Information and Communication Technologies and the Right to

Informational Privacy in Health Care: A Comprehensive Analysis

Nandu Sam Jose
School of Legal Studies, CUSAT
Email: nandusamjose@cusat.ac.in

DOI: http://doi.org/10.21776/ub.blj.2023.010.01.03
Submitted: 2023-03-04 | Revised: 2023-04-26 | Accepted: 2023-04-28 | Published: 2023-04-30
How to Cite : Jose, Nandu Sam. “Information and Communication Technologies and the Right to Informational Privacy in Health Care: A
Comprehensive Analysis.” Brawijaya Law Journal 10, no. 1 (2023): 34-58. http://doi.org/10.21776/ub.blj.2023.010.01.03.
Copyright (c) 2023 Brawijaya Law Journal. All Rights Reserved.

Abstract: The rapid integration of information and communication technologies (ICTs) into the
healthcare field has led to significant advancements, including the development of electronic health
records, telemedicine, big data analytics, and artificial intelligence. These technologies have
revolutionized medical care by improving accessibility, enhancing quality, and facilitating personalized
treatments. However, with these advancements, the issue of health information privacy has become
increasingly prominent. This article examines the interplay between ICTs and the right to informational
privacy in the healthcare field. More specifically, it explores the core principles of informational privacy
by outlining its legal and ethical facets while also underscoring the importance of maintaining the
confidentiality and security of personal health information (PHI). The essay also examines the
challenges threatening informational privacy—including data breaches, inadequate regulatory
frameworks, and ethical dilemmas surrounding big data and AI. Simultaneously, the article identifies
opportunities for enhancing privacy protections, including introducing technological innovations, and
strengthening legal and regulatory frameworks. The piece also offers practical recommendations for
various stakeholders—such as policymakers, healthcare providers, and individuals—for ensuring the
protection of PHI. In conclusion, this article emphasizes the importance of striking a delicate balance
between leveraging the benefits of ICTs and protecting informational privacy, which is a prerequisite
for fostering a resilient, equitable, and patient-centered healthcare system.

Keywords: health care; informational privacy; information and communication technologies;

personal health information; privacy protection.

I. Introduction implications of these advancements on the

Information and Communication
Technologies (ICTs) have revolutionized
health care, generating unprecedented
opportunities for improving patient care,
efficiency, and access to information. As the
adoption of digital systems continues to
increase, it has become crucial to consider the
[34]
right to health informational privacy in health
care. This right is essential in ensuring trust
between patients and healthcare providers
and protecting sensitive personal health
information (PHI).
While the benefits of integrating ICTs into
health care are widely recognized, recent

incidents and debates have highlighted the
urgent need for an in-depth analysis of the
tensions between the use of these
technologies and the safeguarding of health
information privacy.1 For instance, the
increased frequency, and sophistication of
data breaches raise serious concerns about
the security and confidentiality of PHI. 2 For
example, in 2021, data belonging to 230,000
patients diagnosed with COVID-19 was
illegally accessed and subsequently sold on a
dark web forum known as Rapid Forums.3
Furthermore, the growing use of artificial
intelligence (AI) and big data in health care,
though promising, has exacerbated concerns
over privacy.4 Against this backdrop, this
article seeks to provide a comprehensive
analysis of the complex relationship between
ICTs and the right to informational privacy in
health care. It explores the multifaceted role
of ICTs in health care, detailing how different
technologies, such as electronic health
records, telemedicine, big data analytics, and
artificial intelligence (AI), can impact
privacy. Furthermore, the article navigates
the legal and ethical frameworks that govern
informational privacy, spotlighting their role
in the protection of PHI in an increasingly
digital healthcare landscape.
1
Sara Quach et al., “Digital Technologies: Tensions
in Privacy and Data,” Journal of the Academy of
Marketing Science 50, no. 6 (2022): 1299–1323,
https://doi.org/10.1007/s11747-022-00845-y; Eric
Durnell et al., “Online Privacy Breaches, Offline
Consequences: Construction and Validation of the
Concerns with the Protection of Informational
Privacy Scale,” International Journal of Human–
Computer Interaction 36, no. 19 (2020): 1834–48,
https://doi.org/10.1080/10447318.2020.1794626.
2
Nivedita James, “80+ Healthcare Data Breach
Statistics 2023,” Astra, 2023,
https://www.getastra.com/blog/security-
audit/healthcare-data-breach-statistics/.
3
Dona Budi Kharisma and Alvalerie Diakanza,
“Patient Personal Data Protection: Comparing the
Health-Care Regulations in Indonesia, Singapore
[35]
E-ISSN: 2503-0841, P-ISSN: 2356-4512
In elucidating these challenges, the article
also uncovers opportunities for bolstering
privacy protections in the face of the ongoing
digital transformation. It culminates by
offering well-founded recommendations for
various stakeholders, including
policymakers, healthcare providers, and
individuals. These actionable insights aim to
safeguard the right to informational privacy,
ensuring a balanced approach to ICT
implementation that reaps its myriad benefits
without compromising the fundamental
privacy rights of patients.
II. Legal Materials & Method
This study employs doctrinal legal analysis,
and a thorough review of relevant literature,
including academic articles, research papers,
reports, and legal documents, was conducted
to gain an understanding of the current state
of ICTs in health care, the concept of
informational privacy, and the challenges,
and opportunities associated with privacy
protection. Subsequently, key concepts, and
issues related to ICTs and health information
privacy were identified and organized into a
coherent structure. On this basis, the analysis
was divided into multiple sections to address
different aspects of the topic, including the
role of ICTs, legal frameworks, ethical
and the European Union,” International Journal of
Human Rights in Healthcare September (2022),
https://doi.org/10.1108/IJHRH-04-2022-0035.
4
Dariusz Czuchaj, Marc Elshof, and Anna
Szczygiel, “Key Challenges of Artificial
Intelligence: AI Privacy Concerns and the GDPR,”
Business Going Digital, 2021,
https://www.businessgoing.digital/key-
challenges-of-artificial-intelligence-ai-privacy-
concerns-and-the-gdpr/; Saharnaz Dilmaghani et
al., “Privacy and Security of Big Data in AI
Systems: A Research and Standards Perspective,”
in IEEE International Conference on Big Data
(Big Data) (Los Angeles: IEEE, 2019), 5737–43,
https://doi.org/10.1109/BigData47090.2019.9006
283.
Brawijaya Law Journal 10 Vol 1 (2023): 34-58
considerations, challenges, and
opportunities. Moreover, each section is
developed through a discussion of relevant
concepts, issues, and examples from the
literature. This structure facilitates a
comprehensive examination of the subject
matter and enables readers to understand the
different dimensions of health information
privacy. Based on the discussion and
analysis, this study develops a set of
recommendations for policymakers,
healthcare providers, and individuals that
provide guidance on how to effectively
address privacy challenges and protect health
information privacy. The study concludes
with a summary of key findings and insights,
emphasizing the importance of balancing the
benefits of ICT adoption in health care with
the protection of patients’ privacy rights.
III. Results & Discussion
The Role of Information and
Communication Technology (ICT) in
Health Care
ICTs have transformed numerous industries,
including health care. Indeed, ICTs are now
an integral part of the healthcare industry,
revolutionizing healthcare delivery, medical
research, and more. In today’s fast-paced
world, ICTs have become increasingly vital
to providing quality healthcare services to
patients globally. In healthcare settings, ICTs
offer various benefits, including improved
5
Clemens Scott Kruse and Amanda Beane, “Health
Information Technology Continues to Show
Positive Effect on Medical Outcomes: Systematic
Review,” Journal of Medical Internet Research
20, no. 2 (2018): 1–9,
https://doi.org/10.2196/jmir.8793; Michael Rowe,
“Information and Communication Technology in
Health: A Review of the Literature,” Journal of
Clinical and Health Sciences 3, no. 1 (2008): 68–
77.
6
“Electronic Health Records,” CMS.gov, accessed
November 6, 2021,
[36]
patient care, increased access to medical
services, and accurate, and timely medical
data for medical practitioners.5
Some of the critical areas where ICT plays a
significant role in health care are as follows:
a. Electronic Health Records
Electronic health records (EHRs) are digital
versions of a patient’s medical history
designed to streamline and improve the
management of patient information. They
contain comprehensive data on a patient’s
demographics, medical conditions,
treatments, medications, allergies,
immunizations, and test results.6
Consequently, EHRs have become
increasingly prevalent in healthcare settings
due to their numerous benefits.
Electronic health records offer several
benefits to health care, including improved
efficiency through quick access to and
exchange of patient information and
minimized need for paper records and
manual data entry. 7 Additionally, EHRs
enhance patient care by providing a complete
and up-to-date picture of a patient’s medical
history, enabling more informed clinical
decision-making and preventing medical
errors. Moreover, EHRs allow for better care
coordination, especially for patients with
complex medical needs and those seeing
multiple specialists. Patients can also become
more involved in their own health care
through EHRs. Using securing online portals,
https://www.cms.gov/Medicare/E-
Health/EHealthRecords.
7
Kruse CS et al., “Impact of Electronic Health
Records on Long-Term Care Facilities: Systematic
Review,” JMIR Med Inform, 2017; e35. Accesed
from Soumya Upadhyay and Han-fen Hu, “A
Qualitative Analysis of the Impact of Electronic
Health Records (Ehr) on Healthcare Quality and
Safety: Clinicians’ Lived Experiences,” Health
Services Insights 15 (2022),
https://doi.org/10.1177/11786329211070722.

