PROTECTION OF CONFIDENTIAL MEDICAL INFORMATION IN UKRAINE: PROBLEMS OF LEGAL REGULATION.

The aim of the article is to analyze the legal aspects and mechanisms of confidential medical information protection about an individual in the health care sphere in Ukraine. During the scientific research, various methods of cognition of legal phenomena were used. Among the general scientific approaches, the dialectical method was primarily used, which allowed to identify trends in the development of patient information rights and formulate proposals for improving legislation in the field of medical data protection. The formal-legal method was used to provide a comprehensive characterization of the EU (European Union) and Ukrainian legislation in the sphere of confidential medical information protection. Additionally, general scientific logical methods (analysis and synthesis, comparison and analogy, abstraction, and modeling) were used in order to study the problems of information relations in the medical field and establish legal liability for violation of the confidentiality of such information. The definitions of medical data, medical information, confidential medical data, and medical confidentiality have been researched and compared. The article identified the legitimate grounds for disclosing confidential medical information about an individual in the healthcare sector. Authors revealed the gaps in Ukrainian legislation regarding the confidential medical data protection by healthcare professionals and electronic medical systems regulators. The necessity of expanding the list of subjects responsible for preserving confidential medical information has been substantiated. The study explored the case law of the European Court of Human Rights in the field of the medical data confidentiality violation. It has been outlined the potential judicial remedies and liability for violating the right to personal medical information confidentiality of an individual in the healthcare sector. The legal grounds and cases of possible lawful disclosure of confidential medical information have been analyzed. Attention has been drawn to the insufficient regulation of access to medical confidentiality during martial law. It has been emphasized that the mechanism for protecting the violated right to confidentiality of medical information involves appealing to the Ukrainian Parliament Commissioner for Human Rights or to the court. The increasing role of international legal acts in ensuring the protection of medical data in the European Union and Ukraine has been highlighted.

Medical Information Protection in Internet Hospital Apps in China: Scale Development and Content Analysis.

BACKGROUND: Hospital apps are increasingly being adopted in many countries, especially since the start of the COVID-19 pandemic. Web-based hospitals can provide valuable medical services and enhanced accessibility. However, increasing concerns about personal information (PI) and strict legal compliance requirements necessitate privacy assessments for these platforms. Guided by the theory of contextual integrity, this study investigates the regulatory compliance of privacy policies for internet hospital apps in the mainland of China. OBJECTIVE: In this paper, we aim to evaluate the regulatory compliance of privacy policies of internet hospital apps in the mainland of China and offer recommendations for improvement. METHODS: We obtained 59 internet hospital apps on November 7, 2023, and reviewed 52 privacy policies available between November 8 and 23, 2023. We developed a 3-level indicator scale based on the information processing activities, as stipulated in relevant regulations. The scale comprised 7 level-1 indicators, 26 level-2 indicators, and 70 level-3 indicators. RESULTS: The mean compliance score of the 52 assessed apps was 73/100 (SD 22.4%), revealing a varied spectrum of compliance. Sensitive PI protection compliance (mean 73.9%, SD 24.2%) lagged behind general PI protection (mean 90.4%, SD 14.7%), with only 12 apps requiring separate consent for processing sensitive PI (mean 73.9%, SD 24.2%). Although most apps (n=41, 79%) committed to supervising subcontractors, only a quarter (n=13, 25%) required users' explicit consent for subcontracting activities. Concerning PI storage security (mean 71.2%, SD 29.3%) and incident management (mean 71.8%, SD 36.6%), half of the assessed apps (n=27, 52%) committed to bear corresponding legal responsibility, whereas fewer than half (n=24, 46%) specified the security level obtained. Most privacy policies stated the PI retention period (n=40, 77%) and instances of PI deletion or anonymization (n=41, 79%), but fewer (n=20, 38.5%) committed to prompt third-party PI deletion. Most apps delineated various individual rights, but only a fraction addressed the rights to obtain copies (n=22, 42%) or to refuse advertisement based on automated decision-making (n=13, 25%). Significant deficiencies remained in regular compliance audits (mean 11.5%, SD 37.8%), impact assessments (mean 13.5%, SD 15.2%), and PI officer disclosure (mean 48.1%, SD 49.3%). CONCLUSIONS: Our analysis revealed both strengths and significant shortcomings in the compliance of internet hospital apps' privacy policies with relevant regulations. As China continues to implement internet hospital apps, it should ensure the informed consent of users for PI processing activities, enhance compliance levels of relevant privacy policies, and fortify PI protection enforcement across the information processing stages.

Legal aspects of privacy-enhancing technologies in genome-wide association studies and their impact on performance and feasibility.

Genomic data holds huge potential for medical progress but requires strict safety measures due to its sensitive nature to comply with data protection laws. This conflict is especially pronounced in genome-wide association studies (GWAS) which rely on vast amounts of genomic data to improve medical diagnoses. To ensure both their benefits and sufficient data security, we propose a federated approach in combination with privacy-enhancing technologies utilising the findings from a systematic review on federated learning and legal regulations in general and applying these to GWAS.

