[Legal aspects in digital cardiology]. / Rechtliche Aspekte in der digitalen Kardiologie.

Digital assistants have become an indispensable tool in modern cardiology. The associated technological progress offers a significant potential to increase the efficiency of medical processes, enable more precise diagnoses in a shorter time, and thus improve patient care. However, the integration of digital assistants into clinical cardiology also raises new challenges and questions, particularly regarding the handling of legal issues. This review article aims to raise awareness of individual legal issues resulting from the use of digital technologies in cardiology. The focus is on how to deal with various legal challenges that cardiologists face, including issues related to treatment freedom, professional confidentiality and data protection. The integration of digital assistants in cardiology leads to a noticeable improvement in efficiency and quality of patient care, but at the same time, it involves a variety of legal challenges that need to be carefully addressed.

A health-conformant reading of the GDPR's right not to be subject to automated decision-making.

As the use of Artificial Intelligence (AI) technologies in healthcare is expanding, patients in the European Union (EU) are increasingly subjected to automated medical decision-making. This development poses challenges to the protection of patients' rights. A specific patients' right not to be subject to automated medical decision-making is not considered part of the traditional portfolio of patients' rights. The EU AI Act also does not contain such a right. The General Data Protection Regulation (GDPR) does, however, provide for the right 'not to be subject to a decision based solely on automated processing' in Article 22. At the same time, this provision has been severely critiqued in legal scholarship because of its lack of practical effectiveness. However, in December 2023, the Court of Justice of the EU first provided an interpretation of this right in C-634/21 (SCHUFA)-although in the context of credit scoring. Against this background, this article provides a critical analysis of the application of Article 22 GDPR to the medical context. The objective is to evaluate whether Article 22 GDPR may provide patients with the right to refuse automated medical decision-making. It proposes a health-conformant reading to strengthen patients' rights in the EU.

PROTECTION OF CONFIDENTIAL MEDICAL INFORMATION IN UKRAINE: PROBLEMS OF LEGAL REGULATION.

The aim of the article is to analyze the legal aspects and mechanisms of confidential medical information protection about an individual in the health care sphere in Ukraine. During the scientific research, various methods of cognition of legal phenomena were used. Among the general scientific approaches, the dialectical method was primarily used, which allowed to identify trends in the development of patient information rights and formulate proposals for improving legislation in the field of medical data protection. The formal-legal method was used to provide a comprehensive characterization of the EU (European Union) and Ukrainian legislation in the sphere of confidential medical information protection. Additionally, general scientific logical methods (analysis and synthesis, comparison and analogy, abstraction, and modeling) were used in order to study the problems of information relations in the medical field and establish legal liability for violation of the confidentiality of such information. The definitions of medical data, medical information, confidential medical data, and medical confidentiality have been researched and compared. The article identified the legitimate grounds for disclosing confidential medical information about an individual in the healthcare sector. Authors revealed the gaps in Ukrainian legislation regarding the confidential medical data protection by healthcare professionals and electronic medical systems regulators. The necessity of expanding the list of subjects responsible for preserving confidential medical information has been substantiated. The study explored the case law of the European Court of Human Rights in the field of the medical data confidentiality violation. It has been outlined the potential judicial remedies and liability for violating the right to personal medical information confidentiality of an individual in the healthcare sector. The legal grounds and cases of possible lawful disclosure of confidential medical information have been analyzed. Attention has been drawn to the insufficient regulation of access to medical confidentiality during martial law. It has been emphasized that the mechanism for protecting the violated right to confidentiality of medical information involves appealing to the Ukrainian Parliament Commissioner for Human Rights or to the court. The increasing role of international legal acts in ensuring the protection of medical data in the European Union and Ukraine has been highlighted.

Data protection during the coronavirus crisis.

Smartphone apps to track SARS-CoV 2 infections need to fulfill certain minimal requirements to guarantee privacy and justify their use under data protection laws.