they can review their records, track health
data, and communicate with healthcare
providers. Electronic health records also
support public health initiatives and medical
research by providing large-scale,
anonymized datasets for identifying trends,
tracking disease outbreaks, and evaluating
the effectiveness of interventions and
treatments.8
b. Telemedicine and Remote Patient
Monitoring
Telemedicine and remote patient monitoring
are two key ICT applications that have
significantly expanded the reach and
efficiency of healthcare services. They
leverage digital communication tools and
devices to provide medical care and
monitoring to patients without the need for
in-person visits:
1) Telemedicine involves the use of ICTs,
such as video conferencing, mobile
applications, and secure messaging, to
enable healthcare providers to consult,
diagnose, treat, and monitor patients
remotely.9 Telemedicine offers several
benefits, including increased access to
care for patients living in remote, rural, or
underserved areas who may experience
difficulty accessing medical services.
Additionally, telemedicine can reduce
8
“What Are the Advantages of Electronic Health
Records?,” HealthIT.gov, accessed March 24,
2023, https://www.healthit.gov/faq/what-are-
advantages-electronic-health-records.
9
Oren J. Mechanic, Yudy Persaud, and Alexa B.
Kimball, Telehealth Systems, StatPearls (Treasure
Island (FL) (StatPearls Publishing, 2021),
http://www.ncbi.nlm.nih.gov/books/NBK459384/
. https://apps.who.int/iris/handle/10665/63857.
10
F. Mair, “Systematic Review of Studies of Patient
Satisfaction with Telemedicine,” BMJ 320, no.
7248 (2000): 1517–20,
https://doi.org/10.1136/bmj.320.7248.1517; See
also: Steven D. Losorelli et al., “The Future of
Telemedicine: Revolutionizing Health Care or
Flash in the Pan?,” Otolaryngology–Head and
[37]
E-ISSN: 2503-0841, P-ISSN: 2356-4512
healthcare costs by decreasing the need
for in-person visits, saving patients time,
and money on travel while lowering
overhead costs for healthcare providers.10
Telemedicine also improves patient
outcomes, enabling faster diagnoses, and
treatment and better continuity of care,
particularly for patients with chronic
conditions. By facilitating more frequent
follow-ups and better communication
between patients and healthcare
providers, telemedicine can improve
patient outcomes and overall quality of
care.11
2) Remote patient monitoring (RPM)
involves the use of digital technologies,
such as wearable devices, mobile
applications, and home monitoring
equipment, to continuously collect, and
transmit patient health data to healthcare
providers12. Remote patient monitoring
also allows for early intervention and
better disease management by providing
real-time health data to healthcare
providers.13 This enables healthcare
practitioners to detect potential issues
early and adjust treatment plans
accordingly, leading to better disease
management and overall patient
outcomes. Additionally, RPM can
empower patients to take an active role in
their health care by tracking their health
Neck Surgery 165, no. 2 (2021): 239–43,
https://doi.org/10.1177/0194599820983330.
11
WHO Group Consultation on Health Telematics,
“A Health Telematics Policy in Support of WHO’s
Health-For-All Strategy for Global Health
Development: Report of the WHO Group
Consultation on Health Telematics” (Geneva,
Switzerland, 1997),
12
Mechanic, Persaud, and Kimball, Telehealth
Systems.
13
Frederico Arriaga Criscuoli de Farias et al.,
“Remote Patient Monitoring: A Systematic
Review,” Telemedicine and E-Health 26, no. 5
(2020): 576,
https://doi.org/10.1089/tmj.2019.0066.
Brawijaya Law Journal 10 Vol 1 (2023): 34-58
indicators and adhering to recommended
care plans14 By closely monitoring
patients’ health and intervening early
when necessary, RPM can also help
prevent hospitalizations and reduce the
likelihood of readmissions, leading to
significant cost savings and improved
patient outcomes.15
c. Big Data Analytics and Artificial
Intelligence
Big data analytics and AI have emerged as
transformative technologies within health
care, leveraging the vast amounts of data
generated by electronic health records,
wearables, and other digital tools to drive
insights and improve patient outcomes.
These technologies have several healthcare
applications, including predictive analytics,
personalized medicine, diagnostic support,
drug discovery and development, and
administrative automation.16 Predictive
analytics can identify patterns and trends in
large datasets, predict health outcomes,
identify at-risk populations, and allocate
resources more effectively. 17 Moreover, AI-
powered tools, such as machine learning
algorithms, can be used to analyze individual
patient data and recommend treatment plans
14
Ashish Atreja et al., “Remote Patient Monitoring
in IBD: Current State and Future Directions,”
Current Gastroenterology Reports 20, no. 2
(2018): 6, https://doi.org/10.1007/s11894-018-
0611-3.
15
Thomas A Ullman and Ashish Atreja, “Building
Evidence for Care beyond the Medical Centre,”
The Lancet 390, no. 10098 (2017): 919–20,
https://doi.org/10.1016/S0140-6736(17)31857-3.
16
Wullianallur Raghupathi and Viju Raghupathi,
“Big Data Analytics in Healthcare: Promise and
Potential,” Health Information Science and
Systems 2, no. 1 (February 7, 2014): 3,
https://doi.org/10.1186/2047-2501-2-3.
17
Patricia Balthazar et al., “Protecting Your Patients’
Interests in the Era of Big Data, Artificial
Intelligence, and Predictive Analytics,” Journal of
the American College of Radiology 15, no. 3
(March 2018): 580–86,
https://doi.org/10.1016/j.jacr.2017.11.035.
[38]
tailored to a patient’s unique characteristics,
enabling personalized treatment plans that
improve treatment effectiveness and reduce
potential side effects18. Artificial intelligence
can assist health care by analyzing medical
images, genetic data, and other clinical
information to detect and diagnose diseases
such as cancer, diabetes, and Alzheimer’s
with a high degree of accuracy.19
Additionally, AI can streamline the drug
discovery process by analyzing large datasets
to identify potential drug candidates, predict
their effectiveness, and optimize their
chemical structures, reducing the time, and
cost associated with drug development.20
Finally, AI-powered tools, such as natural
language processing, can automate
administrative tasks, such as documentation,
billing, and appointment scheduling, freeing
healthcare providers to focus on patient
care.21
The Right to Informational Privacy in
Health Care
The right to health information is a crucial
aspect of the relationship between patients
and healthcare providers. This right
encompasses the protection of PHI from
18
Jamilu Awwalu et al., “Artificial Intelligence in
Personalized Medicine Application of AI
Algorithms in Solving Personalized Medicine
Problems,” International Journal of Computer
Theory and Engineering 7, no. 6 (December
2015): 439–43,
https://doi.org/10.7763/IJCTE.2015.V7.999.
19
Awwalu et al.
20
H.C. Stephen Chan et al., “Advancing Drug
Discovery via Artificial Intelligence,” Trends in
Pharmacological Sciences 40, no. 8 (August
2019): 592–604,
https://doi.org/10.1016/j.tips.2019.06.004.
21
Wiljeana Jackson Glover, Zhi Li, and Dessislava
Pachamanova, “The AI-Enhanced Future of
Health Care Administrative Task Management,”
NEJM Catalyst, March 3, 2022,
https://catalyst.nejm.org/doi/full/10.1056/CAT.21
.0355.

