Health Care AI and Patient Privacy-Dinerstein v Google.

This Viewpoint summarizes a recent lawsuit alleging that a hospital violated patients' privacy by sharing electronic health record (EHR) data with Google for development of medical artificial intelligence (AI) and discusses how the federal court's decision in the case provides key insights for hospitals planning to share EHR data with for-profit companies developing medical AI.

El listado de pacientes en la empresa dedicada a la prestación de servicios médicos como objeto material de los delitos de descubrimiento y revelación de secretos de empresa / [The list of patients in the company dedicated to the provision of medical services as a material object of the crimes of discovery and disclosure of company secrets]

En la actualidad podría afirmarse que la mayor problemática existente en torno a los delitos de descubrimiento y revelación de secretos de empresa se encuentra en la indeterminación de su objeto material: el secreto de empresa. Esta indeterminación, que la reciente Ley 1/2019, de 20 de febrero, de Secretos Empresariales ayuda a solventar, ha llevado a los Tribunales de la jurisdicción penal a pronunciamientos dispares sobre la aplicación de los tipos penales relativos al descubrimiento y revelación de secretos de empresa, siendo uno de los supuestos más cuestionados en la práctica de nuestros Tribunales el tratamiento (o no) de un listado de clientes como un secreto de empresa. Si bien, hay muchas resoluciones que abogan por entender que dichos listados de clientes no forman parte de la información confidencial y reservada de una empresa –lo que impediría entenderla como un secreto de empresa–, encontramos también ejemplos de casos en los que se ha adoptado una solución contraria. Por medio del presente análisis, se pretende responder a la siguiente pregunta: ¿Puede un listado de pacientes ser considerado un secreto de empresa y, por tanto, dar lugar su descubrimiento y/o revelación a la comisión de un delito de los recogidos en el artículo 278 y siguientes del Código Penal? ¿Y si dicho listado de pacientes contuviera documentación clínica (con datos médicos) de cada uno de ellos? (AU)

Nowadays, the main problem with the offences of discovery and disclosure of trade secrets may lie in the indeterminacy of its material object: the business or trade secret. This indeterminacy, which the recent Law 1/2019, of 20 February, on Business Secrets helps to resolve, has led the Courts of the criminal jurisdiction to make disparate pronouncements on the application of criminal offences relating to the discovery and disclosure of business secrets, with one of the most questioned cases in the practice of our Courts being the treatment (or not) of a list of clients as a business secret. While there are many rulings that argue that such customer lists do not form part of the confidential and reserved information of a company –which would prevent it from being considered a trade secret–, there are also examples of cases in which the opposite solution has been adopted. This analysis aims to answer the following question: Can a list of patients be considered a business secret and, therefore, can its discovery and/or disclosure give rise to the commission of an offence under Article 278 et seq. of the Criminal Code? What if the list of patients contained clinical documentation (with medical data) for each of them? (AU)

Dataísmo (de la salud), tecnología y privacidad / (Health) dataism, technology and privacy

El dataísmo puede privar al individuo de su privacidad. Las personas reflexionan sobre el coste de oportunidad que supone ceder sus datos y otorgan mayor importancia a la efectividad en la lucha contra enfermedades y pandemias frente a su uso ilícito, ilegal o poco ético. El big data es un bien común de la humanidad, y compartir datos puede salvar vidas, pero aprovechémoslo aplicando correctamente la ética de los datos, donde los gobiernos y organizaciones estén implicados y se respete el derecho fundamental de protección de datos. (AU)

Dataism can deprive the individuals of their privacy. People are reflecting on the opportunity cost of giving away their data and are placing greater importance on the effectiveness of fighting diseases and pandemics than on its illicit, illegal or unethical use. Big data is a common good of humanity, and sharing data can save lives, but let’s harness it with the right application of data ethics, where governments and organisations are involved and the fundamental right to data protection is respected. (AU)

Dobbs and the future of health data privacy for patients and healthcare organizations.

The Supreme Court recently overturned settled case law that affirmed a pregnant individual's Constitutional right to an abortion. While many states will commit to protect this right, a large number of others have enacted laws that limit or outright ban abortion within their borders. Additional efforts are underway to prevent pregnant individuals from seeking care outside their home state. These changes have significant implications for delivery of healthcare as well as for patient-provider confidentiality. In particular, these laws will influence how information is documented in and accessed via electronic health records and how personal health applications are utilized in the consumer domain. We discuss how these changes may lead to confusion and conflict regarding use of health information, both within and across state lines, why current health information security practices may need to be reconsidered, and what policy options may be possible to protect individuals' health information.