General Data Protection Regulation in Health Clinics.

The focus on personal data has merited the EU concerns and attention, resulting in the legislative change regarding privacy and the protection of personal data. The General Data Protection Regulation (GDPR) aims to reform existing measures on the protection of personal data of European Union citizens, with a strong impact on the rights and freedoms of individuals in establishing rules for the processing of personal data. The GDPR considers a special category of personal data, the health data, being these considered as sensitive data and subject to special conditions regarding treatment and access by third parties. This work presents the evolution of the applicability of the Regulation (EU) 2016/679 six months after its application in Portuguese health clinics. The results of the present study are discussed in the light of future literature and work are identified.

Evaluating people's concern about their health information privacy based on power-responsibility equilibrium model: A case of Taiwan.

To address the issue of rising expenditure of healthcare service and to fulfill the skyrocketing demand for quality healthcare, the electronic medical records (EMR) exchange has become a vital and indispensable solution for healthcare facilities in terms of being able to share medical information among healthcare providers. Hence, EMR exchange was expected to improve the quality of healthcare and reduce the cost of repetitive medical check-ups and unnecessary treatments. However, recent reports affirming EMR data leaks and compromises have ignited major worldwide privacy concerns over the security of the EMR systems. How to effectively diminish patients' concern for EMR privacy has thus become an important issue that healthcare institution managers/stakeholders have to address urgently. This study leverages the power-responsibility equilibrium perspective to investigate the antecedents and consequences of concerns for the EMR exchange. A survey using 391 responses collected from medical centers, regional and district hospitals in Taiwan was used to conduct this study. The results show that government regulations have a positive effect on hospital privacy policies. Furthermore, both government regulations and hospital privacy policy are negatively associated with concern for EMR information privacy. Additional reports gathered from this study also showed that concern for EMR information privacy could result in patients' protective responses including refusal to provide personal health information (PHI), removal of PHI, negative word of mouth, complaining directly to the hospital, or complaining indirectly to third-party organizations. These findings demonstrate the need for healthcare facilities to formulate robust privacy policies in order to alleviate patients' concern for EMR information privacy based on governmental regulations. This regulation is top-priority as the incapability of reducing patients' concern for EMR information privacy may lead to the collapse of the campaign for the full-adoption of EMR or possibly jeopardize the promotion and application of EMR among healthcare facilities.

How GDPR Enhances Transparency and Fosters Pseudonymisation in Academic Medical Research.

The European General Data Protection Regulation (GDPR) has dotted the i's and crossed the t's in the context of academic medical research. One year into GDPR, it is clear that a change of mind and the uptake of new procedures is required. Research organisations have been looking at the possibility to establish a code-of-conduct, good practices and/or guidelines for researchers that translate GDPR's abstract principles to concrete measures suitable for implementation. We introduce a proposal for the implementation of GDPR in the context of academic research which involves the processing of health related data, as developed by a multidisciplinary team at the University Hospitals Leuven. The proposal is based on three elements, three stages and six specific safeguards. Transparency and pseudonymisation are considered key to find a balance between the need for researchers to collect and analyse personal data and the increasing wish of data subjects for informational control.

Anonymity in EU Health Law: Not an Alternative to Information Governance.

Data sharing has long been a cornerstone of healthcare and research and is only due to become more important with the rise of Big Data analytics and advanced therapies. Cell therapies, for example, rely not only on donated cells but also essentially on donated information to make them traceable. Despite the associated importance of concepts such as 'donor anonymity', the concept of anonymisation remains contentious. The Article 29 Working Party's 2014 guidance on 'Anonymisation Techniques' has perhaps helped encourage a perception that anonymity is the result of data modification 'techniques', rather than a broader process involving management of information and context. In light of this enduring ambiguity, this article advocates a 'relative' understanding of anonymity and supports this interpretation with reference not only to the General Data Protection Regulation but also to European Union health-related legislation, which also alludes to the concept. Anonymity, I suggest, should be understood not as a 'technique' which removes the need for information governance but rather as a legal standard of reasonable risk-management, which can only be satisfied by effective data protection. As such, anonymity can be not so much an alternative to data protection as its mirror, requiring similar safeguards to maintain privacy and confidentiality.

