Professional Documents
Culture Documents
DOI: http://doi.org/10.21776/ub.blj.2023.010.01.03
Submitted: 2023-03-04 | Revised: 2023-04-26 | Accepted: 2023-04-28 | Published: 2023-04-30
How to Cite : Jose, Nandu Sam. “Information and Communication Technologies and the Right to Informational Privacy in Health Care: A
Comprehensive Analysis.” Brawijaya Law Journal 10, no. 1 (2023): 34-58. http://doi.org/10.21776/ub.blj.2023.010.01.03.
Copyright (c) 2023 Brawijaya Law Journal. All Rights Reserved.
Abstract: The rapid integration of information and communication technologies (ICTs) into the
healthcare field has led to significant advancements, including the development of electronic health
records, telemedicine, big data analytics, and artificial intelligence. These technologies have
revolutionized medical care by improving accessibility, enhancing quality, and facilitating personalized
treatments. However, with these advancements, the issue of health information privacy has become
increasingly prominent. This article examines the interplay between ICTs and the right to informational
privacy in the healthcare field. More specifically, it explores the core principles of informational privacy
by outlining its legal and ethical facets while also underscoring the importance of maintaining the
confidentiality and security of personal health information (PHI). The essay also examines the
challenges threatening informational privacy—including data breaches, inadequate regulatory
frameworks, and ethical dilemmas surrounding big data and AI. Simultaneously, the article identifies
opportunities for enhancing privacy protections, including introducing technological innovations, and
strengthening legal and regulatory frameworks. The piece also offers practical recommendations for
various stakeholders—such as policymakers, healthcare providers, and individuals—for ensuring the
protection of PHI. In conclusion, this article emphasizes the importance of striking a delicate balance
between leveraging the benefits of ICTs and protecting informational privacy, which is a prerequisite
for fostering a resilient, equitable, and patient-centered healthcare system.
incidents and debates have highlighted the In elucidating these challenges, the article
urgent need for an in-depth analysis of the also uncovers opportunities for bolstering
tensions between the use of these privacy protections in the face of the ongoing
technologies and the safeguarding of health digital transformation. It culminates by
information privacy.1 For instance, the offering well-founded recommendations for
increased frequency, and sophistication of various stakeholders, including
data breaches raise serious concerns about policymakers, healthcare providers, and
the security and confidentiality of PHI. 2 For individuals. These actionable insights aim to
example, in 2021, data belonging to 230,000 safeguard the right to informational privacy,
patients diagnosed with COVID-19 was ensuring a balanced approach to ICT
illegally accessed and subsequently sold on a implementation that reaps its myriad benefits
dark web forum known as Rapid Forums.3 without compromising the fundamental
Furthermore, the growing use of artificial privacy rights of patients.
intelligence (AI) and big data in health care,
though promising, has exacerbated concerns II. Legal Materials & Method
over privacy.4 Against this backdrop, this
article seeks to provide a comprehensive This study employs doctrinal legal analysis,
analysis of the complex relationship between and a thorough review of relevant literature,
ICTs and the right to informational privacy in including academic articles, research papers,
health care. It explores the multifaceted role reports, and legal documents, was conducted
of ICTs in health care, detailing how different to gain an understanding of the current state
technologies, such as electronic health of ICTs in health care, the concept of
records, telemedicine, big data analytics, and informational privacy, and the challenges,
artificial intelligence (AI), can impact and opportunities associated with privacy
privacy. Furthermore, the article navigates protection. Subsequently, key concepts, and
the legal and ethical frameworks that govern issues related to ICTs and health information
informational privacy, spotlighting their role privacy were identified and organized into a
in the protection of PHI in an increasingly coherent structure. On this basis, the analysis
digital healthcare landscape. was divided into multiple sections to address
different aspects of the topic, including the
role of ICTs, legal frameworks, ethical
1
Sara Quach et al., “Digital Technologies: Tensions and the European Union,” International Journal of
in Privacy and Data,” Journal of the Academy of Human Rights in Healthcare September (2022),
Marketing Science 50, no. 6 (2022): 1299–1323, https://doi.org/10.1108/IJHRH-04-2022-0035.