unauthorized access, disclosure, and
misuse.22 Additionally, this right is not
merely a practical necessity; rather, it is also
supported by international human rights law.
For instance, the International Covenant on
Economic, Social, and Cultural Rights
(ICESCR) implicitly recognizes this right as
part of the right to health.23 In 2000, the UN
Committee on Economic, Social, and
Cultural Rights, which monitors the
implementation of the ICESCR, adopted
General Comment No. 14 on the right to the
highest attainable standard of health. This
general comment emphasizes that the right to
health includes the right to health
information confidentiality. Hence,
understanding the different dimensions of
informational privacy is essential to ensure
that individuals can trust the healthcare
system and maintain control over their
sensitive health data.
a. Defining Informational Privacy
Informational privacy refers to the right of
individuals to control the collection, use,
disclosure, and retention of their personal
information.24In the context of health care,
informational privacy takes on heightened
importance, as PHI includes an individual’s
medical history, such as diagnoses,
treatments, and other health-related details.25
22
Faria, Paula Lobato De, and João Valente
Cordeiro. ‘Health Data Privacy and
Confidentiality Rights: Crisis or Redemption?’
Revista Portuguesa de Saúde Pública 32, no. 2
(July 2014): 123–33.
https://doi.org/10.1016/j.rpsp.2014.10.001.
23
“CESCR General Comment No. 14: The Right to
the Highest Attainable Standard of Health (Art.
12)” (Office of the High Commissioner for Human
Rights, August 1, 2000),
https://www.refworld.org/pdfid/4538838d0.pdf.
24
Daniel J. Solove, Understanding Privacy
(Cambridge, Mass: Harvard University Press,
2008), 4.
25
Lawrence O. Gostin, “Health Information:
Reconciling Personal Privacy with the Public
[39]
E-ISSN: 2503-0841, P-ISSN: 2356-4512
The core elements of informational privacy
in health care can be summarized as follows:
1) Confidentiality refers to the obligation of
healthcare providers and organizations to
protect patient information from
unauthorized disclosure. Confidentiality
ensures that sensitive health information
is only shared with those who have a
legitimate need to access it, such as
healthcare providers directly involved in a
patient’s care or entities with legal
permission.26
2) Consent refers to the principle that
individuals should have control over their
PHI, including the right to decide whether,
when, and with whom their information is
shared. This typically involves obtaining
informed consent from patients before
their data is collected, used, or disclosed.27
3) Data security refers to the implementation
of technical, administrative, and physical
safeguards to protect the integrity,
availability, and confidentiality of PHI.
Data security measures can include
encryption, access controls, secure
storage, and regular security audits to
prevent unauthorized access, data
breaches, and other threats.28
4) Data minimization is the practice of
collecting, using, and retaining only the
minimum amount of personal information
Good of Human Health,” Health Care Analysis 9,
no. 3 (October 1, 2001): 322,
https://doi.org/10.1023/A:1012905932744.
26
Judith Wagner DeCew, In Pursuit of Privacy:
Law, Ethics, and the Rise of Technology (Ithaca:
Cornell University Press, 1997), 143–44.
27
Tom L. Beauchamp and James F. Childress,
Principles of Biomedical Ethics, 7th ed (New
York: Oxford University Press, 2013), 120=24.
28
National Institute of Standards and Technology,
“Framework for Improving Critical Infrastructure
Cybersecurity” (National Institute of Standards
and Technology, February 12, 2014),
https://www.nist.gov/system/files/documents/cyb
erframework/cybersecurity-framework-
021214.pdf.
Brawijaya Law Journal 10 Vol 1 (2023): 34-58
necessary to achieve a specific purpose.
This helps to reduce the risk of privacy
breaches that may compromise sensitive
data.29
5) Transparency and accountability refer to
the responsibility of healthcare providers
and organizations to be transparent about
data collection, use, and disclosure
practices, and to comply with privacy
regulations and standards. This can
involve providing clear privacy policies,
notifying patients of their rights, and
implementing robust privacy management
frameworks.30
b. Legal Frameworks Protecting
Informational Privacy
The right to informational privacy, especially
within the healthcare sector, is governed by
several legal frameworks at international,
regional, and national levels. These laws aim
to preserve the sensitive nature of PHI and
establish an individual’s authority over their
personal data.
Seminal frameworks on the international
level include the Universal Declaration of
Human Rights (UDHR) and the International
Covenant on Civil and Political Rights
(ICCPR). Although these frameworks do not
explicitly mention privacy, they have
significantly influenced privacy-related
regulations around the globe, indirectly
protecting privacy rights, and setting
standards for privacy-related laws.31 On the
regional level, data protection norms are
shaped by frameworks such as the European
29
Office of the Privacy Commissioner of Canada,
“Guidelines for Processing Personal Data across
Borders,” 2009,
https://www.priv.gc.ca/en/privacy-topics/airports-
and-borders/gl_dab_090127/.
30
American Health Information Management
Association (AHIMA), “Privacy and Security in
Healthcare: A Fresh Look,” 2018,
https://www.ahima.org/-
[40]
Union’s General Data Protection Regulation
(GDPR), the Council of Europe’s
Convention 108+, the APEC Privacy
Framework, and the African Union’s Malabo
Convention. These agreements and
conventions guarantee an array of rights to
individuals concerning personal data and
establish guidelines for data handling entities
to ensure data protection. Lastly, at the
national level, countries like the United
States, Canada, Australia, the United
Kingdom, and Indonesia have promulgated
laws and regulations for the protection of
PHI. However, the effectiveness of these
national frameworks varies depending on the
strength of enforcement mechanisms, the
awareness levels of individuals and
organizations, and their adaptability to the
rapidly evolving ICT landscape. The
succeeding sections will provide a more in-
depth review of these frameworks, offering
detailed insights into their operation and
efficacy.
1) International Frameworks:
The international legal architecture
upholding informational privacy relies
heavily on several seminal frameworks, and
although these frameworks do not explicitly
mention privacy, they have significantly
influenced privacy-related regulations
worldwide. The UDHR, the cornerstone of
the international human rights framework,
provides an indirect protection of privacy.
Article 12 of the UDHR discourages
“arbitrary interference” with an individual’s
/media/AHIMA/Files/AHIMA-Revised-Privacy-
Security-Framework-0118.pdf.
31
Palm, Willy, Herman Nys, David Townend, David
Shaw, Timo Clemens, and Helmut Brand.
‘Patients’ Rights: From Recognition to
Implementation’. In Achieving Person-Centred
Health Systems, by Jonathan North, 347–86. edited
by Ellen Nolte, Sherry Merkur, and Anders Anell,
1st ed. Cambridge University Press, 2020.
https://doi.org/10.1017/9781108855464.016.

privacy, family, home, or correspondence.32
The principles enshrined in the UDHR form
bedrock that has guided the formation of
subsequent privacy-related laws and
regulations around the world. Its indirect yet
substantial influence on privacy norms
underlies the expansive interpretation of
human rights. Moreover, the ICCPR, another
crucial international human rights
instrument, offers further protection of
privacy rights. Article 17 of the ICCPR
defends individuals against unlawful or
arbitrary interference in their privacy,
requiring states to ensure the availability of
legal recourse for such violations.33 This
covenant supports the collective international
effort to acknowledge and address privacy
rights, reflecting a clear rejection of
unwarranted intrusions into people’s
personal lives.
The interplay between these frameworks and
the various interpretations they provide for
privacy protection offer a rich backdrop for
analyzing how the right to privacy,
particularly health information privacy, has
been addressed on the global stage. This is
further elaborated upon in the succeeding
sections, which delve into the nuanced
interplay of these international standards
within regional and national legal structures.
2) Regional Frameworks:
Regional frameworks play a pivotal role in
safeguarding informational privacy,
particularly health information privacy.
32
United Nations, “Universal Declaration of Human
Rights” (1948), https://www.un.org/en/about-
us/universal-declaration-of-human-rights.
33
United Nations, “International Covenant on Civil
and Political Rights” (1966).
34
European Union, “General Data Protection
Regulation” (2016).
35
Council of Europe, “Convention 108 +:
Convention for the Protection of Individuals with
Regard to the Processing of Personal Data,” 2018,
https://rm.coe.int/convention-108-convention-for-
[41]
E-ISSN: 2503-0841, P-ISSN: 2356-4512
These frameworks, guided by unique
regional intricacies, establish standards that
protect personal data and facilitate
information flow. For example, the GDPR in
the European Union has established a robust
data protection framework that champions an
individual’s right to access, rectify, erase,
and restrict the processing of personal data.
The GDPR also requires organizations to
adopt suitable technical and organizational
measures to ensure data protection. 34
Equally notable is the Council of Europe’s
Convention 108 and its modernized version,
the Convention 108+. This legal framework
includes specific provisions for protecting
sensitive data, including health information.
It requires that participating national
governments implement laws to protect an
individual’s rights related to data processing
while ensuring the security and
35
confidentiality of personal data. In the
Asia-Pacific region, the APEC Privacy
Framework, which is crucially supported by
the CBPR system, promotes the flow of
information while facilitating privacy and
personal data protection across the APEC
economies.36 37Lastly, the African Union has
demonstrated its commitment to data
protection with the Malabo Convention,
which, despite its limited adoption, provides
a framework for cybersecurity and personal
the-protection-of-individuals-with-
regar/16808b36f1.
36
Asia Pacific Economic Cooperation, ed., APEC
Privacy Framework (Singapore: APEC
Secretariat, 2017).
37
Asia Pacific Economic Cooperation, “APEC
Cross-Border Privacy Rules System,” accessed
April 15, 2023,
https://cbprs.blob.core.windows.net/files/CBPR%
20Policies,%20Rules%20and%20Guidelines%20
Revised%20For%20Posting%203-16.pdf.
Brawijaya Law Journal 10 Vol 1 (2023): 34-58
data protection38, including personal health
data.
3) National Frameworks:
On the national level, there is a high degree
of dissimilarity regarding how different
countries protect the right to informational
privacy, particularly in relation to PHI. For
example, India currently does not have a
comprehensive framework for the protection
of PHI; this may pose a challenge in the
context of the digital age of rapid exchange
of information. The United States is one of
the few countries that have developed a
comprehensive legal framework specifically
aimed at protecting PHI. The Health
Insurance Portability and Accountability Act
is the primary federal law governing the
protection of PHI in the United States.39 This
law establishes standards for privacy,
security, and the electronic transmission of
PHI and applies to a broad range of entities,
including healthcare providers, health plans,
as well as healthcare clearinghouses and their
business associates.
Many countries have enacted federal laws
and regulations to protect health information
privacy, and they often reflect the specific
legal, cultural, and social contexts of their
respective jurisdictions. Examples include
the Personal Information Protection and
Electronic Documents Act in Canada,40 the
Privacy Act41 and the Healthcare Identifiers
Act42 in Australia, and the Data Protection
Act43 in the United Kingdom. Indonesia has
38
African Union, “African Union Convention on
Cyber Security and Personal Data Protection”
(African Union, June 27, 2014),
https://au.int/en/treaties/african-union-
convention-cyber-security-and-personal-data-
protection.
39
USA, “Health Insurance Portability and
Accountability Act” (1996).
40
Canada, “Personal Information Protection and
Electronic Documents Act” (2000).
41
Australia, “Privacy Act” (1988).
[42]
recently enacted Law no 27 of 2022 on
Personal Data Protection, which provides
protection for informational privacy in health
care by recognizing health information as
“specific personal data.”44
These legal frameworks play a crucial role in
upholding the right to informational privacy
in health care; however, their effectiveness
often depends on the strength of their
enforcement mechanisms, the awareness of
individuals and organizations, and their
ability to adapt to the rapidly evolving
landscape of ICTs.
c. Ethical Considerations
Ethical considerations also play a significant
role in guiding the protection of health
information privacy, ensuring that the use of
ICTs in health care remains consistent with
the fundamental values of medical practice
and patient care.
1) Patient Autonomy refers to the rights of
the individual to make informed decisions
about their own health care, including the
collection, use, and disclosure of PHI.
Upholding patient autonomy in the
context of informational privacy requires
obtaining informed consent before
accessing or sharing PHI, ensuring that
patients understand their privacy rights,
and providing them with the means to
control their own health data.45
2) Confidentiality is an essential ethical
principle in health care, mandating that
healthcare providers maintain the privacy
42
Australia, “Healthcare Identifiers Act” (2010).
43
UK, “Data Protection Act” (2018),
https://www.legislation.gov.uk/ukpga/2018/12/co
ntents.
44
“Law No. 27 of 2022 on Personal Data Protection”
(2022).
45
Alfred I. Tauber, Patient Autonomy and the Ethics
of Responsibility, Basic Bioethics (Cambridge,
Mass: MIT Press, 2005), 59–60,
https://archive.org/details/patientautonomye0000t
aub.