mHealth Apps: Disruptive Innovation, Regulation, and Trust-A Need for Balance.

mHealth, the use of mobile and wireless technologies in healthcare, and mHealth apps, a subgroup of mHealth, are expected to result in more person-focussed healthcare. These technologies are predicted to make patients more motivated in their own healthcare, reducing the need for intensive medical intervention. Thus, mHealth app technology might lead to a redesign of existing healthcare architecture making the system more efficient, sustainable, and less expensive. As a disruptive innovation, it might destabilise the existing healthcare organisation through a changed role for healthcare professionals with patients accessing care remotely or online. This account coincides with the broader narrative of National Health Service policy-makers, which focusses on personalised healthcare and greater patient responsibility with the potential for significant cost reductions. The article proposes that while the concept of mHealth apps as a disruptive technology and the narrative of personalisation and responsibilisation might support a transformation of the healthcare system and a reduction of costs, both are dependent on patient trust in the safety and security of the new technology. Forcing trust in this field may only be achieved with the application of traditional and other regulatory mechanisms and with this comes the risk of reducing the effect of the technology's disruptive potential.

Gathering data for decisions: best practice use of primary care electronic records for research.

In Australia, there is limited use of primary health care data for research and for data linkage between health care settings. This puts Australia behind many developed countries. In addition, without use of primary health care data for research, knowledge about patients' journeys through the health care system is limited. There is growing momentum to establish "big data" repositories of primary care clinical data to enable data linkage, primary care and population health research, and quality assurance activities. However, little research has been conducted on the general public's and practitioners' concerns about secondary use of electronic health records in Australia. International studies have identified barriers to use of general practice patient records for research. These include legal, technical, ethical, social and resource-related issues. Examples include concerns about privacy protection, data security, data custodians and the motives for collecting data, as well as a lack of incentives for general practitioners to share data. Addressing barriers may help define good practices for appropriate use of health data for research. Any model for general practice data sharing for research should be underpinned by transparency and a strong legal, ethical, governance and data security framework. Mechanisms to collect electronic medical records in ethical, secure and privacy-controlled ways are available. Before the potential benefits of health-related data research can be realised, Australians should be well informed of the risks and benefits so that the necessary social licence can be generated to support such endeavours.

Deterrence approach on the compliance with electronic medical records privacy policy: the moderating role of computer monitoring.

BACKGROUND: This study explored the possible antecedents that will motivate hospital employees' compliance with privacy policy related to electronic medical records (EMR) from a deterrence perspective. Further, we also investigated the moderating effect of computer monitoring on relationships among the antecedents and the level of hospital employees' compliance intention. METHODS: Data was collected from a large Taiwanese medical center using survey methodology. A total of 303 responses was analyzed via hierarchical regression analysis. RESULTS: The results revealed that sanction severity and sanction certainty significantly predict hospital employees' compliance intention, respectively. Further, our study found external computer monitoring significantly moderates the relationship between sanction certainty and compliance intention. CONCLUSIONS: Based on our findings, the study suggests that healthcare facilities should take proactive countermeasures, such as computer monitoring, to better protect the privacy of EMR in addition to stated privacy policy. However, the extent of computer monitoring should be kept to minimum requirements as stated by relevant regulations.

ATM Card Cloning and Ethical Considerations.