4
https://doi.org/10.1007/s11747-022-00845-y; Eric Dariusz Czuchaj, Marc Elshof, and Anna
Durnell et al., “Online Privacy Breaches, Offline Szczygiel, “Key Challenges of Artificial
Consequences: Construction and Validation of the Intelligence: AI Privacy Concerns and the GDPR,”
Concerns with the Protection of Informational Business Going Digital, 2021,
Privacy Scale,” International Journal of Human– https://www.businessgoing.digital/key-
Computer Interaction 36, no. 19 (2020): 1834–48, challenges-of-artificial-intelligence-ai-privacy-
https://doi.org/10.1080/10447318.2020.1794626. concerns-and-the-gdpr/; Saharnaz Dilmaghani et
2
Nivedita James, “80+ Healthcare Data Breach al., “Privacy and Security of Big Data in AI
Statistics 2023,” Astra, 2023, Systems: A Research and Standards Perspective,”
https://www.getastra.com/blog/security- in IEEE International Conference on Big Data
audit/healthcare-data-breach-statistics/. (Big Data) (Los Angeles: IEEE, 2019), 5737–43,
3
Dona Budi Kharisma and Alvalerie Diakanza, https://doi.org/10.1109/BigData47090.2019.9006
“Patient Personal Data Protection: Comparing the 283.
Health-Care Regulations in Indonesia, Singapore
[35]
Brawijaya Law Journal 10 Vol 1 (2023): 34-58
5
Clemens Scott Kruse and Amanda Beane, “Health https://www.cms.gov/Medicare/E-
Information Technology Continues to Show Health/EHealthRecords.
Positive Effect on Medical Outcomes: Systematic 7
Kruse CS et al., “Impact of Electronic Health
Review,” Journal of Medical Internet Research Records on Long-Term Care Facilities: Systematic
20, no. 2 (2018): 1–9, Review,” JMIR Med Inform, 2017; e35. Accesed
https://doi.org/10.2196/jmir.8793; Michael Rowe, from Soumya Upadhyay and Han-fen Hu, “A
“Information and Communication Technology in Qualitative Analysis of the Impact of Electronic
Health: A Review of the Literature,” Journal of Health Records (Ehr) on Healthcare Quality and
Clinical and Health Sciences 3, no. 1 (2008): 68– Safety: Clinicians’ Lived Experiences,” Health
77. Services Insights 15 (2022),
6
“Electronic Health Records,” CMS.gov, accessed https://doi.org/10.1177/11786329211070722.
November 6, 2021,
[36]
E-ISSN: 2503-0841, P-ISSN: 2356-4512
they can review their records, track health healthcare costs by decreasing the need
data, and communicate with healthcare for in-person visits, saving patients time,
providers. Electronic health records also and money on travel while lowering
support public health initiatives and medical overhead costs for healthcare providers.10
research by providing large-scale, Telemedicine also improves patient
anonymized datasets for identifying trends, outcomes, enabling faster diagnoses, and
tracking disease outbreaks, and evaluating treatment and better continuity of care,
the effectiveness of interventions and particularly for patients with chronic
treatments.8 conditions. By facilitating more frequent
follow-ups and better communication
b. Telemedicine and Remote Patient
between patients and healthcare
Monitoring
providers, telemedicine can improve
Telemedicine and remote patient monitoring patient outcomes and overall quality of
are two key ICT applications that have care.11
significantly expanded the reach and 2) Remote patient monitoring (RPM)
efficiency of healthcare services. They involves the use of digital technologies,
leverage digital communication tools and such as wearable devices, mobile
devices to provide medical care and applications, and home monitoring
monitoring to patients without the need for equipment, to continuously collect, and
in-person visits: transmit patient health data to healthcare
1) Telemedicine involves the use of ICTs, providers12. Remote patient monitoring
such as video conferencing, mobile also allows for early intervention and
applications, and secure messaging, to better disease management by providing
enable healthcare providers to consult, real-time health data to healthcare
diagnose, treat, and monitor patients providers.13 This enables healthcare
remotely.9 Telemedicine offers several practitioners to detect potential issues
benefits, including increased access to early and adjust treatment plans
care for patients living in remote, rural, or accordingly, leading to better disease
underserved areas who may experience management and overall patient
difficulty accessing medical services. outcomes. Additionally, RPM can
Additionally, telemedicine can reduce empower patients to take an active role in
their health care by tracking their health
8
“What Are the Advantages of Electronic Health Neck Surgery 165, no. 2 (2021): 239–43,
Records?,” HealthIT.gov, accessed March 24, https://doi.org/10.1177/0194599820983330.