of patient information and share it only
with those who have a legitimate need to
know. Protecting confidentiality helps to
build trust between patients and healthcare
providers, encouraging patients to seek
care and volunteer information without
fear of unauthorized disclosure.46
3) Non-maleficence and beneficence are
ethical principles that require healthcare
providers to do no harm and act in the best
interest of their patients.47 In the context
of informational privacy, these principles
involve ensuring that the use of ICTs in
health care does not compromise patient
privacy, cause harm, or disproportionately
burden certain individuals or groups. This
can be achieved by implementing robust
security measures, adhering to data
minimization practices, and considering
the potential risks and benefits of new
technologies.
4) Equity and Justice principles require that
healthcare services and resources be
distributed fairly without discrimination
or bias. Protecting informational privacy
should not generate disparities in access to
care or disproportionately affect
48
vulnerable populations. For this
purpose, healthcare providers must
consider how privacy protections and the
use of ICTs may impact different socio-
economic, cultural, and demographic
groups, and address potential inequalities
through targeted policies and
interventions.
46
K Blightman, SE Griffiths, and C Danbury,
“Patient Confidentiality: When Can a Breach Be
Justified?,” Continuing Education in Anaesthesia
Critical Care & Pain 14, no. 2 (April 2014): 52–
56, https://doi.org/10.1093/bjaceaccp/mkt032.
47
Beauchamp and Childress, Principles of
Biomedical Ethics, 150, 202.
48
Fabrice Jotterand et al., “Promoting Equity in
Health Care through Human Flourishing, Justice,
and Solidarity,” The Journal of Medicine and
[43]
E-ISSN: 2503-0841, P-ISSN: 2356-4512
5) Transparency and accountability are
ethical principles that require healthcare
providers and organizations to be
transparent regarding their data collection,
use, and disclosure practices, and ensure
that they comply with privacy regulations
and standards.49 This involves providing
clear privacy policies, notifying patients
of their rights, and implementing robust
privacy management frameworks to
prevent unauthorized access or breaches.
By considering these ethical principles,
healthcare providers, policymakers, and
other stakeholders can ensure that the
adoption of ICTs in health care remains
consistent with the values of the medical
profession and regulations governing the
protection of patient privacy. Balancing the
potential benefits of new technologies with
the need for privacy is essential to maintain
trust and uphold the rights of individuals in
the digital age.
Challenges to Informational Privacy in
Health Care
As the use of ICTs in health care continues to
grow, several challenges have emerged that
can potentially compromise informational
privacy. Addressing these challenges is
crucial to maintaining trust between patients
and healthcare providers and ensuring the
ethical and legal protection of PHI.
Philosophy: A Forum for Bioethics and
Philosophy of Medicine 48, no. 1 (February 17,
2023): 98–109,
https://doi.org/10.1093/jmp/jhac015.
49
Ruth R. Faden et al., “An Ethics Framework for a
Learning Health Care System: A Departure from
Traditional Research Ethics and Clinical Ethics,”
Hastings Center Report 43, no. s1 (January 2013):
S16–27, https://doi.org/10.1002/hast.134.
Brawijaya Law Journal 10 Vol 1 (2023): 34-58
a. Data Breaches and Cybersecurity
Threats
Healthcare organizations, with their vast
databases of sensitive PHI, are attractive
targets for hackers and cybercriminals.50
Unauthorized access to or disclosure of PHI
can result in a range of adverse repercussions,
including identity theft, financial fraud, and
reputational damage.51 Addressing these
cybersecurity threats is essential for
maintaining public trust in the healthcare
system and protecting the privacy rights of
patients. Some common challenges related to
data breaches and cybersecurity threats
include:
1) Insufficient security measures. Healthcare
organizations may lack adequate
technical, administrative, and physical
safeguards to protect PHI from
unauthorized access or disclosure. This
can include weak encryption, inadequate
access controls, and outdated software
that is vulnerable to attacks.52
2) Human error. Data breaches, which can
result from unintentional actions by
healthcare providers, staff, and other
insiders, can include accidentally sending
PHI to the wrong recipient, losing
50
See Also: Seh, Adil Hussain, Mohammad Zarour,
Mamdouh Alenezi, Amal Krishna Sarkar, Alka
Agrawal, Rajeev Kumar, and Raees Ahmad Khan.
‘Healthcare Data Breaches: Insights and
Implications’. Healthcare 8, no. 2 (13 May 2020):
133. https://doi.org/10.3390/healthcare8020133.
51
Shahidul Islam Khan and Abu Sayed Md. Latiful
Hoque, “Digital Health Data: A Comprehensive
Review of Privacy and Security Risks and Some
Recommendations,” Computer Science Journal of
Moldova 24, no. 2 (2016): 274–75.
52
Farahnaz Sadoughi and Leila Erfannia, “Health
Information System in a Cloud Computing
Context,” in Health Informatics Meets EHealth:
Digital Insight--Information-Driven Health &
Care: Proceedings of the 11th EHealth2017
Conference, ed. Dieter Hayn and Günter Schreier,
Studies in Health Technology and Informatics,
[44]
unencrypted devices, and falling victim to
phishing scams.53
3) Third-party risks. Healthcare
organizations often rely on third-party
vendors for various services, including
data storage, software development, and
billing. If these third parties do not adhere
to the same privacy standards or have
inadequate security measures in place,
they may introduce vulnerabilities, or
risks that could compromise the security
of PHI.54
4) Ransomware attacks. Cybercriminals may
target healthcare organizations with
ransomware, a malicious software
program that encrypts data and demands
payment for its release. Ransomware
attacks can disrupt healthcare services,
compromise patient privacy, and result in
significant financial losses.55
5) Insider threats. Unauthorized access or
disclosure of PHI may be facilitated by
malicious insiders, such as disgruntled
employees, or individuals with criminal
intentions. These insiders may abuse their
legitimate access to health information
systems to steal or misuse sensitive data.56
volume 236 (eHealth Conference, Amsterdam;
Washington, DC: IOS Press, 2017), 295.
53
Kellie Dell’Oro and Jeremy Smith, “Cyber
Security: The Legal View,” AJP: The Australian
Journal of Pharmacy 102, no. 1203 (March 2021):
72.
54
Ilia Sotnikov, “Simplifying Third-Party Risk
Management,” Risk Management 66, no. 7
(August 2019): 8.
55
Nikki Spence et al., “Ransomware in Healthcare
Facilities: A Harbinger of the Future?,”
Perspectives in Health Information Management
Summer 2018 (2018): 1–2.
56
Suhair Alshehri, Sumita Mishra, and Rajendra Raj,
“Insider Threat Mitigation and Access Control in
Healthcare Systems,” May 1, 2013,
https://scholarworks.rit.edu/article/1401.

b. Inadequate Regulatory Frameworks
Inadequate regulatory frameworks can pose a
significant challenge to the protection of
informational privacy in health care. Laws
and regulations governing the collection, use,
disclosure, and protection of PHI may be
insufficient or outdated and, therefore,
unable to keep pace with the rapid evolution
of ICTs. This can result in gaps and
inconsistencies in privacy protection, leaving
patients’ sensitive health information
vulnerable to unauthorized access or
misuse.57 Some common issues related to
inadequate regulatory frameworks include:
1) Outdated legislation. Existing privacy
laws may not address the unique
challenges posed by new technologies and
emerging practices, such as telemedicine,
big data analytics, and AI. This can lead to
ambiguities and loopholes in privacy
protection, making it difficult for
healthcare providers, organizations, and
patients to understand their rights and
responsibilities.
2) Inconsistent regulations. Privacy
regulations can vary significantly between
countries and jurisdictions, resulting in a
patchwork of legal frameworks that may
complicate compliance efforts for
healthcare providers and organizations
operating across borders.58 This can also
create challenges for patients attempting
to seek care or access health information
in different jurisdictions.
57
Juanita I. Fernando and Linda L. Dawson, “The
Health Information System Security Threat
Lifecycle: An Informatics Theory,” International
Journal of Medical Informatics 78, no. 12
(December 2009): 815–26,
https://doi.org/10.1016/j.ijmedinf.2009.08.006.
58
C. Kuner et al., “The Challenge of ‘big Data’ for
Data Protection,” International Data Privacy Law
2, no. 2 (May 1, 2012): 47–49,
https://doi.org/10.1093/idpl/ips003.
[45]
E-ISSN: 2503-0841, P-ISSN: 2356-4512
3) Limited enforcement. Even when robust
privacy laws exist, inadequate
enforcement, and oversight can
undermine their effectiveness. Regulatory
agencies may lack the resources,
expertise, or authority to adequately
monitor compliance, investigate
violations, and impose meaningful
penalties.59
4) Balancing privacy with other concerns.
Regulatory frameworks must strike a
balance between protecting informational
privacy and promoting other important
objectives, such as supporting public
health, research, or innovation.60 This can
be challenging, particularly in the face of
evolving technologies and shifting
societal expectations.
c. Data Sharing and Third-Party Access
as Invasions of Privacy
Data sharing and third-party access present a
significant challenge to the protection of
health information privacy. With the
widespread adoption of ICTs and the
increased reliance on third-party service
providers, the risks of unauthorized access
and misuse of PHI have grown. Ensuring that
data sharing and third-party access are
properly managed and monitored is crucial
for maintaining patient trust and upholding
the right to informational privacy. Data
sharing and third-party access in health care
can lead to several issues, including
inadequate consent mechanisms,
unauthorized access, secondary use of data,
59
“Enforcement of Privacy and Data Protection
Laws,” accessed June 28, 2023,
https://www.unodc.org/e4j/en/cybercrime/module
-10/key-issues/enforcement-of-privacy-and-data-
protection-laws.html.
60
Hyesoo Jeon and Changjun Lee, “Internet of
Things Technology: Balancing Privacy Concerns
with Convenience,” Telematics and Informatics 70
(May 2022): 101816,
https://doi.org/10.1016/j.tele.2022.101816.
Brawijaya Law Journal 10 Vol 1 (2023): 34-58
and data aggregation, and re-identification.61
Inadequate consent mechanisms can result in
patients being insufficiently informed or
possessing little control over how their PHI
is shared or accessed by third parties.
Unauthorized access to PHI can lead to
privacy invasion, identity theft, and other
harm. Moreover, third parties may use PHI
for purposes beyond the original intent of its
collection, such as marketing, research, or
profiling, raising additional privacy
concerns. Combining different data sets and
sources, including PHI datasets, can
potentially lead to the re-identification of
individuals even when data has been
anonymized. Addressing these issues
requires implementing appropriate consent
mechanisms, ensuring adequate security
measures, limiting data access, and
maintaining transparency, and accountability
in data-sharing practices.
d. Ethical Dilemmas in Big Data and
Artificial Intelligence
There are numerous potential benefits to
using big data and AI in health care,
including improved diagnostics,
personalized treatment plans, and enhanced
efficiency. However, these technologies also
raise several ethical dilemmas related to
informational privacy and more. Addressing
these dilemmas is essential for ensuring that
the adoption of big data and AI aligns with
the values of the medical profession and
respects patients’ rights. Some of the key
61
Michelle M. Mello et al., “Legal Barriers to the
Growth of Health Information Exchange-Boulders
or Pebbles?: Legal Barriers to the Growth of HIE,”
The Milbank Quarterly 96, no. 1 (March 2018):
110–43, https://doi.org/10.1111/1468-
0009.12313.
62
Constance L. Milton, “The Ethics of Big Data and
Nursing Science,” Nursing Science Quarterly 30,
no. 4 (October 2017): 300–301,
https://doi.org/10.1177/0894318417724474.
[46]
ethical dilemmas in big data and AI are as
follows:
1) Informed consent and data ownership.
Big data and AI often involve the
collection, analysis, and sharing of large
amounts of PHI, which can defy
traditional notions of informed consent
and data ownership.62 Ensuring that
patients maintain control over their data
and understand the potential implications
of its use for big data and AI applications
can be complex and challenging.
2) Bias and discrimination. AI algorithms
can inadvertently perpetuate or exacerbate
existing biases present in the data they are
trained on, leading to unfair, or
discriminatory outcomes for certain
individuals or groups.63 Addressing these
biases requires careful consideration of
the data used to train AI models and the
development of strategies to mitigate
potential biases in algorithmic decision-
making.
3) Privacy and de-identification. Big data
and AI can enable the aggregation and
analysis of vast amounts of PHI, often
from multiple sources. Therefore,
ensuring the privacy of data and
preventing the re-identification of
individuals can be challenging,
particularly given the rapidly evolving
nature of techniques and technologies.64
4) Transparency and explainability. AI
algorithms can be complex and opaque,
making it difficult for patients, healthcare
63
Nithesh Naik et al., “Legal and Ethical
Consideration in Artificial Intelligence in
Healthcare: Who Takes Responsibility?,”
Frontiers in Surgery 9 (March 14, 2022),
https://doi.org/10.3389/fsurg.2022.862322.
64
Michael Weinhardt, “Big Data: Some Ethical
Concerns for the Social Sciences,” Social Sciences
10, no. 2 (January 24, 2021),
https://doi.org/10.3390/socsci10020036.