A review on legal issues of medical robots.

This paper examines the legal challenges associated with medical robots, including their legal status, liability in cases of malpractice, and concerns over patient data privacy and security. And this paper scrutinizes China's nuanced response to these dilemmas. An analysis of Chinese judicial practices and legislative actions reveals that current denial of legal personality to AI at this stage is commendable. To effectively control the financial risks associated with medical robots, there is an urgent need for clear guidelines on responsibility allocation for medical accidents involving medical robots, the implementation of strict data protection laws, and the strengthening of industry standards and regulations.

COMMENTARY: Protecting healthcare privacy: Analysis of data protection developments in India.

Patient privacy is essential and so is ensuring confidentiality in the doctor-patient relationship. However, today's reality is that patient information is increasingly accessible to third parties outside this relationship. This article discusses India's data protection framework and assesses data protection developments in India including the Digital Personal Data Protection Act, 2023.

Ethical and social reflections on the proposed European Health Data Space.

The COVID-19 pandemic demonstrated the benefits of international data sharing. Data sharing enabled the health care policy makers to make decisions based on real-time data, it enabled the tracking of the virus, and importantly it enabled the development of vaccines that were crucial to mitigating the impact of the virus. This data sharing is not the norm as data sharing needs to navigate complex ethical and legal rules, and in particular, the fragmented application of the General Data Protection Regulation (GDPR). The introduction of the draft regulation for a European Health Data Space (EHDS) in May 2022 seeks to address some of these legal issues. If passed, it will create an obligation to share electronic health data for certain secondary purposes. While there is a clear need to address the legal complexities involved with data sharing, it is critical that any proposed reforms are in line with ethical principles and the expectations of the data subjects. In this paper we offer a critique of the EHDS and offer some recommendations for this evolving regulatory space.

Reconciling the biomedical data commons and the GDPR: three lessons from the EUCAN ELSI collaboratory.

The coming-into-force of the EU General Data Protection Regulation (GDPR) is a watershed moment in the legal recognition of enforceable rights to informational self-determination. The rapid evolution of legal requirements applicable to data use, however, has the potential to outstrip the capabilities of networks of biomedical data users to respond to the shifting norms. It can also delegitimate established institutional bodies that are responsible for assessing and authorising the downstream use of data, including research ethics committees and institutional data custodians. These burdens are especially pronounced for clinical and research networks that are of transnational scale, because the legal compliance burden for outbound international data transfers from the EEA is especially high. Legislatures, courts, and regulators in the EU should therefore implement the following three legal changes. First, the responsibilities of particular actors in a data sharing network should be delimited through the contractual allocation of responsibilities between collaborators. Second, the use of data through secure data processing environments should not trigger the international transfer provisions of the GDPR. Third, the use of federated data analysis methodologies that do not provide analysis nodes or downstream users access to identifiable personal data as part of the outputs of those analyses should not be considered circumstances of joint controllership, nor lead to the users of non-identifiable data to be considered controllers or processors. These small clarifications of, or modifications to, the GDPR would facilitate the exchange of biomedical data amongst clinicians and researchers.

How privacy's past may shape its future.

An account of privacy's evolutionary roots may hold lessons for policies in the digital age.

Flimma: a federated and privacy-aware tool for differential gene expression analysis.

Aggregating transcriptomics data across hospitals can increase sensitivity and robustness of differential expression analyses, yielding deeper clinical insights. As data exchange is often restricted by privacy legislation, meta-analyses are frequently employed to pool local results. However, the accuracy might drop if class labels are inhomogeneously distributed among cohorts. Flimma ( https://exbio.wzw.tum.de/flimma/ ) addresses this issue by implementing the state-of-the-art workflow limma voom in a federated manner, i.e., patient data never leaves its source site. Flimma results are identical to those generated by limma voom on aggregated datasets even in imbalanced scenarios where meta-analysis approaches fail.

Model for successful development and implementation of Cyber Security Operations Centre (SOC).

Cyberattacks have changed dramatically and have become highly advanced. This latest phenomenon has a massive negative impact on organizations, such as financial losses and shutting-down of operations. Therefore, developing and implementing the Cyber Security Operations Centre (SOC) is imperative and timely. Based on previous research, there are no international guidelines and standards used by organizations that can contribute to the successful implementation and development of SOC. In this regard, this study focuses on highlighting the significant factors that will impact and contribute to the success of SOC. Simultaneously, it will further design a model for the successful development and implementation of SOC for the organization. The study was conducted quantitatively and involved 63 respondents from 25 ministries and agencies in Malaysia. The results of this study will enable the retrieval of ten success factors for SOC, and it specifically focuses on humans, processes, and technology. The descriptive analysis shows that the top management support factor is the most influential factor in the success of the development and implementation of SOC. The study also contributes to the empirical finding that technology and process factors are more significant in the success of SOCs. Based on the regression test, the technology factor has major impact on determining the success of SOC, followed by the process and human factors. Relevant organizations or agencies can use the proposed model to develop and implement SOCs, formulate policies and guidelines, strengthen human models, and enhance cyber security.