11
2023, https://www.healthit.gov/faq/what-are- WHO Group Consultation on Health Telematics,
advantages-electronic-health-records. “A Health Telematics Policy in Support of WHO’s
9
Oren J. Mechanic, Yudy Persaud, and Alexa B. Health-For-All Strategy for Global Health
Kimball, Telehealth Systems, StatPearls (Treasure Development: Report of the WHO Group
Island (FL) (StatPearls Publishing, 2021), Consultation on Health Telematics” (Geneva,
http://www.ncbi.nlm.nih.gov/books/NBK459384/ Switzerland, 1997),
. https://apps.who.int/iris/handle/10665/63857.
10
F. Mair, “Systematic Review of Studies of Patient 12
Mechanic, Persaud, and Kimball, Telehealth
Satisfaction with Telemedicine,” BMJ 320, no. Systems.
13
7248 (2000): 1517–20, Frederico Arriaga Criscuoli de Farias et al.,
https://doi.org/10.1136/bmj.320.7248.1517; See “Remote Patient Monitoring: A Systematic
also: Steven D. Losorelli et al., “The Future of Review,” Telemedicine and E-Health 26, no. 5
Telemedicine: Revolutionizing Health Care or (2020): 576,
Flash in the Pan?,” Otolaryngology–Head and https://doi.org/10.1089/tmj.2019.0066.
[37]
Brawijaya Law Journal 10 Vol 1 (2023): 34-58
14
Ashish Atreja et al., “Remote Patient Monitoring 18
Jamilu Awwalu et al., “Artificial Intelligence in
in IBD: Current State and Future Directions,” Personalized Medicine Application of AI
Current Gastroenterology Reports 20, no. 2 Algorithms in Solving Personalized Medicine
(2018): 6, https://doi.org/10.1007/s11894-018- Problems,” International Journal of Computer
0611-3. Theory and Engineering 7, no. 6 (December
15
Thomas A Ullman and Ashish Atreja, “Building 2015): 439–43,
Evidence for Care beyond the Medical Centre,” https://doi.org/10.7763/IJCTE.2015.V7.999.
19
The Lancet 390, no. 10098 (2017): 919–20, Awwalu et al.
https://doi.org/10.1016/S0140-6736(17)31857-3. 20
H.C. Stephen Chan et al., “Advancing Drug
16
Wullianallur Raghupathi and Viju Raghupathi, Discovery via Artificial Intelligence,” Trends in
“Big Data Analytics in Healthcare: Promise and Pharmacological Sciences 40, no. 8 (August
Potential,” Health Information Science and 2019): 592–604,
Systems 2, no. 1 (February 7, 2014): 3, https://doi.org/10.1016/j.tips.2019.06.004.
21
https://doi.org/10.1186/2047-2501-2-3. Wiljeana Jackson Glover, Zhi Li, and Dessislava
17
Patricia Balthazar et al., “Protecting Your Patients’ Pachamanova, “The AI-Enhanced Future of
Interests in the Era of Big Data, Artificial Health Care Administrative Task Management,”
Intelligence, and Predictive Analytics,” Journal of NEJM Catalyst, March 3, 2022,
the American College of Radiology 15, no. 3 https://catalyst.nejm.org/doi/full/10.1056/CAT.21
(March 2018): 580–86, .0355.
https://doi.org/10.1016/j.jacr.2017.11.035.
