E-health in the age of big data: the EU Proposed Regulation on health data protection (original) (raw)
Related papers
Big and open data privacy risks in health sector: developing a trend or establishing the future?
The amount of medical data is growing rapidly in the current technological and social environment. Big data analytics are considered a highly powerful tool in assisting health service providers, researchers and patients to accelerate scientific discovery, enabling personalized medicine and improving the quality of healthcare. It is being underpinned that in order to achieve these objectives an open data strategy should be followed by public authorities allowing third parties to access medical data. This process though raises severe concerns over privacy issues relating to the use of medical information by both private and public entities. European Union trying to modernise its approach concerning personal data in general has introduced a proposal for a General Data Protection Regulation that specifically refers to and regulates health related information by introducing an enriched right to consent and the right to be forgotten. This paper conglomerates the privacy problems arising from the emergence of big data sets in medical sector as they are depicted in literature, and tries to examine to what extent the proposed Data Protection Regulation can address these issues so as to create a modern and updated legal framework by introducing new rules that will provide greater legal certainty, enhance citizens' trust in the use of their medical data, and ultimately achieve the goal of delivering efficient health services.
The new EU General Data Protection Regulation (GDPR) in medical data and clinical research
2019
This dissertation was written as part of the MSc in Bioeconomy Law, Regulation and Management at the International Hellenic University. The purpose of my research is to conduct an extensive legal analysis of the existing legal framework on data protection in medical data and clinical research. The recent General Data Protection Regulation (EU) 2016/679,"GDPR", enhances the fundamental rights of individuals in the field of data protection. Medical data specifically, as they refer to a person’s health are sensitive data that require additional protection and careful handling. This is the case in clinical research also. This analysis includes European Law, namely the Data Protection Directive, the GDPR, Convention 108, the European Convention on Human Rights (ECHR) and Guidelines on the Protection of Individuals with regard to the Processing of medical data and clinical research data. I would like to express my gratitude to my supervisor Professor Dr. Vidalis, for the support...
Computer Law & Security Review Volume 33, Issue 5, October 2017, Pages, 2017
In January 2017 the Consultative Committee of Convention 108 adopted its Guidelines on the Protection of Individuals with Regard to the Processing of Personal Data in a World of Big Data. These are the first guidelines on data protection provided by an international body which specifically address the issues surrounding big data applications. This article examines the main provisions of these Guidelines and highlights the approach adopted by the Consultative Committee, which contextualises the traditional principles of data protection in the big data scenario and also takes into account the challenges of the big data paradigm. The analysis of the different provisions adopted focuses primarily on the core of the Guidelines namely the risk assessment procedure. Moreover, the article discusses the novel solutions provided by the Guidelines with regard to the data subject's informed consent, the by-design approach, anonymization, and the role of the human factor in big data-supported decisions. This critical analysis of the Guidelines introduces a broader reflection on the divergent approaches of the Council of Europe and the European Union to regulating data processing. Where the principle-based model of the Council of Europe differs from the approach adopted by the EU legislator in the detailed Regulation (EU) 2016/679. In the light of this, the provisions of the Guidelines and their attempt to address the major challenges of the new big data paradigm set the stage for concluding remarks about the most suitable regulatory model to deal with the different issues posed by the development of technology.
Medical Privacy and Big Data: A Further Reason in Favour of Public Universal Healthcare Coverage
2019
Most people are completely oblivious to the danger that their medical data undergoes as soon as it goes out into the burgeoning world of big data. Medical data is financially valuable, and your sensitive data may be shared or sold by doctors, hospitals, clinical laboratories, and pharmacies—without your knowledge or consent.1 Medical data can also be found in your browsing history, the smartphone applications you use, data from wearables, your shopping list, and more. At best, data about your health might end up in the hands of researchers on whose good will we depend to avoid abuses of power.2 Most likely, it will end up with data brokers who might sell it to a future employer, or an insurance company, or the government. At worst, your medical data may end up in the hands of criminals eager to commit extortion or identity theft. In addition to data harms related to exposure and discrimination, the collection of sensitive data by powerful corporations risks the creation of data mono...
Journal of law and medicine, 2018
The main objective of this article is to describe the legal principles governing the selection by European public authorities, such as National Health Services (NHS) of third parties, when entering into agreements for the transfer of health data. According to Directive 2003/98/EC, and in light of the provisions of the Treaties of the European Union, the choice as to how a public authority makes its data available to third parties needs to be transparent, non-discriminatory and may not in any case benefit a specific company at the expense of others. For this reason, we maintain that a hypothetical agreement by which a public authority grants exclusive access to a large amount of health data to a private company selected with non-transparent criteria appears highly questionable. We advocate that the NHS should adopt more appropriate data policies aimed at promoting the sustainability of the NHS, following the legal framework analysed in this article.
Modelling and enforcing privacy for medical data disclosure across Europe
PubMed, 2009
The harmonization of data protection legislation in Europe has been theoretically achieved by means of the EU directive on data protection. In practice the harmonization is not absolute and conflicts and inconsistencies continue to exist in the way Member States are implementing the directive. The integration of different European medical systems by means of grid technologies will continue to be challenging if technology does not intervene to enhance interoperability between national regulatory frameworks on data protection. In this paper we present an approach to automate privacy requirements for the sharing of patient data across Europe on a healthgrid domain and ensure its enforcement internally and within external domains where the data might travel. This approach is based on the semantic modelling of privacy obligations that are of legal, ethical or cultural nature. These requirements are for the sharing of personal data between different European Member States. Our model reflects both similarities and conflicts, if any, between the different Member States. This allows us to reason on the safeguards a data controller should ask from an organization belonging to another Member State before disclosing medical data to them. The system will also generate the relevant set of policies to be enforced at the process level of the grid to ensure privacy compliance before allowing access to the data.
Over Troubled Water: E-Health Platforms and the Protection of Personal Data: The Case of Portugal
Portuguese Journal of Public Health
How healthcare is being administered is nowadays one of the distinctive traits expressing the progress of a given society. The steadfast implementation of e-health services has become an indispensable tool in order to bring the provision of healthcare to the next level. Notwithstanding e-health's actual and promising applications, e-health hinges on highly sensitive information on patients' personal lives and even intimacy, which, in Member States of the European Union (EU), must comply with the pertinent personal data protection legislation. In effect, health data have been classified as a special category of personal data by Directive 95/46/EC, the Data Protection Directive (DPD). The DPD subjects the processing of personal health data to a specific, stronger protection compared to less sensitive personal data in the form of a prohibition, which can only be excepted when the data subjects grant their explicit consent to the processing or if such consent is overridden by a superior interest provided by the law. Aware of the major changes brought about