[When quality improvement clashes with privacy regulations]. / Wanneer kwaliteitsverbetering botst met privacyregels.

Continuity in patient care is crucial but is not a 'given' in complex circumstances when several health care professionals are involved in a clinical trajectory. Discontinuity may make it difficult to follow a patient's clinical course, which can be instructive and providing useful feedback on professional performance. Hence, it is a good clinical habit to check on patients after the care has been taken over by others. However, too strict interpretation of privacy laws and regulation may hamper this valuable practice. Obviously, protection of medical information and patients' privacy is vital, however, this should not apply to health care professionals that were involved in earlier phases of a patient's care as they should be considered having a continuing care relationship with the patient. Interestingly, a vast majority of patients themselves have no concern at all when professionals that were involved in earlier phases of their care access their information.

The European Genome-phenome Archive in 2021.

The European Genome-phenome Archive (EGA - https://ega-archive.org/) is a resource for long term secure archiving of all types of potentially identifiable genetic, phenotypic, and clinical data resulting from biomedical research projects. Its mission is to foster hosted data reuse, enable reproducibility, and accelerate biomedical and translational research in line with the FAIR principles. Launched in 2008, the EGA has grown quickly, currently archiving over 4,500 studies from nearly one thousand institutions. The EGA operates a distributed data access model in which requests are made to the data controller, not to the EGA, therefore, the submitter keeps control on who has access to the data and under which conditions. Given the size and value of data hosted, the EGA is constantly improving its value chain, that is, how the EGA can contribute to enhancing the value of human health data by facilitating its submission, discovery, access, and distribution, as well as leading the design and implementation of standards and methods necessary to deliver the value chain. The EGA has become a key GA4GH Driver Project, leading multiple development efforts and implementing new standards and tools, and has been appointed as an ELIXIR Core Data Resource.

Legal and ethical considerations of artificial intelligence in skin cancer diagnosis.

Artificial intelligence (AI) technology is becoming increasingly accurate and prevalent for the diagnosis of skin cancers. Commercially available AI diagnostic software is entering markets across the world posing new legal and ethical challenges for both clinicians and software companies. Australia has the highest rates of skin cancer in the world and is poised to be a significant benefactor and pioneer of the technology. This review describes the legal and ethical considerations raised by the emergence of artificial intelligence in skin cancer diagnosis and proposes recommendations for best practice.

Panorama regional de estándares de informática en salud

Presentación hecha por Alejandro Benavides, Sub-coordinador de la Red Centroamericana de Informática en Salud, durante el Webinar "Panorama Regional de Estándares de Informática en Salud" realizado el día 4 de diciembre de 2019.

Ações para a adequação da RNDS à lei geral de proteção de dados

A implementação da Rede Nacional de Dados em Saúde (RNDS) iniciou-se em junho de 2019 com os objetivos de oferecer benefícios de melhoria da assistência à saúde, a partir do acesso às informações e continuidade do cuidado nos níveis de atenção, de permitir eficiência na gestão dos recursos públicos e de impulsionar a Inovação na Saúde. Em março de 2020, a abrangência e o escopo do projeto da RNDS foram direcionados ao enfrentamento da COVID-19, para o fortalecimento da resposta do sistema de saúde, monitoramento e gestão da saúde populacional, oferta de soluções para engajamento ativo do usuário no controle da epidemia e processamento do esperado número de casos da doença. Desde as primeiras ações de planejamento, governança, definição de arquitetura e de regras negociais, o DATASUS se prepara para manter a RNDS em conformidade com a Lei Geral de Proteção de Dados (LGPD), com previsão de entrada em vigor para 3 de maio de 2021, conforme Medida Provisória n° 959, de 29 de abril de 2020.