[38]
E-ISSN: 2503-0841, P-ISSN: 2356-4512
22
Faria, Paula Lobato De, and João Valente Good of Human Health,” Health Care Analysis 9,
Cordeiro. ‘Health Data Privacy and no. 3 (October 1, 2001): 322,
Confidentiality Rights: Crisis or Redemption?’ https://doi.org/10.1023/A:1012905932744.
26
Revista Portuguesa de Saúde Pública 32, no. 2 Judith Wagner DeCew, In Pursuit of Privacy:
(July 2014): 123–33. Law, Ethics, and the Rise of Technology (Ithaca:
https://doi.org/10.1016/j.rpsp.2014.10.001. Cornell University Press, 1997), 143–44.
23
“CESCR General Comment No. 14: The Right to 27
Tom L. Beauchamp and James F. Childress,
the Highest Attainable Standard of Health (Art. Principles of Biomedical Ethics, 7th ed (New
12)” (Office of the High Commissioner for Human York: Oxford University Press, 2013), 120=24.
28
Rights, August 1, 2000), National Institute of Standards and Technology,
https://www.refworld.org/pdfid/4538838d0.pdf. “Framework for Improving Critical Infrastructure
24
Daniel J. Solove, Understanding Privacy Cybersecurity” (National Institute of Standards
(Cambridge, Mass: Harvard University Press, and Technology, February 12, 2014),
2008), 4. https://www.nist.gov/system/files/documents/cyb
25
Lawrence O. Gostin, “Health Information: erframework/cybersecurity-framework-
Reconciling Personal Privacy with the Public 021214.pdf.
[39]
Brawijaya Law Journal 10 Vol 1 (2023): 34-58
29
Office of the Privacy Commissioner of Canada, /media/AHIMA/Files/AHIMA-Revised-Privacy-
“Guidelines for Processing Personal Data across Security-Framework-0118.pdf.
Borders,” 2009, 31
Palm, Willy, Herman Nys, David Townend, David
https://www.priv.gc.ca/en/privacy-topics/airports- Shaw, Timo Clemens, and Helmut Brand.
and-borders/gl_dab_090127/. ‘Patients’ Rights: From Recognition to
30
American Health Information Management Implementation’. In Achieving Person-Centred
Association (AHIMA), “Privacy and Security in Health Systems, by Jonathan North, 347–86. edited
Healthcare: A Fresh Look,” 2018, by Ellen Nolte, Sherry Merkur, and Anders Anell,
https://www.ahima.org/- 1st ed. Cambridge University Press, 2020.
https://doi.org/10.1017/9781108855464.016.
[40]
E-ISSN: 2503-0841, P-ISSN: 2356-4512
32
United Nations, “Universal Declaration of Human the-protection-of-individuals-with-
Rights” (1948), https://www.un.org/en/about- regar/16808b36f1.
36
us/universal-declaration-of-human-rights. Asia Pacific Economic Cooperation, ed., APEC
33
United Nations, “International Covenant on Civil Privacy Framework (Singapore: APEC
and Political Rights” (1966). Secretariat, 2017).
34
European Union, “General Data Protection 37
Asia Pacific Economic Cooperation, “APEC
Regulation” (2016). Cross-Border Privacy Rules System,” accessed
35
Council of Europe, “Convention 108 +: April 15, 2023,
Convention for the Protection of Individuals with https://cbprs.blob.core.windows.net/files/CBPR%
Regard to the Processing of Personal Data,” 2018, 20Policies,%20Rules%20and%20Guidelines%20
https://rm.coe.int/convention-108-convention-for- Revised%20For%20Posting%203-16.pdf.
