure
                                      / /
   – With exc...
Key Mandates
• Informed consent: What’s in it?
   – Name, address, and status of data collector
   – Purpose of the collec...
Key Mandates
• Sensitive data
   – Information about sexual behaviors, criminal records or 
     any wrongdoings, health r...
Key Mandates
• Responsibilities for data integrity, currency & update
      p                         g y,          y    p...
Key Mandates
• Transfer of data to foreign countries
                           g
   – Without consent or legal provision
...
Key Mandates
• Commercial data stewards
   – Higher standard of practice
      •   Channel for abuse reports/data updates
...
Hippocratic Oath
I swear by Apollo the Physician and Asclepius and Hygieia and Panaceia and all the gods, and goddesses, m...
Declaration of Patient’s Rights
  (1998)
1. Every patient has the basic rights to receive health service as have been lega...
National Health Act,
B.E. 2550 (2007)
Section 7. Personal health information shall be
kept confidential. No person shall d...
Impacts
Positive Impacts
            p               Negative Impacts
                              g         p
• Increase...
Is it the right thing to do?
“First Do No Harm”
 First,      Harm




                 Image: http://news.stanford.edu/new...
Where s
Where’s The Balance?
         Benefits
         B   fit    Risks
                    Ri k
How To Navigate?
•Embrace information privacy as today’s value
 Embrace information privacy as today s value




         ...
Assess gaps between 
 current practice and 
 best practices
 best practices




  Image: http://commons.wikimedia.org/wiki...
Prioritize!
                                     Prioritize!
                                     Prioritize!

           ...
Lawyers
L             Clinicians
              Cli i i


 Business
 Survival
              Patient Survival
              ...
Technologists
T h l i t       Management
                M        t


                               Balance focus on 
   ...
Don’t forget data on 
               papers!!!




Image: http://case-connect.com/blog/wp-content/uploads/2009/09/medical2...
Technology is
a moving target
                                                         Keep eyes on new 
                 ...
A real Facebook post
                p
(Translated from Thai)
[A junior doctor posting on an attending s
[A junior doctor ...
Challenges
•Move from the status quo
 Move from the status quo
•Change the mindset/culture in organization
•Find the weake...
The time to begin 
               is now!!
               i     !!




Image: http://blog.longnow.org/2007/07/19/the-watch...
Upcoming SlideShare
Loading in …5
×

Healthcare Information Privacy & Confidentiality: How To Work Very Well With The New Act

1,101 views

Published on

A presentation about health information privacy and personal data protection laws in Thailand

Published in: Health & Medicine
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,101
On SlideShare
0
From Embeds
0
Number of Embeds
9
Actions
Shares
0
Downloads
43
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Healthcare Information Privacy & Confidentiality: How To Work Very Well With The New Act