Arteriosclerosis y otras enfermedades en líderes políticos y sus consecuencias para la población / Arteriosclerosis and other diseases in heads of government and its consequences for the population

La arteriosclerosis cerebrovascular y otras enfermedades de algunos líderes políticos en momentos históricos clave han facultado la toma de decisiones que han marcado el destino de sus países. Muchas enfermedades graves de líderes políticos, antes y durante su permanencia en el poder, se han ocultado a la población, y a ello han colaborado sus médicos personales presionados por su paciente. La confidencialidad de la relación médico-enfermo en circunstancias políticas especiales debe ser motivo de reflexión y debate. Sería deseable promulgar disposiciones que impidiesen la ocultación y garantizasen la total transparencia de los informes médicos sobre el estado de salud de los dirigentes mientras permanecen en el poder. La franqueza ayuda a conservar la confianza de la población.(AU)

Heads of government with cerebrovascular arteriosclerosis and other diseases in key historical moments have led to decisions that have marked the destiny of countries not always in a beneficial direction. Severe diseases in political leaders in power have often been hidden from citizens with the collaboration of personal physicians. The confidentiality of the patient-doctor relationship in special political circumstances should be reexamined and subjected to debate. Legal provisions to ensure total transparency of medical information about the health of heads of government should be implemented. Transparency ensures the trust of citizens.(AU)

A Normative Framework for the Reconciliation of EU Data Protection Law and Medical Research Ethics.

EU data protection law and medical research ethics overlap in scope and content in numerous instances in which personal data are processed in medical research. It is not always the case, however, that the conditions outlined by the two rule-sets precisely coincide. In the past few years, this lack of confluence has led to confusion as to how the two rule-sets should best relate to one another. This confusion has led to different approaches to the relationship being taken, on occasion leading to counter-intuitive conclusions. Unfortunately, there has hitherto been little effort to provide clarity to this confusion. In this regard, this article attempts to provide a general normative framework aimed at facilitating optimally cogent and just reconciliations of EU data protection law and medical research ethics.

Quantum private set intersection cardinality based on bloom filter.

Private Set Intersection Cardinality that enable Multi-party to privately compute the cardinality of the set intersection without disclosing their own information. It is equivalent to a secure, distributed database query and has many practical applications in privacy preserving and data sharing. In this paper, we propose a novel quantum private set intersection cardinality based on Bloom filter, which can resist the quantum attack. It is a completely novel constructive protocol for computing the intersection cardinality by using Bloom filter. The protocol uses single photons, so it only need to do some simple single-photon operations and tests. Thus it is more likely to realize through the present technologies. The validity of the protocol is verified by comparing with other protocols. The protocol implements privacy protection without increasing the computational complexity and communication complexity, which are independent with data scale. Therefore, the protocol has a good prospects in dealing with big data, privacy-protection and information-sharing, such as the patient contact for COVID-19.

Signalling Standards for Progress: Bridging the Divide Between a Valid Consent to Use Patient Data Under Data Protection Law and the Common Law Duty of Confidentiality.

In this article, we analyse the legal components of disclosing confidential patient information under the UK's common law duty of confidentiality (CLDoC) and processing personal (health) data under the UK's General Data Protection Regulation (GDPR) and Data Protection Act 2018. We describe the ostensible divide between the CLDoC and data protection law when it comes to the requirements of a valid signal of consent by a patient to use and disclose patient information, obtained by a health professional in the context of direct care, for health care and health research purposes. Ultimately, our analysis suggests that we are saddled, at least in the medium term, with two regimes operating with different standards of a valid consent-while putatively protecting similar interests. There is, however, opportunity for progress. It is possible to improve professional guidance on the interaction between the regimes and to achieve significant normative alignment without aligning the signalling standard for consent; this would promote consistent protection of reasonable expectations of patients across both regimes. Further coherence would require aligning not only the standard, but also the role played by consent under each regime. Here we argue that, in relation to direct care, any such shift should be away from consent as the normal justification. In relation to health research, on the contrary, it should be toward consent as the normal justification for use and disclosure of patient information under both the CLDoC and data protection law.

Informed consent: its importance for retrolective research and medical science progress.

In retrolective research, the information necessary to answer the research question is directly generated from medical records and other clinical-documentary sources. This article analyzes the waiver of informed consent and privacy notice when research is retrolective, from which two lines of argument emerge: one is the physician's duty to protect patient dignity, integrity, right to self-determination and privacy, as well as the confidentiality of the information obtained from him; the other is retrolective research contribution to the control of diseases and society's health improvement. Waiver of informed consent or privacy notice documented in the medical record is important for retrolective research, but it has ethical implications for researchers who do not comply with the rationality and personal responsibility they have before society.