With the advent of modern technology, the way society handles and performs monetary transactions has changed tremendously. The world is moving swiftly towards the digital arena. The use of Automated Teller Machine (ATM) cards (credit and debit) has led to a "cash-less society" and has fostered digital payments and purchases. In addition to this, the trust and reliance of the society upon these small pieces of plastic, having numbers engraved upon them, has increased immensely over the last two decades. In the past few years, the number of ATM fraud cases has increased exponentially. With the money of the people shifting towards the digital platform, ATM skimming has become a problem that has eventually led to a global outcry. The present review discusses the serious repercussions of ATM card cloning and the associated privacy, ethical and legal concerns. The preventive measures which need to be taken and adopted by the government authorities to mitigate the problem have also been discussed.

How the new European data protection regulation affects clinical research and recommendations?

Clinical research on human subjects or their data is confronted with conflicting requirements with, on one hand, the principle of open science (transparency and data sharing), the possibilities offered by big data and the reuse of healthcare or research data, and on the other, changes to the regulatory and legislative framework, including the general data protection regulation (GDPR). A roundtable was organized in Giens, France in October 2018 to identify problem areas, the need for clarification and streamlining, and to make recommendations to promote clinical research while ensuring a high level of patient protection. After details were given about these developments, the roundtable participants were able to propose recommendations, primarily (1) to clarify: what is considered anonymized data, and what is "public interest" within the meaning of the GDPR; (2) for the French data protection authority (CNIL) to continue preparing reference methodologies to simplify the approval system; (3) to promote the secondary use of data by making it easier to inform patients and obtain broad patient consent, by specifying the circumstances under which their withdrawal and opposition rights apply, so as to limit the risk of bias; (4) to facilitate access to data warehouses by providing technological and methodological aids. The roundtable also recommends increasing discussions between authorities in Europe on research topics, encouraging French authorities to contribute to the preparation of codes of conduct and setting up a voluntary harmonization procedure to coordinate the opinions of data protection authorities, while ensuring that key documents are available in English.

Health Research, Consent and the GDPR Exemption.

This article analyses the balance which the GDPR strikes between two important social values: protecting personal health data and facilitating health research through the lens of the consent requirement and the research exemption. The article shows that the normative weight of the consent requirement differs depending on the context for the health research in question. This more substantive approach to consent is reflected in the research exemption which allows for a more nuanced balancing of interests. However, because the GDPR articulates the exemption at an abstract and principled level, in practice the balance is struck at Member State level. Thus, the GDPR increases difficulties for EU cross-border health projects and impedes the policy goal of creating a harmonised regulatory framework for health research. The article argues that in order to address this problem, the European Data Protection Board should provide specific guidance on the operation of consent in health research.

Review of a medical illustration department's data processing system to confirm general data protection regulation (GDPR) compliance.

This article reviews the clinical photography and video data processing and storage arrangements of the Medical Illustration Department (MID) at the Queen Elizabeth Hospital Birmingham National Health Service (NHS) Foundation Trust (QEHB), part of the University Hospitals Birmingham (UHB) NHS Foundation Trust umbrella group. This review suggests that the department's current workflow and technical processing solution satisfies the requirements of the general data protection regulation (GDPR). At the time of writing, there were no additional financial costs or technical skills required for implementing GDPR regulations but this could change in future data processing systems. There are significant potential costs for non-compliance with GDPR. Brexit is unlikely to have any effect on complying with GDPR requirements. The GDPR gives the public the right to access information and be informed of how and why it is processed. It is recommended that improved administrative processing capability to accommodate this requirement should be included in future data processing designs. At the QEHB informed consent for use of photographs and videos is currently adequate to satisfy the common law of confidence.

The Dark Data Quandary.