A Literature Review on the GDPR, COVID-19 and the Ethical Considerations of Data Protection During a Time of Crisis.

OBJECTIVE: This survey article presents a literature review of relevant publications aiming to explore whether the EU's General Data Protection Regulation (GDPR) has held true during a time of crisis and the implications that arose during the COVID-19 outbreak. METHOD AND RESULTS: Based on the approach taken and the screening of the relevant articles, the results focus on three themes: a critique on GDPR; the ethics surrounding the use of digital health technologies, namely in the form of mobile applications; and the possibility of cross border transfers of said data outside of Europe. Within this context, the article reviews the arising themes, considers the use of data through mobile health applications, and discusses whether data protection may require a revision when balancing societal and personal interests. CONCLUSIONS: In summary, although it is clear that the GDPR has been applied through a mixed and complex experience with data handling during the pandemic, the COVID-19 pandemic has indeed shown that it was a test the GDPR was designed and prepared to undertake. The article suggests that further review and research is needed to first ensure that an understanding of the state of the art in data protection during the pandemic is maintained and second to subsequently explore and carefully create a specific framework for the ethical considerations involved. The paper echoes the literature reviewed and calls for the creation of a unified and harmonised network or database to enable the secure data sharing across borders.

Data Sharing Under the General Data Protection Regulation: Time to Harmonize Law and Research Ethics?

The General Data Protection Regulation (GDPR) became binding law in the European Union Member States in 2018, as a step toward harmonizing personal data protection legislation in the European Union. The Regulation governs almost all types of personal data processing, hence, also, those pertaining to biomedical research. The purpose of this article is to highlight the main practical issues related to data and biological sample sharing that biomedical researchers face regularly, and to specify how these are addressed in the context of GDPR, after consulting with ethics/legal experts. We identify areas in which clarifications of the GDPR are needed, particularly those related to consent requirements by study participants. Amendments should target the following: (1) restricting exceptions based on national laws and increasing harmonization, (2) confirming the concept of broad consent, and (3) defining a roadmap for secondary use of data. These changes will be achieved by acknowledged learned societies in the field taking the lead in preparing a document giving guidance for the optimal interpretation of the GDPR, which will be finalized following a period of commenting by a broad multistakeholder audience. In parallel, promoting engagement and education of the public in the relevant issues (such as different consent types or residual risk for re-identification), on both local/national and international levels, is considered critical for advancement. We hope that this article will open this broad discussion involving all major stakeholders, toward optimizing the GDPR and allowing a harmonized transnational research approach.

[Current Status and the Future of Protection and Utilization of Personal Information at Medical Facilities Based on the Understanding of Related Regulations].

In September 2015, "the Act on the Protection of Personal Information" was amended. Accordingly, "the Ethical Guidelines for Medical Research Involving Human Subjects" were also amended. "The Act on Anonymized Medical Data That Are Meant to Contribute to Research and Development in the Medical Field," which came into effect in May 2018, aims to collect and utilize medical information of each patient from medical institutions for the purpose of research and development in the medical field. Thus, the rules of personal information that need to be followed are changing considerably in the balance between importance of protection and utilization for medical development. Therefore, health care professionals and researchers are required to fully understand the current situation and the future.

What GDPR and the Health Research Regulations (HRRs) mean for Ireland: a research perspective.

BACKGROUND: Irish Health Research Regulations (HRRs) were introduced following the European Union (EU) General Data Protection Regulation (GDPR) in 2018. The HRRs described specific supplementary regulatory requirements for research regarding governance, processes and procedure that impact on several facets of research. The numerous problems that the HRRs and particularly "explicit consent" inadvertently created were presented under the auspices of the Irish Academy of Medical Sciences (IAMS) on November 25, 2019, at the Royal College of Surgeons in Ireland. AIMS: The objective of this review was to obtain feedback and to examine the impact of GDPR and the HRRs on health research in Ireland in order to determine whether the preliminary feedback, presented at the IAMS meetings, was reflected at a national level. METHODS: Individuals from the research community were invited to provide feedback on the impact, if any, of the HRRs on health research. Retrospective patient recruitment and consent outside a hospital setting for a multi-institutional Breast Predict study (funded by the Irish Cancer Society) were also analysed. RESULTS: Feedback replicated the issues presented at the IAMS with additional concerns identified. Only 20% of the original target population (n = 1987) could be included in the Breast Predict study. CONCLUSIONS: Our results confirm that the HRRs have had a significantly negative impact on health research in Ireland. Urgent meaningful engagement between patient advocate groups, the research community and legislators would help ameliorate these impacts.