providers, and other stakeholders to
understand how decisions are being made.
Balancing the need for transparency and
explainability with the technical
complexities of AI is an ongoing ethical
challenge.65
5) Accountability and responsibility.
Determining which party is responsible
for the outcomes of AI-driven decisions in
health care can be challenging,
particularly when multiple stakeholders
are involved, including developers,
healthcare providers, and third-party
vendors. Establishing clear lines of
accountability and responsibility is
essential for ensuring ethical practices and
maintaining trust in AI systems.66
Opportunities for Enhancing
Informational Privacy
Despite these challenges to informational
privacy in health care, there are also various
opportunities for enhancing privacy
protections through the application of
innovative technologies, policies, and
practices. By leveraging these opportunities,
healthcare organizations, and providers can
strengthen privacy safeguards and better
protect patients’ PHI. The vast opportunities
for enhancing privacy protections can be
broadly categorized into three domains:
technological innovations, legal and
regulatory enhancements, and patient
empowerment strategies. These domains
65
Clemens Scott Kruse et al., “Challenges and
Opportunities of Big Data in Health Care: A
Systematic Review,” JMIR Medical Informatics 4,
no. 4 (November 21, 2016),
https://doi.org/10.2196/medinform.5359.
66
Kruse et al.
67
Shi-Cho Cha et al., “Privacy Enhancing
Technologies in the Internet of Things:
Perspectives and Challenges,” IEEE Internet of
Things Journal 6, no. 2 (April 2019): 2159–87,
https://doi.org/10.1109/JIOT.2018.2878658; Sara
[47]
E-ISSN: 2503-0841, P-ISSN: 2356-4512
intertwine and complement each other,
enabling a comprehensive approach to
privacy protection. The subsequent sections
provide a detailed exploration of the specific
opportunities present in each domain.
a. Technological Innovations for Privacy
Protection
Emerging technological innovations offer
promising opportunities to enhance privacy
protection in health care. These technologies
can help healthcare organizations and
providers address privacy challenges, ensure
the secure handling of PHI, and maintain
patients’ trust.
There are several notable technological
innovations that can be applied to privacy
protection:
1) Privacy-enhancing technologies, such as
encryption, anonymization, and
differential privacy, can be employed to
protect PHI and minimize the risks
associated with data sharing, storage, and
analysis.67 These technologies can help
healthcare organizations ensure that
patient data remains secure and
confidential, even in the face of
cybersecurity threats.
2) Blockchain technology can be used to
create secure, decentralized, and tamper-
proof patient records, ensuring the
integrity, and authenticity of PHI. 68 This
technology can also give patients greater
control over their own health information,
as cryptographic keys can be used to grant
Jordan, Clara Fontaine, and Rachele Hendricks-
Sturrup, “Selecting Privacy-Enhancing
Technologies for Managing Health Data Use,”
Frontiers in Public Health 10 (March 16, 2022),
https://doi.org/10.3389/fpubh.2022.814163.
68
Priti Tagde et al., “Blockchain and Artificial
Intelligence Technology in E-Health,”
Environmental Science and Pollution Research
28, no. 38 (October 2021): 52810–31,
https://doi.org/10.1007/s11356-021-16223-0.
Brawijaya Law Journal 10 Vol 1 (2023): 34-58
or revoke access to one’s personal health
data.
3) Secure multi-party computation (SMPC)
is a cryptographic technique that enables
multiple parties to jointly compute a
function on their inputs while keeping
those inputs private.69 In health care,
SMPC can enable privacy-preserving data
analysis, allowing organizations to
collaborate on research or analytics
projects without directly sharing sensitive
patient data.
4) Federated learning is a machine learning
approach that enables AI models to be
trained on decentralized data sources
without sharing the underlying raw data.70
This technology can help protect patient
privacy during the development of AI
algorithms and their application to health
care.
5) Homomorphic encryption refers to a
cryptographic technique that enables
computations to be performed on
encrypted data without decrypting it.71
This technology can enable privacy-
preserving data processing and analytics,
ensuring that sensitive patient data
remains encrypted and protected at all
times.
6) Zero-knowledge proofs are cryptographic
methods that enable one party to prove the
validity of a statement without revealing
any additional information.72 In
healthcare settings, this technology can be
used to verify the authenticity or veracity
69
Aycan Aslan et al., “Can Our Health Data Stay
Private? A Review and Future Directions for IS
Research on Privacy-Preserving AI in
Healthcare,” in Wirtschaftsinformatik 2022
Proceedings, 2022,
https://aisel.aisnet.org/wi2022/digital_health/digit
al_health/8/.
70
Aslan et al.; Jordan, Fontaine, and Hendricks-
Sturrup, “Selecting Privacy-Enhancing
Technologies for Managing Health Data Use.”
[48]
of patient data, claims, and transactions
without disclosing sensitive information.
b. Strengthening Legal and Regulatory
Frameworks
Strengthening legal and regulatory
frameworks is crucial for protecting health
information privacy, as these frameworks
establish rules and guidelines governing the
collection, use, and disclosure of PHI. A
robust legal and regulatory framework can
help ensure that the privacy rights of patients
are respected and that healthcare
organizations and providers adhere to best
practices for handling sensitive health
information.
There are several approaches that can be
taken to strengthen legal and regulatory
frameworks:
1) Updating existing legislation:
Policymakers should review and update
existing privacy laws to address the
unique challenges posed by new
technologies in health care, such as
telemedicine, big data analytics, and AI.
This will help ensure that privacy
protection remains relevant and effective
in the face of rapid technological changes.
2) Harmonizing regulations across
jurisdictions: Privacy regulations can vary
significantly between countries and
jurisdictions, resulting in a patchwork of
legal frameworks that can complicate
compliance efforts for healthcare
providers and organizations operating
71
Aslan et al., “Can Our Health Data Stay Private? A
Review and Future Directions for IS Research on
Privacy-Preserving AI in Healthcare”; Jordan,
Fontaine, and Hendricks-Sturrup, “Selecting
Privacy-Enhancing Technologies for Managing
Health Data Use.”
72
Jordan, Fontaine, and Hendricks-Sturrup,
“Selecting Privacy-Enhancing Technologies for
Managing Health Data Use.”

