[The procedural aspects of postmortem defense of non-material goods of patient].

The protection of privacy of patient that is applying for medical care, diagnostics and treatment is one of the main pillars of implementation of medical activities. However, despite sufficient volume of legal regulation of lifetime respect of privacy of examination, observation and facts of medical intervention, in practice occur situations when privacy ceases to be such after death of the patient. The article is based on results of content-analysis of normative legal acts (n = 11), scientific publications (n = 52), cases of judicial practice (n = 8). The problem of non-observance of privacy becomes especially actual after death of person whose name is widely known. Having no possibility to impact on causes and modes of obtaining and propagating such specific information, the deceased, one's illness, stages of treatment, struggle for life, resources spent, clinics and specialists involved become object of close attention of various subjects (mas media, Internet communities) that use obtained information for speculative purposes at the expense of fixation of inhumane public replicas and increase of number of browsing. Despite prohibition provided for by law of dissemination of information constituting privacy of applying for medical care, after death of patient and application of measures of legal liability for fact of such a disclosure, information leak occurs regularly and information that got into common access frequently discredit good name of the deceased or develop other problems that are subjects to legal protection, for family members and legal successors. Yet, circumstances of transfer of information of limited access by medical organization (data leakage) or by intent of medical worker are difficult to be proved. Therefore, in judicial practice there are practically no such cases. At that, after death of famous people, juristic community regularly faces problems of protecting personal rights and non-material values from the side of relatives, legal successors and other interested persons. On the basis of formal logical method and system analysis method of disputable situations, possible perspectives of applying for judicial protection, procedural characteristics of procedure of applying for protection and possible composition of participants are presented.

Health Care AI and Patient Privacy-Dinerstein v Google.

This Viewpoint summarizes a recent lawsuit alleging that a hospital violated patients' privacy by sharing electronic health record (EHR) data with Google for development of medical artificial intelligence (AI) and discusses how the federal court's decision in the case provides key insights for hospitals planning to share EHR data with for-profit companies developing medical AI.

AI Chatbots, Health Privacy, and Challenges to HIPAA Compliance.

This Viewpoint examines the privacy concerns raised by medical uses of large language models, such as chatbots.

The Challenges for Regulating Medical Use of ChatGPT and Other Large Language Models.

This Viewpoint discusses how regulators across the world should approach the legal and ethical challenges, including privacy, device regulation, competition, intellectual property rights, cybersecurity, and liability, raised by the medical use of large language models.

Wiretap laws and the perioperative physician - The current state of affairs.

BACKGROUND: Wiretapping laws generally govern the legality of surreptitious or unconsented audio recording or other interception of face-to-face conversations, telephone calls, and other oral or wire communications. Many of these laws were originally passed in the late 1960s or 70s, and many have since been modified or amended. Wiretap laws vary from state to state within the United States, and many clinicians as well as patients are often unaware of the scope and implications of these laws. CASE EXAMPLES: We provide three hypothetical case examples to illustrate scenarios in which wiretapping laws come into play. METHODS: Through a review of current legislation, we compiled relevant wiretapping statutes for each state, as well as the potential civil remedies and criminal punishments that could be imposed for violations. We include the results of targeted research related to cases in which rights or claims under applicable wiretap statues have been asserted in the context of medical encounters and healthcare practice. RESULTS: We classified thirty-seven out of 50 states (74%) as one-party consent state laws, nine out of 50 states (18%) as all-party consent state laws, and the remaining four states (8%) as "Mixed". Remedies and punishments for violations of state wiretapping laws generally can involve civil or criminal fines and/or potential incarceration. Cases in which healthcare practitioners have asserted rights under wiretap laws remain rare. CONCLUSIONS: Our findings demonstrate heterogeneity with regard to the wiretapping laws state-to-state. The majority of punishments for violations involve fines and/or potential incarceration. Given the wide variability in state legislature, we suggest that anesthesiologists know their state's wiretapping law.

El listado de pacientes en la empresa dedicada a la prestación de servicios médicos como objeto material de los delitos de descubrimiento y revelación de secretos de empresa / [The list of patients in the company dedicated to the provision of medical services as a material object of the crimes of discovery and disclosure of company secrets]

En la actualidad podría afirmarse que la mayor problemática existente en torno a los delitos de descubrimiento y revelación de secretos de empresa se encuentra en la indeterminación de su objeto material: el secreto de empresa. Esta indeterminación, que la reciente Ley 1/2019, de 20 de febrero, de Secretos Empresariales ayuda a solventar, ha llevado a los Tribunales de la jurisdicción penal a pronunciamientos dispares sobre la aplicación de los tipos penales relativos al descubrimiento y revelación de secretos de empresa, siendo uno de los supuestos más cuestionados en la práctica de nuestros Tribunales el tratamiento (o no) de un listado de clientes como un secreto de empresa. Si bien, hay muchas resoluciones que abogan por entender que dichos listados de clientes no forman parte de la información confidencial y reservada de una empresa –lo que impediría entenderla como un secreto de empresa–, encontramos también ejemplos de casos en los que se ha adoptado una solución contraria. Por medio del presente análisis, se pretende responder a la siguiente pregunta: ¿Puede un listado de pacientes ser considerado un secreto de empresa y, por tanto, dar lugar su descubrimiento y/o revelación a la comisión de un delito de los recogidos en el artículo 278 y siguientes del Código Penal? ¿Y si dicho listado de pacientes contuviera documentación clínica (con datos médicos) de cada uno de ellos? (AU)

Nowadays, the main problem with the offences of discovery and disclosure of trade secrets may lie in the indeterminacy of its material object: the business or trade secret. This indeterminacy, which the recent Law 1/2019, of 20 February, on Business Secrets helps to resolve, has led the Courts of the criminal jurisdiction to make disparate pronouncements on the application of criminal offences relating to the discovery and disclosure of business secrets, with one of the most questioned cases in the practice of our Courts being the treatment (or not) of a list of clients as a business secret. While there are many rulings that argue that such customer lists do not form part of the confidential and reserved information of a company –which would prevent it from being considered a trade secret–, there are also examples of cases in which the opposite solution has been adopted. This analysis aims to answer the following question: Can a list of patients be considered a business secret and, therefore, can its discovery and/or disclosure give rise to the commission of an offence under Article 278 et seq. of the Criminal Code? What if the list of patients contained clinical documentation (with medical data) for each of them? (AU)

Cruzan after Dobbs: What Remains of the Constitutional Right to Refuse Treatment?