[41]
Brawijaya Law Journal 10 Vol 1 (2023): 34-58
38
African Union, “African Union Convention on 42
Australia, “Healthcare Identifiers Act” (2010).
Cyber Security and Personal Data Protection” 43
UK, “Data Protection Act” (2018),
(African Union, June 27, 2014), https://www.legislation.gov.uk/ukpga/2018/12/co
https://au.int/en/treaties/african-union- ntents.
convention-cyber-security-and-personal-data- 44
“Law No. 27 of 2022 on Personal Data Protection”
protection. (2022).
39
USA, “Health Insurance Portability and 45
Alfred I. Tauber, Patient Autonomy and the Ethics
Accountability Act” (1996). of Responsibility, Basic Bioethics (Cambridge,
40
Canada, “Personal Information Protection and Mass: MIT Press, 2005), 59–60,
Electronic Documents Act” (2000). https://archive.org/details/patientautonomye0000t
41
Australia, “Privacy Act” (1988). aub.
[42]
E-ISSN: 2503-0841, P-ISSN: 2356-4512
46
K Blightman, SE Griffiths, and C Danbury, Philosophy: A Forum for Bioethics and
“Patient Confidentiality: When Can a Breach Be Philosophy of Medicine 48, no. 1 (February 17,
Justified?,” Continuing Education in Anaesthesia 2023): 98–109,
Critical Care & Pain 14, no. 2 (April 2014): 52– https://doi.org/10.1093/jmp/jhac015.
56, https://doi.org/10.1093/bjaceaccp/mkt032. 49
Ruth R. Faden et al., “An Ethics Framework for a
47
Beauchamp and Childress, Principles of Learning Health Care System: A Departure from
Biomedical Ethics, 150, 202. Traditional Research Ethics and Clinical Ethics,”
48
Fabrice Jotterand et al., “Promoting Equity in Hastings Center Report 43, no. s1 (January 2013):
Health Care through Human Flourishing, Justice, S16–27, https://doi.org/10.1002/hast.134.
and Solidarity,” The Journal of Medicine and
[43]
Brawijaya Law Journal 10 Vol 1 (2023): 34-58
50
See Also: Seh, Adil Hussain, Mohammad Zarour, volume 236 (eHealth Conference, Amsterdam;
Mamdouh Alenezi, Amal Krishna Sarkar, Alka Washington, DC: IOS Press, 2017), 295.
Agrawal, Rajeev Kumar, and Raees Ahmad Khan. 53
Kellie Dell’Oro and Jeremy Smith, “Cyber
‘Healthcare Data Breaches: Insights and Security: The Legal View,” AJP: The Australian
Implications’. Healthcare 8, no. 2 (13 May 2020): Journal of Pharmacy 102, no. 1203 (March 2021):
133. https://doi.org/10.3390/healthcare8020133. 72.
51
Shahidul Islam Khan and Abu Sayed Md. Latiful 54
Ilia Sotnikov, “Simplifying Third-Party Risk
Hoque, “Digital Health Data: A Comprehensive Management,” Risk Management 66, no. 7
Review of Privacy and Security Risks and Some (August 2019): 8.
Recommendations,” Computer Science Journal of 55
Nikki Spence et al., “Ransomware in Healthcare
Moldova 24, no. 2 (2016): 274–75. Facilities: A Harbinger of the Future?,”
52
Farahnaz Sadoughi and Leila Erfannia, “Health Perspectives in Health Information Management
Information System in a Cloud Computing Summer 2018 (2018): 1–2.
Context,” in Health Informatics Meets EHealth: 56
Suhair Alshehri, Sumita Mishra, and Rajendra Raj,
Digital Insight--Information-Driven Health & “Insider Threat Mitigation and Access Control in
Care: Proceedings of the 11th EHealth2017 Healthcare Systems,” May 1, 2013,
Conference, ed. Dieter Hayn and Günter Schreier, https://scholarworks.rit.edu/article/1401.