across borders.73 Policymakers should
seek to harmonize privacy regulations to
establish consistent standards and
streamline compliance.
3) Strengthening enforcement and oversight:
Regulatory agencies must be equipped
with the necessary resources, expertise,
and authority to effectively monitor
compliance with privacy laws, investigate
violations, and impose meaningful
penalties. This will help deter potential
privacy breaches and ensure that
organizations and providers take privacy
protection seriously.
4) Engaging stakeholders in the policy-
making process: Involving healthcare
providers, organizations, technology
developers, patients, and other
stakeholders in the development and
review of privacy regulations can help
ensure that existing frameworks are
responsive to the needs and concerns of all
parties involved. This collaborative
approach can also promote an enhanced
understanding of privacy issues and foster
the sharing of best practices.
5) Implementing privacy impact assessments
(PIAs): Requiring healthcare
organizations and providers to conduct
PIAs can help identify and address
potential privacy risks associated with
new technologies, systems, and
74
practices. Moreover, PIAs can inform
the development of privacy policies,
procedures, and risk mitigation strategies.
73
Though the discussion in the cited article is with
regard to the US, the problem is universally
applicable. Christopher Cozzens, “The Patchwork
Privacy Problem: How the United States’ Privacy
Regime Fails to Protect Its Businesses and Data
[49]
E-ISSN: 2503-0841, P-ISSN: 2356-4512
c. Promoting Transparency and Patient
Empowerment
Promoting transparency and patient
empowerment is essential for protecting
informational privacy in health care.
Ensuring that patients are properly informed
regarding how their PHI is being collected,
used, and shared can help them make better
decisions about their care and maintain
control over their data. To achieve this,
healthcare organizations, and providers must
prioritize clear communication, user-friendly
tools, and patient education.
There are several key strategies for
promoting transparency and patient
empowerment:
1) Clear communication. Healthcare
organizations and providers should
provide patients with clear, concise, and
accessible information about their privacy
practices, including how PHI is collected,
used, shared, and protected. This can be
achieved through privacy notices, consent
forms, and other communication materials
that are easy to understand and readily
accessible to patients.
2) User-friendly tools. Developing user-
friendly tools and platforms that allow
patients to access, manage, and control
their PHI can empower them to take an
active role in managing their health
information. This may include features
such as secure patient portals, mobile
applications, and EHR systems that enable
patients to view, download, and transmit
their health data.
3) Patient education. Providing patients with
educational resources, support, and
Subjects,” Seton Hall Law Review 52 (2022):
1157–82.
74
David Wright, “The State of the Art in Privacy
Impact Assessment,” Computer Law & Security
Review 28, no. 1 (February 2012): 54–61,
https://doi.org/10.1016/j.clsr.2011.11.007.
Brawijaya Law Journal 10 Vol 1 (2023): 34-58
guidance regarding their privacy rights
and options can help them make informed
personal healthcare decisions. This may
involve creating informational materials,
hosting workshops or seminars, or
offering one-on-one support to help
patients navigate privacy issues.
4) Engaging patients in decision-making.
Involving patients in the development and
implementation of privacy policies,
practices, and technologies can help
ensure that their needs, concerns, and
preferences are taken into account. This
can lead to better privacy outcomes and
promote a sense of trust and ownership
among patients.
5) Strengthening trust and accountability.
Healthcare organizations and providers
should demonstrate their commitment to
protecting patient privacy by being
transparent about their privacy practices
and holding themselves accountable for
any breaches or violations. This may
involve conducting regular privacy audits,
publishing privacy performance reports,
and being open about any incidents or
issues that may arise.
Recommendations for Policy and Practice
To protect health information privacy and
address the challenges posed by the
increasing use of ICTs, healthcare
organizations, providers, and policymakers
should consider the following
recommendations for policy and practice:
a. Recommendations for Policymakers
Policymakers play a critical role in protecting
health information privacy, as they are
responsible for developing and implementing
the legal and regulatory frameworks that
govern the collection, use, and disclosure of
PHI. To effectively address privacy
[50]
challenges in the context of ICTs,
policymakers should consider the following
recommendations:
1) Update existing legislation: Policymakers
should review and update existing privacy
laws to address the unique challenges
posed by new technologies in health care,
such as telemedicine, big data analytics,
and AI. Ensure that privacy protection
remains relevant and effective in the face
of rapid technological changes.
2) Harmonize regulations across
jurisdictions: Policymakers should work
toward harmonizing privacy regulations
to create consistent standards and
streamline compliance, especially for
healthcare providers, and organizations
operating across borders. This can reduce
the complexity of navigating different
legal frameworks and promote a more
uniform approach to privacy protection.
3) Strengthen enforcement and oversight:
Policymakers must equip regulatory
agencies with the necessary resources,
expertise, and authority to effectively
monitor compliance with privacy laws,
investigate violations, and impose
meaningful penalties. Enhancing
enforcement capabilities can deter
potential privacy breaches and ensure that
organizations and providers take privacy
protection seriously.
4) Engage stakeholders in the policy-making
process: Involve healthcare providers,
organizations, technology developers,
patients, and other stakeholders in the
development and review of privacy
regulations to ensure that these
frameworks are responsive to the needs
and concerns of all parties involved. This
collaborative approach can promote a
better understanding of privacy issues and
foster the sharing of best practices.

5) Implement PIAs: Require healthcare
organizations and providers to conduct
PIAs to identify and address potential
privacy risks associated with new
technologies, systems, and practices. PIAs
can inform the development of privacy
policies, procedures, and risk mitigation
strategies.
6) Promoting international cooperation:
Collaborating with international partners
and participating in global forums can
help policymakers share experiences,
learn from best practices, and develop
consistent privacy protection standards
across borders. This can ultimately
strengthen privacy protections across the
global healthcare landscape.
7) Promote patient education and
empowerment: Support initiatives that
aim to educate patients about their privacy
rights and choices, helping them make
informed decisions about their health care.
This may involve funding informational
materials, workshops, and seminars, or
providing resources for one-on-one
support to help patients navigate privacy
issues.
b. Recommendations for Healthcare
Providers
Healthcare providers play a crucial role in
protecting health information privacy, as
they are the primary collectors, users, and
custodians of PHI. To effectively address
privacy challenges in the context of ICT and
maintain the trust of patients, healthcare
providers should consider the following
recommendations:
1) Adopt privacy by design: Integrate privacy
considerations into the design and
development of health information
systems, applications, and services from
the outset. Ensure that privacy is a
fundamental aspect of ICT use and that
[51]
E-ISSN: 2503-0841, P-ISSN: 2356-4512
systems are built with privacy protection
in mind.
2) Implement robust security measures:
Develop and maintain strong
cybersecurity measures—including
encryption, access controls, and regular
security audits—to protect PHI from
unauthorized access or misuse. Establish a
culture of security awareness among staff
and provide regular training on privacy
and security best practices.
3) Communicate privacy practices clearly:
Provide patients with clear, concise, and
accessible information about privacy
practices, including how PHI is collected,
used, shared, and protected. Use privacy
notices, consent forms, or other
communication materials that are easy to
understand and readily available to
patients.
4) Offer user-friendly tools for patient
empowerment: Develop and implement
user-friendly tools and platforms that
allow patients to access, manage, and
control their PHI. This may include secure
patient portals, mobile applications, or
EHR systems that provide patients with
the ability to view, download, and
transmit their health data.
5) Engage patients in decision-making:
Involve patients in the development and
implementation of privacy policies,
practices, and technologies to ensure that
their needs, concerns, and preferences are
considered. Encourage patient feedback
and input, and strive to create a more
patient-centered approach to privacy
protection.
6) Perform PIAs to identify and address
potential privacy risks associated with
new technologies, systems, or practices.
Use the insights gained from PIAs to
develop privacy policies, procedures, and
risk mitigation strategies.
Brawijaya Law Journal 10 Vol 1 (2023): 34-58
7) Collaborate with other stakeholders:
Foster collaboration among healthcare
organizations, technology developers, and
other stakeholders to promote best
practices and the development of
innovative privacy-enhancing solutions.
Share experiences, learn from others, and
work together to improve privacy
protection in health care.
c. Recommendations for Individuals
Individuals also play a significant role in
protecting their own health information
privacy. Being proactive, well-informed, and
aware of one’s privacy rights can help
individuals make better decisions about their
care and maintain control over their PHI. To
effectively address privacy challenges in the
context of ICT, individuals should consider
the following recommendations:
1) Stay informed about privacy rights:
Educate yourself about your privacy rights
and the legal protections available in your
jurisdiction. Familiarize yourself with the
privacy policies and practices of
healthcare providers and organizations
you engage with to ensure that you
understand how your PHI is collected,
used, shared, and protected.
2) Engage in open communication with
healthcare providers: Communicate your
privacy concerns, preferences, and
expectations to your healthcare providers.
Make sure that you understand their
privacy practices and ask questions if you
require clarification.
3) Make informed decisions about sharing
PHI: Be cautious and thoughtful when
sharing your PHI with healthcare
providers, organizations, and third parties.
Weigh the potential benefits and risks of
sharing your information and ensure that
you provide informed consent when
required.
[52]
4) Use privacy-enhancing tools: Take
advantage of user-friendly tools and
platforms that allow you to access,
manage, and control your PHI, such as
secure patient portals, mobile
applications, and EHR systems. These
tools can empower you to take an active
role in managing your health information.
5) Practice good digital hygiene: Be
cautious about sharing your PHI online,
especially on social media platforms, and
be vigilant about protecting your digital
identity. Use strong passwords, enable
two-factor authentication when available,
and maintain up-to-date antivirus software
to safeguard your devices and data.
6) Participate in patient advocacy: Get
involved in patient advocacy groups or
initiatives that promote health information
privacy. Share your experiences and
contribute to the development of policies
and practices that better protect privacy
rights for all patients.
7) Seek support and guidance: If you have
concerns about your privacy rights or
believe that your PHI has been
compromised, seek support, and guidance
from privacy experts, legal professionals,
or patient advocacy organizations.
IV. Conclusions
In conclusion, the growing integration of
ICTs into health care has revolutionized how
medical services are delivered, resulting in
numerous benefits, such as improved access,
efficiency, and quality of care. However, this
rapid adoption of ICTs has also raised
significant concerns regarding the right to
health information privacy. Protecting PHI is
crucial for maintaining patients’ trust in
healthcare providers and ensuring the ethical
use of sensitive medical data.