In 2022, the U.S. Supreme Court removed constitutional protection from the individual's right to end a pregnancy. In Dobbs v. Jackson Women's Health Organization, the Court invalidated previous rulings protecting that right as part of the individual liberty and privacy interests embedded in the U.S. Constitution. Now, many observers are speculating about the fate of other rights founded on those interests. The Dobbs ruling conflicts with the Court's 1990 Cruzan decision restricting the government's power to interfere with personal medical choices. The language and reasoning in Dobbs and Cruzan offer guidance on how the Court might address future cases involving the right to refuse life-sustaining treatment. The decisions also point to policy strategies for preserving that right.

[When quality improvement clashes with privacy regulations]. / Wanneer kwaliteitsverbetering botst met privacyregels.

Continuity in patient care is crucial but is not a 'given' in complex circumstances when several health care professionals are involved in a clinical trajectory. Discontinuity may make it difficult to follow a patient's clinical course, which can be instructive and providing useful feedback on professional performance. Hence, it is a good clinical habit to check on patients after the care has been taken over by others. However, too strict interpretation of privacy laws and regulation may hamper this valuable practice. Obviously, protection of medical information and patients' privacy is vital, however, this should not apply to health care professionals that were involved in earlier phases of a patient's care as they should be considered having a continuing care relationship with the patient. Interestingly, a vast majority of patients themselves have no concern at all when professionals that were involved in earlier phases of their care access their information.

How privacy's past may shape its future.

An account of privacy's evolutionary roots may hold lessons for policies in the digital age.

Mobile health and privacy: cross sectional study.

OBJECTIVES: To investigate whether and what user data are collected by health related mobile applications (mHealth apps), to characterise the privacy conduct of all the available mHealth apps on Google Play, and to gauge the associated risks to privacy. DESIGN: Cross sectional study SETTING: Health related apps developed for the Android mobile platform, available in the Google Play store in Australia and belonging to the medical and health and fitness categories. PARTICIPANTS: Users of 20 991 mHealth apps (8074 medical and 12 917 health and fitness found in the Google Play store: in-depth analysis was done on 15 838 apps that did not require a download or subscription fee compared with 8468 baseline non-mHealth apps. MAIN OUTCOME MEASURES: Primary outcomes were characterisation of the data collection operations in the apps code and of the data transmissions in the apps traffic; analysis of the primary recipients for each type of user data; presence of adverts and trackers in the app traffic; audit of the app privacy policy and compliance of the privacy conduct with the policy; and analysis of complaints in negative app reviews. RESULTS: 88.0% (n=18 472) of mHealth apps included code that could potentially collect user data. 3.9% (n=616) of apps transmitted user information in their traffic. Most data collection operations in apps code and data transmissions in apps traffic involved external service providers (third parties). The top 50 third parties were responsible for most of the data collection operations in app code and data transmissions in app traffic (68.0% (2140), collectively). 23.0% (724) of user data transmissions occurred on insecure communication protocols. 28.1% (5903) of apps provided no privacy policies, whereas 47.0% (1479) of user data transmissions complied with the privacy policy. 1.3% (3609) of user reviews raised concerns about privacy. CONCLUSIONS: This analysis found serious problems with privacy and inconsistent privacy practices in mHealth apps. Clinicians should be aware of these and articulate them to patients when determining the benefits and risks of mHealth apps.

International transfers of personal data for health research following Schrems II: a problem in need of a solution.

On 16 July 2020, the Court of Justice of the European Union issued their decision in the Schrems II case concerning Facebook's transfers of personal data from the EU to the US. The decision may have significant effects on the legitimate transfer of personal data for health research purposes from the EU. This article aims: (i) to outline the consequences of the Schrems II decision for the sharing of personal data for health research between the EU and third countries, particularly in the context of the COVID-19 pandemic; and, (ii) to consider certain options available to address the consequences of the decision and to facilitate international data exchange for health research moving forward.

Health Information Privacy, Protection, and Use in the Expanding Digital Health Ecosystem: A Position Paper of the American College of Physicians.

Technologic advancements and the evolving digital health landscape have offered innovative solutions to several of our health care system's issues as well as increased the number of digital interactions and type of personal health information that is generated and collected, both within and outside of traditional health care. This American College of Physicians' position paper discusses the state of privacy legislation and regulations, highlights existing gaps in health information privacy protections, and outlines policy principles and recommendations for the development of health information privacy and security protections that are comprehensive, transparent, understandable, adaptable, and enforceable. The principles and recommendations aim to improve on the privacy framework in which physicians have practiced for decades and expand similar privacy guardrails to entities not currently governed by privacy laws and regulations. The expanded privacy framework should protect personal health information from unauthorized, discriminatory, deceptive, or harmful uses and align with the principles of medical ethics, respect individual rights, and support the culture of trust necessary to maintain and improve care delivery.