Studies in Health Technology and Informatics,
[44]
E-ISSN: 2503-0841, P-ISSN: 2356-4512
57
Juanita I. Fernando and Linda L. Dawson, “The 59
“Enforcement of Privacy and Data Protection
Health Information System Security Threat Laws,” accessed June 28, 2023,
Lifecycle: An Informatics Theory,” International https://www.unodc.org/e4j/en/cybercrime/module
Journal of Medical Informatics 78, no. 12 -10/key-issues/enforcement-of-privacy-and-data-
(December 2009): 815–26, protection-laws.html.
https://doi.org/10.1016/j.ijmedinf.2009.08.006. 60
Hyesoo Jeon and Changjun Lee, “Internet of
58
C. Kuner et al., “The Challenge of ‘big Data’ for Things Technology: Balancing Privacy Concerns
Data Protection,” International Data Privacy Law with Convenience,” Telematics and Informatics 70
2, no. 2 (May 1, 2012): 47–49, (May 2022): 101816,
https://doi.org/10.1093/idpl/ips003. https://doi.org/10.1016/j.tele.2022.101816.
[45]
Brawijaya Law Journal 10 Vol 1 (2023): 34-58
and data aggregation, and re-identification.61 ethical dilemmas in big data and AI are as
Inadequate consent mechanisms can result in follows:
patients being insufficiently informed or 1) Informed consent and data ownership.
possessing little control over how their PHI Big data and AI often involve the
is shared or accessed by third parties. collection, analysis, and sharing of large
Unauthorized access to PHI can lead to
amounts of PHI, which can defy
privacy invasion, identity theft, and other traditional notions of informed consent
harm. Moreover, third parties may use PHI and data ownership.62 Ensuring that
for purposes beyond the original intent of its patients maintain control over their data
collection, such as marketing, research, or and understand the potential implications
profiling, raising additional privacy of its use for big data and AI applications
concerns. Combining different data sets and can be complex and challenging.
sources, including PHI datasets, can 2) Bias and discrimination. AI algorithms
potentially lead to the re-identification of can inadvertently perpetuate or exacerbate
individuals even when data has been existing biases present in the data they are
anonymized. Addressing these issues
trained on, leading to unfair, or
requires implementing appropriate consent discriminatory outcomes for certain
mechanisms, ensuring adequate security individuals or groups.63 Addressing these
measures, limiting data access, and biases requires careful consideration of
maintaining transparency, and accountability the data used to train AI models and the
in data-sharing practices. development of strategies to mitigate
d. Ethical Dilemmas in Big Data and potential biases in algorithmic decision-
Artificial Intelligence making.
3) Privacy and de-identification. Big data
There are numerous potential benefits to
and AI can enable the aggregation and
using big data and AI in health care,
including improved diagnostics, analysis of vast amounts of PHI, often
from multiple sources. Therefore,
personalized treatment plans, and enhanced
ensuring the privacy of data and
efficiency. However, these technologies also
preventing the re-identification of
raise several ethical dilemmas related to
individuals can be challenging,
informational privacy and more. Addressing
particularly given the rapidly evolving
these dilemmas is essential for ensuring that
nature of techniques and technologies.64
the adoption of big data and AI aligns with
4) Transparency and explainability. AI
the values of the medical profession and
algorithms can be complex and opaque,
respects patients’ rights. Some of the key
making it difficult for patients, healthcare
61
Michelle M. Mello et al., “Legal Barriers to the 63
Nithesh Naik et al., “Legal and Ethical
Growth of Health Information Exchange-Boulders Consideration in Artificial Intelligence in
or Pebbles?: Legal Barriers to the Growth of HIE,” Healthcare: Who Takes Responsibility?,”
The Milbank Quarterly 96, no. 1 (March 2018): Frontiers in Surgery 9 (March 14, 2022),
110–43, https://doi.org/10.1111/1468- https://doi.org/10.3389/fsurg.2022.862322.
