|
KMID : 1234820210220040117
|
|
Korean Society of Law and Medicine
2021 Volume.22 No. 4 p.117 ~ p.157
|
|
|
Legal Issues in Protecting and Utilitizing Medical Data in United States -Focused on HIPAA/HITECH, 21st Century Cures Act, Common Law, Guidance-
|
|
Kim Jae-Sun
|
|
|
Abstract
|
|
|
This research reviewed the HIPAA/HITECH, 21st Century Cures Act, Common Law, and private Guidances from the perspectives in protecting and utilitizing the medical data, while implications were followed.
First, the standards for protection and utilization are relatively clearly regulated through single law on personal medical information in the United States. The HIPAA has been introduced in 1996 as fundamental act on protection of medical data. Medical data was divided into personally identifiable information, non-identifying information, and limited dataset under HIPAA. Regulations on de-identification measures for medical information, objects for deletion of limited data sets, and agreement on prohibition of data re-identification were stipulated. Moreover, in the 21st Century Cures Act regulated mutual compatibility for data sharing, prohibition of data blocking, and strengthening of accessibility of data subjects. Common Law introduced comprehensive consent system and clearly stipulates procedures.
Second, the regulatory system is relatively simplified and clearly stipulated in the United States. To be specific, the expert consensus and the safe harbor system were introduced as an anonymity measure for identifiable medical information, which clearly defines the process while increasing trust.
Third, the protection of the rights of the data subject is specified, the duty of explanation is specified in detail, while the information right of the consumer (opt-out procedure) for identification information is specified. For instance, the HHS rule and FDA regulations recognize the comprehensive consent system for human research, but the consent procedure, method, and requirements are stipulated through the common rule.
Fourth, in the case of the United States, a trust-based system is being used throughout the health and medical data legislation. To be specific, Limited Data Sets are allowed to use in condition to the researcher's agreement to prohibit re-identification, and de-identification or consent process is simplified under the system.
|
|
|
KEYWORD
|
|
|
Medical data, Health data, Data, HIPAA, HITECH, 21st century cures act
|
|
|
FullTexts / Linksout information
|
|
|
|
|
|
Listed journal information
|
|
|
|