The digital universe remains a black box. Despite attaining high-technology capabilities like artificial intelligence and cognitive computing, "Big Data" analytics have failed to keep pace with surging data production. At the same time, the falling costs of cloud storage and distributed systems have made mass data storage cheaper and more accessible. These effects have produced a chasm between data that is stored and data that can be readily analyzed and understood. Enticed by the promise of extracting future value from rising data stockpiles, organizations now retain massive quantities of data that they cannot presently know or effectively manage. This rising sea of "dark data" now represents the vast majority of the digital universe. Dark data presents a quandary for organizations and the judicial system. For organizations, the inability to know the contents of retained dark data produces invisible risk under a spreading patchwork of digital privacy and data governance laws, most notably in the medical and consumer protection areas. For courts increasingly confronted with Big Data-derived evidence, dark data may shield critical information from judicial view while embedding subjective influences within seemingly objective methods. To avoid obscuring organizational risk and producing erroneous outcomes in the courtroom, decision-makers must achieve a new awareness of dark data's presence and its ability to undermine Big Data's vaunted advantages.

International data-sharing norms: from the OECD to the General Data Protection Regulation (GDPR).

The evolution of genomic research and its integration into clinical practice, as they become international-even global-endeavors, has brought us to a place where scientists and clinicians may now only ignore the rules governing international data sharing at their own peril. Open data policies, on the one hand, increasingly require custodians of others' genomic data to make it as widely available as feasible, including to researchers in other countries. Data protection law, on the other, has become a significant hurdle to the sharing of personal data across jurisdictional borders. The space between these two competing duties is narrowing. In contrast with the other texts in this volume, which explore the present and future of data sharing and data protection, this article's focus is on the past. It centres on the historical development of the data protection rules regarding the international transfer of personal data up to the present. The article's aim is to bring into focus the underlying objectives that have influenced and that will continue to influence the way that data protection rules are applied to the fields of genomics and health, as well as future developments in data protection generally. The first part of this article describes the development of international data-sharing data protection rules since 1970. The second considers difficulties in applying general data protection rules to the specific context of genomics and health. The third and final part compares the options available to comply with the international transfer restrictions set out in the standard-setting EU General Data Protection Regulation from a genomics perspective.

China: concurring regulation of cross-border genomic data sharing for statist control and individual protection.

This paper reviews the major legal instruments and self-regulations that bear heavily on the cross-border sharing of genomic data in China. It first maps out three overlapping frameworks on genomic data and analyzes their underpinning policy goals. Subsequent sections examine the regulatory approaches with respect to five aspects of responsible use and sharing of genomic data, namely, consent, privacy, security, compatible processing, and oversight. It argues that substantial centralised control exerted by the state is, and would probably remain, the dominant feature of genomic data governance in China, though concerns of individual protection are gaining momentum. Rather than revolving around a simplistic antinomy between privacy preservation and open science, the regulatory landscape is mainly shaped by the tension between government desires for national security, state competitiveness, and public health benefits.

Canada: will privacy rules continue to favour open science?

Canada's regulatory frameworks governing privacy and research are generally permissive of genomic data sharing, though they may soon be tightened in response to public concerns over commercial data handling practices and the strengthening of influential European privacy laws. Regulation can seem complex and uncertain, in part because of the constitutional division of power between federal and provincial governments over both privacy and health care. Broad consent is commonly practiced in genomic research, but without explicit regulatory recognition, it is often scrutinized by research or privacy oversight bodies. Secondary use of health-care data is legally permissible under limited circumstances. A new federal law prohibits genetic discrimination, but is subject to a constitutional challenge. Privacy laws require security safeguards proportionate to the data sensitivity, including breach notification. Special categories of data are not defined a priori. With some exceptions, Canadian researchers are permitted to share personal information internationally but are held accountable for safeguarding the privacy and security of these data. Cloud computing to store and share large scale data sets is permitted, if shared responsibilities for access, responsible use, and security are carefully articulated. For the moment, Canada's commercial sector is recognized as "adequate" by Europe, facilitating import of European data. Maintaining adequacy status under the new European General Data Protection Regulation (GDPR) is a concern because of Canada's weaker individual rights, privacy protections, and regulatory enforcement. Researchers must stay attuned to shifting international and national regulations to ensure a sustainable future for responsible genomic data sharing.