0009.12313. 64
Michael Weinhardt, “Big Data: Some Ethical
62
Constance L. Milton, “The Ethics of Big Data and Concerns for the Social Sciences,” Social Sciences
Nursing Science,” Nursing Science Quarterly 30, 10, no. 2 (January 24, 2021),
no. 4 (October 2017): 300–301, https://doi.org/10.3390/socsci10020036.
https://doi.org/10.1177/0894318417724474.
[46]
E-ISSN: 2503-0841, P-ISSN: 2356-4512
65
Clemens Scott Kruse et al., “Challenges and Jordan, Clara Fontaine, and Rachele Hendricks-
Opportunities of Big Data in Health Care: A Sturrup, “Selecting Privacy-Enhancing
Systematic Review,” JMIR Medical Informatics 4, Technologies for Managing Health Data Use,”
no. 4 (November 21, 2016), Frontiers in Public Health 10 (March 16, 2022),
https://doi.org/10.2196/medinform.5359. https://doi.org/10.3389/fpubh.2022.814163.
66
Kruse et al. 68
Priti Tagde et al., “Blockchain and Artificial
67
Shi-Cho Cha et al., “Privacy Enhancing Intelligence Technology in E-Health,”
Technologies in the Internet of Things: Environmental Science and Pollution Research
Perspectives and Challenges,” IEEE Internet of 28, no. 38 (October 2021): 52810–31,
Things Journal 6, no. 2 (April 2019): 2159–87, https://doi.org/10.1007/s11356-021-16223-0.
https://doi.org/10.1109/JIOT.2018.2878658; Sara
[47]
Brawijaya Law Journal 10 Vol 1 (2023): 34-58
or revoke access to one’s personal health of patient data, claims, and transactions
data. without disclosing sensitive information.
3) Secure multi-party computation (SMPC) b. Strengthening Legal and Regulatory
is a cryptographic technique that enables Frameworks
multiple parties to jointly compute a
function on their inputs while keeping Strengthening legal and regulatory
those inputs private.69 In health care, frameworks is crucial for protecting health
SMPC can enable privacy-preserving data information privacy, as these frameworks
analysis, allowing organizations to establish rules and guidelines governing the
collaborate on research or analytics collection, use, and disclosure of PHI. A
projects without directly sharing sensitive robust legal and regulatory framework can
patient data. help ensure that the privacy rights of patients
4) Federated learning is a machine learning are respected and that healthcare
approach that enables AI models to be organizations and providers adhere to best
trained on decentralized data sources practices for handling sensitive health
without sharing the underlying raw data.70 information.
This technology can help protect patient There are several approaches that can be
privacy during the development of AI taken to strengthen legal and regulatory
algorithms and their application to health frameworks:
care. 1) Updating existing legislation:
5) Homomorphic encryption refers to a Policymakers should review and update
cryptographic technique that enables existing privacy laws to address the
computations to be performed on unique challenges posed by new
encrypted data without decrypting it.71 technologies in health care, such as
This technology can enable privacy- telemedicine, big data analytics, and AI.
preserving data processing and analytics, This will help ensure that privacy
ensuring that sensitive patient data protection remains relevant and effective
remains encrypted and protected at all in the face of rapid technological changes.
times. 2) Harmonizing regulations across
6) Zero-knowledge proofs are cryptographic jurisdictions: Privacy regulations can vary
methods that enable one party to prove the significantly between countries and
validity of a statement without revealing jurisdictions, resulting in a patchwork of
any additional information.72 In legal frameworks that can complicate
healthcare settings, this technology can be compliance efforts for healthcare
used to verify the authenticity or veracity providers and organizations operating
69
Aycan Aslan et al., “Can Our Health Data Stay 71
Aslan et al., “Can Our Health Data Stay Private? A
Private? A Review and Future Directions for IS Review and Future Directions for IS Research on
Research on Privacy-Preserving AI in Privacy-Preserving AI in Healthcare”; Jordan,
Healthcare,” in Wirtschaftsinformatik 2022 Fontaine, and Hendricks-Sturrup, “Selecting
Proceedings, 2022, Privacy-Enhancing Technologies for Managing
https://aisel.aisnet.org/wi2022/digital_health/digit Health Data Use.”
