20
Health Information Privacy: Asia’s Viewpoint Nawanan Theera-Ampornpunt, MD, PhD Faculty of Medicine Ramathibodi Hospital Mahidol University

Health Information Privacy: Asia's Viewpoint

Embed Size (px)

DESCRIPTION

Theera-Ampornpunt N. Health information privacy: Asia's viewpoint. Presented at: Globalizing Asia: Health Law, Governance, and Policy - Issues, Approaches, and Gaps!; 2012 Apr 16-18; Bangkok, Thailand.

Citation preview

Page 1: Health Information Privacy: Asia's Viewpoint

Health Information Privacy: Asia’s Viewpoint

Nawanan Theera-Ampornpunt, MD, PhDFaculty of Medicine Ramathibodi Hospital

Mahidol University

Page 2: Health Information Privacy: Asia's Viewpoint

Privacy: Why?

http://www.aclu.org/ordering-pizza

Page 3: Health Information Privacy: Asia's Viewpoint

Privacy: Ethical Principles

• Autonomy

• Non-maleficencePrimum non nocere (First, do no harm)

Page 4: Health Information Privacy: Asia's Viewpoint

Hippocratic Oath...

What I may see or hear in the course of treatment or even outside of the treatment in regard to the life of men, which on no account one must spread abroad, I will keep myself holding such things shameful to be spoken about....

http://en.wikipedia.org/wiki/Hippocratic_Oath

Page 5: Health Information Privacy: Asia's Viewpoint

UNITED STATES

Page 6: Health Information Privacy: Asia's Viewpoint

Levels of U.S. Privacy Laws

Federal Level

State Level

Page 7: Health Information Privacy: Asia's Viewpoint

Health Information Privacy Laws: U.S. Federal Government

• Health Insurance Portability and Accountability Act of 1996 (HIPAA)– Privacy Rule regulates use & disclosure of protected health

information held by covered entities– Security Rule lays out security safeguards required for

compliance• Administrative safeguards• Physical safeguards• Technical safeguards

– (New in HITECH Act of 2009)• Breach notification

Page 8: Health Information Privacy: Asia's Viewpoint

Health Information Privacy Laws: Privacy Rule

Some permitted uses and disclosures• Treatment, payment, health care operations

– Quality improvement– Competency assurance– Medical reviews & audits– Insurance functions– Business planning & administration– General administrative activities

Page 9: Health Information Privacy: Asia's Viewpoint

Health Information Privacy Laws: U.S. Challenges

• Conflicts between federal vs. state laws• Variations among state laws of different states• HIPAA only covers “covered entities”• No general privacy laws in place, only a few

sectoral privacy laws e.g. HIPAA

Page 10: Health Information Privacy: Asia's Viewpoint

Health Information Privacy Laws: Other Western Countries

• Canada - The Privacy Act (1983), Personal Information Protection and Electronic Data Act of 2000

• EU Countries - EU Data Protection Directive• UK - Data Protection Act 1998• Austria - Data Protection Act 2000• Australia - Privacy Act of 1988• Germany - Federal Data Protection Act of 2001

Page 11: Health Information Privacy: Asia's Viewpoint

Cloud Computing Policy Environment (Report by Business Software Alliance)

http://portal.bsa.org/cloudscorecard2012/countries.html

Page 12: Health Information Privacy: Asia's Viewpoint

THAILAND:HEALTH INFORMATION PRIVACY

Page 13: Health Information Privacy: Asia's Viewpoint

1. Every patient has the basic rights to receive health service as have been legally enacted in the Thai Constitution BE 2540. 2. The patient is entitled to receive full medical services regardless of their status, race, nationality, religion, social standing, political affiliation sex, age, and the nature of their illness from their medical practitioner. 3. Patients who seek medical services have the rights to receive their complete current information in order to thoroughly understand about their illness from their medical practitioner. Furthermore, the patient can either voluntarily consent or refuse treatment from the medical practitioner treating him/her except in case of emergency or life threatening situation. 4. Patients at risk, in critical condition or near death, is entitled to receive urgent and immediate relief from their medical practitioner as necessary, regardless of whether the patient requests assistance or not. 5. The patient has the rights to know the name-surname and the specialty of the practitioner under whose care he/she is in. 6. It is the right of the patient to request a second opinion from other medical practitioner in other specialties, who is not involved in the immediate care of him/her as well as the right to change the place of medical service or treatment, as requested by the patient without prejudice.

7. The patient has the rights to expect that their personal information are kept confidential by the medical practitioner, the only exception being in cases with the consent of the patient or due to legal obligation. 8. The patient is entitled to demand complete current information regarding his role in the research and the risks involved, in order to make decision to participate in/or withdraw from the medical research being carried out by their health care provider. 9. The patient has the rights to know or demand full and current information about their medical treatment as appeared in themedical record as requested. With respect to this, the information obtained must not infringe upon other individual's rights.10. The father/mother or legal representative may use their rights in place of a child under the age of eighteen or who is physically or mentally handicapped wherein they could not exercise their own rights. Issued on April 16, 1998 (BE 2541)

Declaration of Patient’s Rights (1998)

Page 14: Health Information Privacy: Asia's Viewpoint

Thailand’s Official Information Act (1997)

• Ascertains rights of the public to request and obtain access to official information in a government’s control (including public providers)

• Except– When disclosure would jeopardize law enforcement

or may harm others, etc.– Disclosure of personal information without consent

(except otherwise permitted by law)

Page 15: Health Information Privacy: Asia's Viewpoint

Section 7. Personal health information shall be kept confidential. No person shall disclose it in such a manner as to cause damage to him or her, unless it is done according to his or her will, or is required by a specific law to do so. Provided that, in any case whatsoever, no person shall have the power or right under the law on official information or other laws to request for a document related to personal health information of any person other than himself or herself.

National Health Act, B.E. 2550 (2007)

Page 16: Health Information Privacy: Asia's Viewpoint

Health Information Privacy Laws: Thailand’s Challenges

• Official Information Act only covers governmental organizations

• “Disclose as a rule, protect as an exception”not appropriate mindset for health information

• National Health Act: One blanket provision with minimal exceptions: raising concerns about enforceability (in exceptional circumstances, e.g. disasters)

Page 17: Health Information Privacy: Asia's Viewpoint

Health Information Privacy Laws: Thailand’s Challenges

• No general data privacy law in place• Unclear implications from ICT laws (e.g.

Electronic Transactions Act)• Governance: No governmental authority

responsible for oversight, enforcement & regulation of health information privacy protections

• Policy: No systematic national policy to promote privacy protections

Page 18: Health Information Privacy: Asia's Viewpoint

Privacy: The Cultural Aspect

From Flickr by Bikoy (Victor Villanueva)

Page 19: Health Information Privacy: Asia's Viewpoint

Privacy: The Cultural Aspect

From Flickr by Saikofish

Page 20: Health Information Privacy: Asia's Viewpoint

Health Information Privacy Laws: Recommendations

• Each country has its unique context, including legal systems, national priorities, public mindset, and infrastructure

• A comprehensive & systematic approach to data privacy and health information privacy is still lacking in some countries such as Thailand

• Key issues include enforceable regulations, governance, and national policy