This comprehensive analysis explored the
various aspects of informational privacy in
health care, including the roles of ICTs and
legal frameworks, relevant ethical
considerations, and the challenges to, and
opportunities for protecting privacy. To
safeguard the right to informational privacy,
it is essential for all stakeholders—including
policymakers, healthcare providers, and
individuals—to take proactive measures and
collaborate in developing effective solutions.
This includes adopting privacy by design,
implementing robust security measures,
strengthening legal and regulatory
frameworks, promoting transparency and
patient empowerment, and fostering
international cooperation.
By addressing these challenges and
leveraging the opportunities emerging in this
rapidly evolving landscape, stakeholders can
work together to ensure that the benefits of
ICT adoption in health care are realized
without compromising the privacy rights of
patients. This delicate balance is vital for
creating more resilient, equitable, and
patient-centered healthcare systems that
respect the dignity and autonomy of all
individuals.
REFERENCES
African Union. “African Union Convention
on Cyber Security and Personal Data
Protection.” African Union, June 27,
2014.
https://au.int/en/treaties/african-
union-convention-cyber-security-
and-personal-data-protection.
Alshehri, Suhair, Sumita Mishra, and
Rajendra Raj. “Insider Threat
Mitigation and Access Control in
Healthcare Systems,” May 1, 2013.
https://scholarworks.rit.edu/article/1
401.
[53]
E-ISSN: 2503-0841, P-ISSN: 2356-4512
American Health Information Management
Association (AHIMA). “Privacy and
Security in Healthcare: A Fresh
Look,” 2018.
https://www.ahima.org/-
/media/AHIMA/Files/AHIMA-
Revised-Privacy-Security-
Framework-0118.pdf.
Asia Pacific Economic Cooperation. “APEC
Cross-Border Privacy Rules System.”
Accessed April 15, 2023.
https://cbprs.blob.core.windows.net/f
iles/CBPR%20Policies,%20Rules%2
0and%20Guidelines%20Revised%2
0For%20Posting%203-16.pdf.
———, ed. APEC Privacy Framework.
Singapore: APEC Secretariat, 2017.
Aslan, Aycan, Maike Greve, Till Ole
Diesterhöft, and Lutz M. Kolbe. “Can
Our Health Data Stay Private? A
Review and Future Directions for IS
Research on Privacy-Preserving AI in
Healthcare.” In
Wirtschaftsinformatik 2022
Proceedings, 2022.
https://aisel.aisnet.org/wi2022/digital
_health/digital_health/8/.
Atreja, Ashish, Emamuzo Otobo, Karthik
Ramireddy, and Allyssa Deorocki.
“Remote Patient Monitoring in IBD:
Current State and Future Directions.”
Current Gastroenterology Reports
20, no. 2 (February 2018): 6.
https://doi.org/10.1007/s11894-018-
0611-3.
Australia. Healthcare Identifiers Act (2010).
———. Privacy Act (1988).
Awwalu, Jamilu, Ali Garba Garba, Anahita
Ghazvini, and Rose Atuah. “Artificial
Intelligence in Personalized Medicine
Application of AI Algorithms in
Solving Personalized Medicine
Problems.” International Journal of
Computer Theory and Engineering 7,
Brawijaya Law Journal 10 Vol 1 (2023): 34-58
no. 6 (December 2015): 439–43.
https://doi.org/10.7763/IJCTE.2015.
V7.999.
Balthazar, Patricia, Peter Harri, Adam Prater,
and Nabile M. Safdar. “Protecting
Your Patients’ Interests in the Era of
Big Data, Artificial Intelligence, and
Predictive Analytics.” Journal of the
American College of Radiology 15,
no. 3 (March 2018): 580–86.
https://doi.org/10.1016/j.jacr.2017.1
1.035.
Beauchamp, Tom L., and James F. Childress.
Principles of Biomedical Ethics. 7th
ed. New York: Oxford University
Press, 2013.
Blightman, K, SE Griffiths, and C Danbury.
“Patient Confidentiality: When Can a
Breach Be Justified?” Continuing
Education in Anaesthesia Critical
Care & Pain 14, no. 2 (April 2014):
52–56.
https://doi.org/10.1093/bjaceaccp/mk
t032.
Canada. Personal Information Protection and
Electronic Documents Act (2000).
“CESCR General Comment No. 14: The
Right to the Highest Attainable
Standard of Health (Art. 12).” Office
of the High Commissioner for Human
Rights, August 1, 2000.
https://www.refworld.org/pdfid/4538
838d0.pdf.
Cha, Shi-Cho, Tzu-Yang Hsu, Yang Xiang,
and Kuo-Hui Yeh. “Privacy
Enhancing Technologies in the
Internet of Things: Perspectives and
Challenges.” IEEE Internet of Things
Journal 6, no. 2 (April 2019): 2159–
87.
https://doi.org/10.1109/JIOT.2018.2
878658.
Chan, H.C. Stephen, Hanbin Shan, Thamani
Dahoun, Horst Vogel, and Shuguang
[54]
Yuan. “Advancing Drug Discovery
via Artificial Intelligence.” Trends in
Pharmacological Sciences 40, no. 8
(August 2019): 592–604.
https://doi.org/10.1016/j.tips.2019.06
.004.
CMS.gov. “Electronic Health Records.”
Accessed November 6, 2021.
https://www.cms.gov/Medicare/E-
Health/EHealthRecords.
Council of Europe. “Convention 108 +:
Convention for the Protection of
Individuals with Regard to the
Processing of Personal Data,” 2018.
https://rm.coe.int/convention-108-
convention-for-the-protection-of-
individuals-with-regar/16808b36f1.
Cozzens, Christopher. “The Patchwork
Privacy Problem: How the United
States’ Privacy Regime Fails to
Protect Its Businesses and Data
Subjects.” Seton Hall Law Review 52
(2022): 1157–82.
Czuchaj, Dariusz, Marc Elshof, and Anna
Szczygiel. “Key Challenges of
Artificial Intelligence: AI Privacy
Concerns and the GDPR.” Business
Going Digital (blog), April 2021.
https://www.businessgoing.digital/ke
y-challenges-of-artificial-
intelligence-ai-privacy-concerns-
and-the-gdpr/.
DeCew, Judith Wagner. In Pursuit of
Privacy: Law, Ethics, and the Rise of
Technology. Ithaca: Cornell
University Press, 1997.
Dell’Oro, Kellie, and Jeremy Smith. “Cyber
Security: The Legal View.” AJP: The
Australian Journal of Pharmacy 102,
no. 1203 (March 2021): 72–73.
Dilmaghani, Saharnaz, Matthias R. Brust,
Gregoire Danoy, Natalia Cassagnes,
Johnatan Pecero, and Pascal Bouvry.
“Privacy and Security of Big Data in