72
al_health/8/. Jordan, Fontaine, and Hendricks-Sturrup,
70
Aslan et al.; Jordan, Fontaine, and Hendricks- “Selecting Privacy-Enhancing Technologies for
Sturrup, “Selecting Privacy-Enhancing Managing Health Data Use.”
Technologies for Managing Health Data Use.”
[48]
E-ISSN: 2503-0841, P-ISSN: 2356-4512
73
Though the discussion in the cited article is with Subjects,” Seton Hall Law Review 52 (2022):
regard to the US, the problem is universally 1157–82.
applicable. Christopher Cozzens, “The Patchwork 74
David Wright, “The State of the Art in Privacy
Privacy Problem: How the United States’ Privacy Impact Assessment,” Computer Law & Security
Regime Fails to Protect Its Businesses and Data Review 28, no. 1 (February 2012): 54–61,
https://doi.org/10.1016/j.clsr.2011.11.007.
[49]
Brawijaya Law Journal 10 Vol 1 (2023): 34-58
[50]
E-ISSN: 2503-0841, P-ISSN: 2356-4512
5) Implement PIAs: Require healthcare systems are built with privacy protection
organizations and providers to conduct in mind.
PIAs to identify and address potential 2) Implement robust security measures:
privacy risks associated with new Develop and maintain strong
technologies, systems, and practices. PIAs cybersecurity measures—including
can inform the development of privacy encryption, access controls, and regular
policies, procedures, and risk mitigation security audits—to protect PHI from
strategies. unauthorized access or misuse. Establish a
6) Promoting international cooperation: culture of security awareness among staff
Collaborating with international partners and provide regular training on privacy
and participating in global forums can and security best practices.
help policymakers share experiences, 3) Communicate privacy practices clearly:
learn from best practices, and develop Provide patients with clear, concise, and
consistent privacy protection standards accessible information about privacy
across borders. This can ultimately practices, including how PHI is collected,
strengthen privacy protections across the used, shared, and protected. Use privacy
global healthcare landscape. notices, consent forms, or other
7) Promote patient education and communication materials that are easy to
empowerment: Support initiatives that understand and readily available to
aim to educate patients about their privacy patients.
rights and choices, helping them make 4) Offer user-friendly tools for patient
informed decisions about their health care. empowerment: Develop and implement
This may involve funding informational user-friendly tools and platforms that
materials, workshops, and seminars, or allow patients to access, manage, and
providing resources for one-on-one control their PHI. This may include secure
support to help patients navigate privacy patient portals, mobile applications, or
issues. EHR systems that provide patients with
the ability to view, download, and
b. Recommendations for Healthcare
transmit their health data.
Providers
5) Engage patients in decision-making:
Healthcare providers play a crucial role in Involve patients in the development and
protecting health information privacy, as implementation of privacy policies,
they are the primary collectors, users, and practices, and technologies to ensure that
custodians of PHI. To effectively address their needs, concerns, and preferences are
privacy challenges in the context of ICT and considered. Encourage patient feedback
maintain the trust of patients, healthcare and input, and strive to create a more
providers should consider the following patient-centered approach to privacy
recommendations: protection.
1) Adopt privacy by design: Integrate privacy 6) Perform PIAs to identify and address
considerations into the design and potential privacy risks associated with
development of health information new technologies, systems, or practices.
systems, applications, and services from Use the insights gained from PIAs to
the outset. Ensure that privacy is a develop privacy policies, procedures, and
fundamental aspect of ICT use and that risk mitigation strategies.
[51]
Brawijaya Law Journal 10 Vol 1 (2023): 34-58
[52]
E-ISSN: 2503-0841, P-ISSN: 2356-4512
[58]