  1. 1. Healthcare Information Privacy & Confidentiality How To Work Very Well With The New Act Nawanan Theera-Ampornpunt, MD, MS (Health Informatics) ( ) Faculty of Medicine Ramathibodi Hospital Mahidol University Strategic Healthcare Management & Informatics 2010 - July 23, 2010 Except copyrighted images Slides available at http://www.slideshare.net/nawanan reproduced under Fair Use
  2. 2. (Draft) Personal Data Protection Act Development l Aug 1, 2006 Cabinet approved in principle Oct 6, 2009 Cabinet approved draft act Nov 17, 2009 Nov 17, 2009 Sent to House of Representatives Sent to House of Representatives Disclaimer: The following materials are based on draft legislation  Di l i Th f ll i t i l b d d ft l i l ti that is subject to change. There is no claim on the accuracy or  completeness. It is not a professional legal opinion.  completeness. It is not a professional legal opinion. All materials are unofficial translations
  3. 3. Key Concept • Personal data means – Data specific to an individual, such as education, financial  status, health records, criminal records, employment  records, or activity records – That contain the individual’s name or a number, code, or  some other identifier that could identify the individual,  such as fingerprints, voice patterns, or photos – Al i l d Also includes personal data of the deceased ld f h d d
  4. 4. Exclusions • This legislation does not apply to g pp y – Governmental organizations under the Official Information  Act, except state enterprises – Individuals or legal entities that collect personal data for  their own use alone without letting others use them or  disclose them to others – Journalism, artistic, or literary work
  5. 5. Key Mandates • Informed consent for data collection/use/disclosure / / – With exceptions (Section 19) • (1) as required by law • (2) for the benefit of the personal data owner and the consent  can’t be carried out in time • (3) For purposes related to the personal data owner’s life health (3) For purposes related to the personal data owner’s life, health,  or safety • (4) For the purpose of an officer’s investigation or court’s  proceedings • (5) For research or statistical purposes, where such data are kept  confidential, with prior notification to the Office as specified confidential with prior notification to the Office as specified • (6) etc.
  6. 6. Key Mandates • Informed consent: What’s in it? – Name, address, and status of data collector – Purpose of the collection/use/disclosure of personal data, without deception – Nature of data to be collected (sensitive or not) N t fd t t b ll t d ( iti t) – Timeframe for data retention – Personal data owner’s rights – (for commercial entities) Operational procedures on collection/use/disclosure  of personal data – Others, as the Committee specifies Others, as the Committee specifies
  7. 7. Key Mandates • Sensitive data – Information about sexual behaviors, criminal records or  any wrongdoings, health records, race/ethnicity, political  opinions, religious beliefs – Potentially negative, damaging, or discriminatory  information – etc. • Can be collected with written consent or if – Permitted in Section 19 – For medical purposes or treatment where such  information is kept confidential – Etc.
  8. 8. Key Mandates • Responsibilities for data integrity, currency & update p g y, y p • Prohibits secondary use of personal data without  consent or legal provision consent or legal provision • Code of ethics for data stewards • A di l Audit logs: who got what data from whom & when h h d f h & h • Data retention permitted until as specified in  consent or as necessary to carry out the objective, or  if consent withdrawn
  9. 9. Key Mandates • Transfer of data to foreign countries g – Without consent or legal provision – To countries with lower standards of personal data  p protection unless otherwise permitted • Security requirements Security requirements – Physical security – Backup and business continuity plans k db l – Testing and risk assessments
  10. 10. Key Mandates • Commercial data stewards – Higher standard of practice • Channel for abuse reports/data updates • Security management • Training • Responsible for employee or business associate’s actions • Owner’s rights • Facilitating measures – Training/counseling – Accreditation • Liabilities & penalties Liabilities & penalties
  11. 11. Hippocratic Oath I swear by Apollo the Physician and Asclepius and Hygieia and Panaceia and all the gods, and goddesses, making them my witnesses, that I will fulfill according to my ability  and judgment this oath and this covenant: To hold him who has taught me this art as equal to my parents and to live my life in partnership with him, and if he is in need of  money to give him a share of mine, and to regard his offspring as equal to my brothers in male lineage and to teach them this art if they desire to learn it without fee and  money to give him a share of mine, and to regard his offspring as equal to my brothers in male lineage and to teach them this art–if they desire to learn it–without fee and covenant; to give a share of precepts and oral instruction and all the other learning to my sons and to the sons of him who has instructed me and to pupils who have signed  the covenant and have taken the oath according to medical law, but to no one else. I will apply dietic measures for the benefit of the sick according to my ability and judgment; I will keep them from harm and injustice. I will neither give a deadly drug to anybody if asked for it, nor will I make a suggestion to this effect. Similarly I will not give to a woman an abortive remedy. In purity and  holiness I will guard my life and my art. I will not use the knife, not even on sufferers from stone, but will withdraw in favor of such men as are engaged in this work. Whatever houses I may visit, I will come for the benefit of the sick, remaining free of all intentional injustice, of all mischief and in particular of sexual relations with both  female and male persons, be they free or slaves. What I may see or hear in the course of treatment or  even outside of the treatment in regard to the life of  g men, which on no account one must spread abroad,  I will keep myself holding such things shameful to be  p y g g spoken about. If I fulfill this oath and do not violate it, may it be granted to me to enjoy life and art, being honored with fame  among all men for all time to come; if I transgress it and swear falsely, may the opposite of all this be my lot. g ; g y, y pp y http://en.wikipedia.org/wiki/Hippocratic_Oath