AI Systems: A Research and
Standards Perspective.” In 2019
IEEE International Conference on
Big Data (Big Data), 5737–43. Los
Angeles, CA, USA: IEEE, 2019.
https://doi.org/10.1109/BigData4709
0.2019.9006283.
Durnell, Eric, Karynna Okabe-Miyamoto,
Ryan T. Howell, and Martin Zizi.
“Online Privacy Breaches, Offline
Consequences: Construction and
Validation of the Concerns with the
Protection of Informational Privacy
Scale.” International Journal of
Human–Computer Interaction 36,
no. 19 (November 25, 2020): 1834–
48.
https://doi.org/10.1080/10447318.20
20.1794626.
“Enforcement of Privacy and Data Protection
Laws.” Accessed June 28, 2023.
https://www.unodc.org/e4j/en/cyberc
rime/module-10/key-
issues/enforcement-of-privacy-and-
data-protection-laws.html.
European Union. General Data Protection
Regulation (2016).
Faden, Ruth R., Nancy E. Kass, Steven N.
Goodman, Peter Pronovost, Sean
Tunis, and Tom L. Beauchamp. “An
Ethics Framework for a Learning
Health Care System: A Departure
from Traditional Research Ethics and
Clinical Ethics.” Hastings Center
Report 43, no. s1 (January 2013):
S16–27.
https://doi.org/10.1002/hast.134.
Farias, Frederico Arriaga Criscuoli de,
Carolina Matté Dagostini, Yan de
Assunção Bicca, Vincenzo Fin
Falavigna, and Asdrubal Falavigna.
“Remote Patient Monitoring: A
Systematic Review.” Telemedicine
and E-Health 26, no. 5 (May 1,
[55]
E-ISSN: 2503-0841, P-ISSN: 2356-4512
2020): 576–83.
https://doi.org/10.1089/tmj.2019.006
6.
Faria, Paula Lobato De, and João Valente
Cordeiro. “Health Data Privacy and
Confidentiality Rights: Crisis or
Redemption?” Revista Portuguesa de
Saúde Pública 32, no. 2 (July 2014):
123–33.
https://doi.org/10.1016/j.rpsp.2014.1
0.001.
Fernando, Juanita I., and Linda L. Dawson.
“The Health Information System
Security Threat Lifecycle: An
Informatics Theory.” International
Journal of Medical Informatics 78,
no. 12 (December 2009): 815–26.
https://doi.org/10.1016/j.ijmedinf.20
09.08.006.
Glover, Wiljeana Jackson, Zhi Li, and
Dessislava Pachamanova. “The AI-
Enhanced Future of Health Care
Administrative Task Management.”
NEJM Catalyst, March 3, 2022.
https://catalyst.nejm.org/doi/full/10.1
056/CAT.21.0355.
Gostin, Lawrence O. “Health Information:
Reconciling Personal Privacy with
the Public Good of Human Health.”
Health Care Analysis 9, no. 3
(October 1, 2001): 321–35.
https://doi.org/10.1023/A:101290593
2744.
HealthIT.gov. “What Are the Advantages of
Electronic Health Records?”
Accessed March 24, 2023.
https://www.healthit.gov/faq/what-
are-advantages-electronic-health-
records.
James, Nivedita. “80+ Healthcare Data
Breach Statistics 2023.” Astra (blog),
April 4, 2023.
https://www.getastra.com/blog/secur
Brawijaya Law Journal 10 Vol 1 (2023): 34-58
ity-audit/healthcare-data-breach-
statistics/.
Jeon, Hyesoo, and Changjun Lee. “Internet
of Things Technology: Balancing
Privacy Concerns with
Convenience.” Telematics and
Informatics 70 (May 2022): 101816.
https://doi.org/10.1016/j.tele.2022.10
1816.
Jordan, Sara, Clara Fontaine, and Rachele
Hendricks-Sturrup. “Selecting
Privacy-Enhancing Technologies for
Managing Health Data Use.”
Frontiers in Public Health 10 (March
16, 2022).
https://doi.org/10.3389/fpubh.2022.8
14163.
Jotterand, Fabrice, Ryan Spellecy, Mary
Homan, and Arthur R Derse.
“Promoting Equity in Health Care
through Human Flourishing, Justice,
and Solidarity.” The Journal of
Medicine and Philosophy: A Forum
for Bioethics and Philosophy of
Medicine 48, no. 1 (February 17,
2023): 98–109.
https://doi.org/10.1093/jmp/jhac015.
Khan, Shahidul Islam, and Abu Sayed Md.
Latiful Hoque. “Digital Health Data:
A Comprehensive Review of Privacy
and Security Risks and Some
Recommendations.” Computer
Science Journal of Moldova 24, no. 2
(2016): 273–92.
Kharisma, Dona Budi, and Alvalerie
Diakanza. “Patient Personal Data
Protection: Comparing the Health-
Care Regulations in Indonesia,
Singapore and the European Union.”
International Journal of Human
Rights in Healthcare, September 6,
2022.
https://doi.org/10.1108/IJHRH-04-
2022-0035.
[56]
Kruse, Clemens Scott, and Amanda Beane.
“Health Information Technology
Continues to Show Positive Effect on
Medical Outcomes: Systematic
Review.” Journal of Medical Internet
Research 20, no. 2 (February 5,
2018).
https://doi.org/10.2196/jmir.8793.
Kruse, Clemens Scott, Rishi Goswamy,
Yesha Raval, and Sarah Marawi.
“Challenges and Opportunities of Big
Data in Health Care: A Systematic
Review.” JMIR Medical Informatics
4, no. 4 (November 21, 2016).
https://doi.org/10.2196/medinform.5
359.
Kruse CS, Mileski M, Vijaykumar AG,
Viswanathan SV, Suskandla U,
Chidambaram Y, “Impact of
electronic health records on long-
term care facilities: systematic
review.” JMIR Med Inform, 2017;e35
Kuner, C., F. H. Cate, C. Millard, and D. J.
B. Svantesson. “The Challenge of
‘big Data’ for Data Protection.”
International Data Privacy Law 2,
no. 2 (May 1, 2012): 47–49.
https://doi.org/10.1093/idpl/ips003.
Law No. 27 of 2022 on Personal Data
Protection (2022).
Mair, F. “Systematic Review of Studies of
Patient Satisfaction with
Telemedicine”. BMJ 320, no. 7248 (3
June 2000): 1517–20.
https://doi.org/10.1136/bmj.320.724
8.1517.
Mechanic, Oren J., Yudy Persaud, and Alexa
B. Kimball. “Telehealth Systems.” In
StatPearls. Treasure Island (FL):
StatPearls Publishing, 2021.
http://www.ncbi.nlm.nih.gov/books/
NBK459384/.
Mello, Michelle M., Julia Adler-Milstein,
Karen L. Ding, and Lucia Savage.

“Legal Barriers to the Growth of
Health Information Exchange-
Boulders or Pebbles?: Legal Barriers
to the Growth of HIE.” The Milbank
Quarterly 96, no. 1 (March 2018):
110–43.
https://doi.org/10.1111/1468-
0009.12313.
Milton, Constance L. “The Ethics of Big
Data and Nursing Science.” Nursing
Science Quarterly 30, no. 4 (October
2017): 300–302.
https://doi.org/10.1177/08943184177
24474.
Naik, Nithesh, B. M. Zeeshan Hameed,
Dasharathraj K. Shetty, Dishant
Swain, Milap Shah, Rahul Paul,
Kaivalya Aggarwal, et al. “Legal and
Ethical Consideration in Artificial
Intelligence in Healthcare: Who
Takes Responsibility?” Frontiers in
Surgery 9 (March 14, 2022).
https://doi.org/10.3389/fsurg.2022.8
62322.
National Institute of Standards and
Technology. “Framework for
Improving Critical Infrastructure
Cybersecurity.” National Institute of
Standards and Technology, February
12, 2014.
https://www.nist.gov/system/files/do
cuments/cyberframework/cybersecur
ity-framework-021214.pdf.
Office of the Privacy Commissioner of
Canada. “Guidelines for Processing
Personal Data across Borders,” 2009.
https://www.priv.gc.ca/en/privacy-
topics/airports-and-
borders/gl_dab_090127/.
Palm, Willy, Herman Nys, David Townend,
David Shaw, Timo Clemens, and
Helmut Brand. ‘Patients’ Rights:
From Recognition to
Implementation’. In Achieving
[57]
E-ISSN: 2503-0841, P-ISSN: 2356-4512
Person-Centred Health Systems, by
Jonathan North, 347–86. edited by
Ellen Nolte, Sherry Merkur, and
Anders Anell, 1st ed. Cambridge
University Press, 2020.
https://doi.org/10.1017/97811088554
64.016.
Quach, Sara, Park Thaichon, Kelly D.
Martin, Scott Weaven, and Robert W.
Palmatier. “Digital Technologies:
Tensions in Privacy and Data.”
Journal of the Academy of Marketing
Science 50, no. 6 (November 2022):
1299–1323.
https://doi.org/10.1007/s11747-022-
00845-y.
Raghupathi, Wullianallur, and Viju
Raghupathi. “Big Data Analytics in
Healthcare: Promise and Potential.”
Health Information Science and
Systems 2, no. 1 (February 7, 2014):
3. https://doi.org/10.1186/2047-
2501-2-3.
Rowe, Michael. “Information and
Communication Technology in
Health: A Review of the Literature.”
Journal of Clinical and Health
Sciences 3, no. 1 (2008): 68–77.
Sadoughi, Farahnaz, and Leila Erfannia.
“Health Information System in a
Cloud Computing Context.” In
Health Informatics Meets EHealth:
Digital Insight--Information-Driven
Health & Care: Proceedings of the
11th EHealth2017 Conference,
edited by Dieter Hayn and Günter
Schreier, 290–97. Studies in Health
Technology and Informatics, volume
236. Amsterdam ; Washington, DC:
IOS Press, 2017.
Seh, Adil Hussain, Mohammad Zarour,
Mamdouh Alenezi, Amal Krishna
Sarkar, Alka Agrawal, Rajeev
Kumar, and Raees Ahmad Khan.
Brawijaya Law Journal 10 Vol 1 (2023): 34-58
‘Healthcare Data Breaches: Insights
and Implications’. Healthcare 8, no.
2 (13 May 2020): 133.
https://doi.org/10.3390/healthcare80
20133.
Solove, Daniel J. Understanding Privacy.
Cambridge, Mass: Harvard
University Press, 2008.
Sotnikov, Ilia. “Simplifying Third-Party Risk
Management.” Risk Management 66,
no. 7 (August 2019): 8–9.
Spence, Nikki, Niharika Bhardwaj, David P
Paul, and Alberto Coustasse.
“Ransomware in Healthcare
Facilities: A Harbinger of the
Future?” Perspectives in Health
Information Management Summer
2018 (2018): 1–22.
Tagde, Priti, Sandeep Tagde, Tanima
Bhattacharya, Pooja Tagde, Hitesh
Chopra, Rokeya Akter, Deepak
Kaushik, and Md. Habibur Rahman.
“Blockchain and Artificial
Intelligence Technology in E-
Health.” Environmental Science and
Pollution Research 28, no. 38
(October 2021): 52810–31.
https://doi.org/10.1007/s11356-021-
16223-0
Tauber, Alfred I. Patient Autonomy and the
Ethics of Responsibility. Basic
Bioethics. Cambridge, Mass: MIT
Press, 2005.
https://archive.org/details/patientauto
nomye0000taub.
UK. Data Protection Act (2018).
https://www.legislation.gov.uk/ukpg
a/2018/12/contents.
Ullman, Thomas A, and Ashish Atreja.
“Building Evidence for Care beyond
the Medical Centre.” The Lancet 390,
no. 10098 (September 2017): 919–
[58]
20. https://doi.org/10.1016/S0140-
6736(17)31857-3.
Upadhyay, Soumya, and Han-fen Hu. ‘A
Qualitative Analysis of the Impact of
Electronic Health Records (Ehr) on
Healthcare Quality and Safety:
Clinicians’ Lived Experiences’.
Health Services Insights 15 (January
2022): 117863292110707.
https://doi.org/10.1177/11786329211
070722.
United Nations. International Covenant on
Civil and Political Rights (1966).
———. Universal Declaration of Human
Rights (1948).
https://www.un.org/en/about-
us/universal-declaration-of-human-
rights.
USA. Health Insurance Portability and
Accountability Act (1996).
Weinhardt, Michael. “Big Data: Some
Ethical Concerns for the Social
Sciences.” Social Sciences 10, no. 2
(January 24, 2021).
https://doi.org/10.3390/socsci100200
36.
WHO Group Consultation on Health
Telematics. “A Health Telematics
Policy in Support of WHO’s Health-
For-All Strategy for Global Health
Development: Report of the WHO
Group Consultation on Health
Telematics.” World Health
Organization (Geneva, Switzerland),
1997.
https://apps.who.int/iris/handle/1066
5/63857.
Wright, David. “The State of the Art in
Privacy Impact Assessment.”
Computer Law & Security Review 28,
no. 1 (February 2012): 54–61.
https://doi.org/10.1016/j.clsr.2011.11
.007.