En la investigación retrolectiva, la información necesaria para responder la pregunta de investigación se genera directamente de expedientes clínicos y de otras fuentes clínico-documentales. Este artículo analiza la dispensa del consentimiento informado y el aviso de privacidad cuando la investigación es retrolectiva, de lo cual emergen dos líneas de argumentación: una es el deber del médico de proteger la dignidad, la integridad, el derecho a la autodeterminación, la intimidad del enfermo y la confidencialidad de la información obtenida de él; la otra es la contribución de las investigaciones retrolectivas al control de las enfermedades y a la mejora de la salud de la sociedad. La dispensa del consentimiento o el aviso de privacidad en el expediente clínico es importante para la investigación retrolectiva, pero tiene implicaciones éticas para los investigadores que no cumplan con la racionalidad y responsabilidad personal que tienen ante la sociedad.

The right to be forgotten and COVID-19: privacy versus public interest / El derecho al olvido y el COVID-19: privacidad frente a interés público / O direito ao esquecimento e COVID-19: privacidade versus interesse público

Abstract: Recent studies highlight the importance of digital surveillance to gather individual health information due to the global pandemic caused by the new COVID-19 disease. This paper analyses its legal and ethical implications at the interface between the individual right to privacy and the collective interests of public health. We framed the discussion in law, deontology and utilitarianism. The lasted theories and human rights, especially privacy, are crucial in our argument. Health-derived dilemmas and efforts to solve them, especially by information technologies, bioethics and law, exist at these perspectives' interface. In particular, we analysed the intersection between autonomy, the right to privacy, and the so-called 'right to be forgotten' in the public health context. In other words, we studied the right to obtain from the controller the erasure of health data - a radical means of control over personal data established in Article 17 of the General Data Protection Regulation (GDPR). Given the lack of specifics regarding collection and re-use of such data under the broad scope of public health purposes, implied consent does not address the issue of proportionality. We highlight legal safeguards' insufficiency, suggesting applying the 'right to be forgotten' according to an ethical interpretation.

Resumen: Estudios recientes destacan la importancia de la vigilancia digital para recoger información sanitaria individual debido a la pandemia mundial causada por la nueva enfermedad COVID-19. Este artículo analiza sus implicaciones legales y éticas en la interfaz entre el derecho individual a la privacidad y los intereses colectivos de la salud pública. Enmarcamos la discusión en el derecho, la deontología y el utilitarismo. Estas últimas teorías y los derechos humanos, especialmente la privacidad, son cruciales en nuestro argumento. Los dilemas relacionados con la salud y los esfuerzos por resolverlos, especialmente a través de la tecnología de la información, la bioética y el derecho, se encuentran en la interfaz de estas perspectivas. En particular, analizamos la intersección entre la autonomía, el derecho a la privacidad y el llamado "derecho al olvido" en el contexto de la salud pública. Es decir, estudiamos el derecho a obtener del responsable del tratamiento la supresión de los datos de salud, un medio radical de control sobre los datos personales establecido en el artículo 17 del Reglamento general de protección de datos (RGPD). Dada la falta de especificidades en cuanto a la recogida y reutilización de dichos datos dentro del amplio ámbito de los objetivos de salud pública, el consentimiento implícito no aborda la cuestión de la proporcionalidad. Destacamos la insuficiencia de las garantías legales, sugiriendo la aplicación del "derecho al olvido" según una interpretación ética.

Resumo: Estudos recentes salientam a importância da vigilância digital para recolher informações individuais de saúde devido à pandemia global causada pela nova doença COVID-19. Este artigo analisa as suas implicações legais e éticas na interface entre o direito individual à privacidade e os interesses coletivos da saúde pública. Enquadramos a discussão no direito, na deontologia e no utilitarismo. As últimas teorias e os direitos humanos, especialmente a privacidade, são cruciais na nossa argumentação. Dilemas derivados da saúde e esforços para os resolver, especialmente através das tecnologias da informação, da bioética e do direito, existem na interface destas perspetivas. Em particular, analisámos a intersecção entre autonomia, direito à privacidade, e o chamado "direito ao esquecimento" no contexto da saúde pública. Por outras palavras, estudámos o direito de obter do responsável pelo tratamento o apagamento dos dados de saúde, um meio radical de controlo dos dados pessoais estabelecido no artigo 17º do Regulamento Geral de Proteção de Dados (RGPD). Dada a falta de especificidades em relação à recolha e reutilização de tais dados no âmbito alargado dos objetivos de saúde pública, o consentimento implícito não aborda a questão da proporcionalidade. Destacamos a insuficiência de salvaguardas jurídicas, sugerindo a aplicação do "direito ao esquecimento" de acordo com uma interpretação ética.