  12. 12. Declaration of Patient’s Rights (1998) 1. Every patient has the basic rights to receive health service as have been legally enacted in the Thai Constitution BE 2540. 2. The patient is entitled to receive full medical services regardless of their status, race, nationality, religion, social standing, p g , , y, g , g, political affiliation sex, age, and the nature of their illness from their medical practitioner. 3. Patients who seek medical services have the rights to receive their complete current information in order to thoroughly understand about their illness from their medical practitioner. Furthermore, the patient can either voluntarily consent or refuse treatment from the medical practitioner treating him/her except in case of emergency or life threatening situation. 4. Patients at risk, in critical condition or near death, is entitled to receive urgent and immediate relief from their medical practitioner as necessary, regardless of whether the patient requests assistance or not. 5. The patient has the rights to know the name-surname and the specialty of the practitioner under whose care he/she is in. 6. It is the right of the patient to request a second opinion from other medical practitioner in other specialties, who is not involved in the immediate care of him/her as well as the right to change the place of medical service or treatment, as treatment requested by the patient without prejudice. 7. The patient has the rights to expect that their personal information are kept confidential by the medical i f ti k t fid ti l b th di l practitioner, the only exception being in cases with the consent of the patient or due to legal obligation. obligation 8. The patient is entitled to demand complete current information regarding his role in the research and the risks involved, in order to make decision to participate in/or withdraw from the medical research being carried out by their health care provider. 9. The patient has the rights to know or demand full and current information about their medical treatment as appeared in the medical record as requested With respect to this the information obtained must not infringe upon other individual's rights requested. this, individual s rights. 10. The father/mother or legal representative may use their rights in place of a child under the age of eighteen or who is physically or mentally handicapped wherein they could not exercise their own rights. Issued on April 16, 1998 (BE 2541)
  13. 13. National Health Act, B.E. 2550 (2007) Section 7. Personal health information shall be kept confidential. No person shall disclose it in such a manner as to cause damage to him or her, g , unless it is done according to his or her will, or is required by a specific law to do so. Provided that, q y p , in any case whatsoever, no person shall have the p power or right under the law on official information g or other laws to request for a document related to p personal health information of any p y person other than himself or herself.
  14. 14. Impacts Positive Impacts p Negative Impacts g p • Increased awareness • Costs for compliance • Better protection of p – Technologies patient’s privacy – Expertise – Change in procedures • Encouraging trust in g g – Business di B i disruptions ti legitimate transactions • Public image • Legal oversensitivity? • P hibiti effect on Prohibitive ff t information exchange/collaboration • Inhibiting research & education?
  15. 15. Is it the right thing to do? “First Do No Harm” First, Harm Image: http://news.stanford.edu/news/2006/february22/med-aaas-022206.html
  16. 16. Where s Where’s The Balance? Benefits B fit Risks Ri k
  17. 17. How To Navigate? •Embrace information privacy as today’s value Embrace information privacy as today s value Image: http://www.nurseweek.com/news/images/privacy.jpg
  18. 18. Assess gaps between  current practice and  best practices best practices Image: http://commons.wikimedia.org/wiki/File:Chasm_(PSF).jpg
  19. 19. Prioritize! Prioritize! Prioritize! Use privacy law as  guidance and  guidance and prioritization tools Image: http://4.bp.blogspot.com/_rgeZ_2I0PmE/S2ZiSTiCwvI/AAAAAAAAAk4/yMy1QoeZIqo/s1600-h/priority.jpg
  20. 20. Lawyers L Clinicians Cli i i Business Survival Patient Survival (& Health) Balance the views of  Balance the views of Liabilities Quality lawyers vs. clinicians Business Clinical Reputation Excellence
  21. 21. Technologists T h l i t Management M t Balance focus on  Solve problems Solve problems with proper technology vs.  with management technologies and procedures d management
  22. 22. Don’t forget data on  papers!!! Image: http://case-connect.com/blog/wp-content/uploads/2009/09/medical20records.jpg
  23. 23. Technology is a moving target Keep eyes on new  technologies The individual logos are trademarks or registered trademarks of their respective owners Images: http://media.govtech.net/pub_images/emgmt/Aug_2006/Moving_Target.jpg http://en.wikipedia.org/wiki/File:Steve_Jobs_Headshot_2010-CROP.jpg http://fmmobiles.ie/shop/images/300_blackberry_bold.jpg
  24. 24. A real Facebook post p (Translated from Thai) [A junior doctor posting on an attending s [A junior doctor posting on an attending’s wall] “Yesterday at the OPD I saw Mr. XYZ whom you  operated on, during a follow‐up visit. He has now  operated on during a follow up visit He has now recovered and wants to give thanks to you. He is a  little busy so he is unable to go to Bangkok, but once  little busy so he is unable to go to Bangkok but once he’s ready, he’ll come for a follow‐up with you.” What if the attending is a renowned erectile dysfunction surgeon? Why would it matter anyway? A patient s privacy is his privacy! Why would it matter anyway? A patient’s privacy is his privacy!
  25. 25. Challenges •Move from the status quo Move from the status quo •Change the mindset/culture in organization •Find the weakest link •Find the weakest link •Resource/time constraints •Turn costly mandate into strategic advantage T l d i i d •But....It’s not the end of the world!!
  26. 26. The time to begin  is now!! i !! Image: http://blog.longnow.org/2007/07/19/the-watch-of-the-long-now/

×