The right to be forgotten versus the right to disclosure of gamete donors' id: ethical and legal considerations / El derecho al olvido frente al derecho a revelar la identificación de los donantes de gametos: consideraciones éticas y jurídicas / O direito ao esquecimento versus o direito à divulgação da identificação de dadores de gâmetas: considerações éticas e legais

Abstract: 15. The anonymity of gamete donors in the context of medically-assisted reproduction techniques (ART) and the right of the offspring to know their genetic or biological parents' identity is a controversial and widely debated topic in the scientific literature. The positions on the issue in each country are different. Sometimes they are in opposition to each other even in countries with strong similarities, such as those in the European Union (EU), in the framework of shared ethical values. Although some countries still enshrine the rule of anonymity, there is an undeniable tendency to guarantee the right to know one's origins by creating relevant exceptions or abolishing donor anonymity status altogether. 16. This article offers ethical and legal considerations of whether the so-called 'right to be forgotten' (RTBF) could be extended to include gamete donors' right to remain anonymous. This perspective goes against the general trend, certainly in Europe, of recognizing that offspring born from donor gametes have a right to access information relating to their genetic progenitors. The novel addition is to question whether the General Data Protection Regulation (GDPR) might provide fertile ground for questioning this approach, and effectively support those jurisdictions where anonymity is still possible.

Resumen: 20. El anonimato de los donantes de gametos en el contexto de las técnicas de reproducción médicamente asistida (RM) y el derecho de la descendencia a conocer su identidad genética o biológica es un tema controvertido y ampliamente debatido en la literatura científica. Las posiciones sobre el tema en cada país son diferentes. A veces se oponen entre sí, incluso en países con fuertes similitudes, como los de la Unión Europea (UE), en el marco de valores éticos compartidos. Aunque algunos países siguen consagrando la norma del anonimato, es innegable la tendencia a garantizar el derecho a conocer el propio origen creando las excepciones pertinentes o suprimiendo por completo el estatus de anonimato del donante. 21. Este artículo ofrece consideraciones éticas y jurídicas sobre si el llamado "derecho al olvido" podría ampliarse para incluir el derecho de los donantes de gametos a permanecer en el anonimato. Esta opinión es contraria a la tendencia general, ciertamente en Europa, de reconocer que los hijos nacidos de gametos donados tienen derecho a acceder a la información relativa a sus padres genéticos. La nueva adición consiste en debatir si el Reglamento general de protección de datos (RGPD) podría proporcionar un terreno fértil para cuestionar este enfoque y apoyar efectivamente a las jurisdicciones en las que el anonimato sigue siendo posible.

Resumo 25. O anonimato dos dadores de gâmetas no contexto das técnicas de reprodução medicamente assistida (RMA) e o direito da descendência a conhecer a sua identidade genética ou biológica é um tema controverso e amplamente debatido na literatura científica. As posições sobre a questão em cada país são diferentes. Por vezes estão em oposição umas às outras, mesmo em países com fortes semelhanças, como os da União Europeia (UE), no quadro de valores éticos partilhados. Embora alguns países ainda consagrem a regra do anonimato, existe uma tendência inegável para garantir o direito de conhecer as suas origens, criando exceções relevantes ou abolindo completamente o estatuto de anonimato dos dadores. 26. Este artigo oferece considerações éticas e legais sobre se o chamado "direito ao esquecimento" poderia ser alargado para incluir o direito dos dadores de gâmetas a permanecerem anónimos. Esta perspetiva vai contra a tendência geral, certamente na Europa, de reconhecer que os descendentes nascidos de gâmetas doadas têm o direito de aceder à informação relacionada com os seus progenitores genéticos. O novo aditamento é debater se o Regulamento Geral de Proteção de Dados (RGPD) poderá fornecer um terreno fértil para questionar esta abordagem, e apoiar efetivamente as jurisdições onde o anonimato ainda é possível.