標題: 生醫研究與隱私保護之平衡—以公務機關開放健康資訊二次利用為中心
The Balance of Health Data Research and Privacy Protection: On the Secondary Use of Health Data Released by Government
作者: 韓瑋倫
陳鋕雄
Han, Wei-Lun
Chen, Chih-Hsiung
科技法律研究所
關鍵字: 健康資訊;二次利用;去識別化;個人資料保護法;隱私風險評估;選擇退出;Health Data;Secondary use;De-identification;Personal Data Protection Act;Privacy Risk Assessment;Opt-Out
公開日期: 2017
摘要: 世界各主要國家均推行政府健康資訊公開制度,促進醫學研究之發展。政府健康資訊的來源包含病患的保險申請紀錄、用藥紀錄及基本資料等,當資料累積至一定數量,即得整合為資料庫,提供生物醫學研究、公共衛生與藥物評估等分析應用。此種利用方式,有別於臨床醫療資料的初次使用,屬於健康資訊蒐集原始目的以外的二次利用,或稱為二次利用(secondary use)。在資料數位化後,資料的易於複製與散佈性大幅增加了侵害資料主體隱私的風險,世界各國已開始關注健康資訊之開放與分析所帶來的風險與問題,並研擬因應之對策。本文之研究領域為外國政府資訊中有關健康資訊開放與應用之立法例及最新發展趨勢,以英國、法國、美國為主要的研究對象。本文比較各國政府與我國政府開放健康資訊二次利用的規範與政策,從中尋找對我國有參考價值之處,進而透過質性研究、比較法研究及文獻分析,分析政府提供健康資訊二次研究涉及之法律爭議。本文認為,政府應建構一套以風險評估為基礎的健康資料提供應用流程,同時強化獨立的監督機制、進行資料保護模式的典範移轉及徹底落實個人之資訊自主權,提供資料當事人選擇退出之機制,始能強化民眾對於政府的信任、解決政府開放健康資訊二次利用所產生的疑慮,並達到健康資訊研究與隱私保護之平衡。
Most of the countries are investing in health data infrastructure and government health data access system. Health data collected by national governments that can be linked and shared are a valuable resource that can be used safely to improve the health outcomes of patients and the quality and performance of the health care systems that serve them. This kind of data usage can refer to “Secondary use”. Secondary use of information relates to information collected in the course of providing care, being used for purposes other than direct patient care. After the digitalization of data and medical record, the ability to copy and transfer data increases the risk of infringing data subjects’ rights. Recently, governments are developing and discussing the strategy to balance the need of data and the protection of data. This thesis will compare the regulation and practice of UK, France, United States and Taiwan; furthermore, it will try to solve to legal issues of government health data secondary use service. This thesis proposes feasible resolutions to settle the issues toward health data secondary use: implementing a “risk-based” health data access procedure, enforcing independent approval mechanism, shifting the data protection paradigm and providing opt-out mechanism.
URI: http://etd.lib.nctu.edu.tw/cdrfb3/record/nctu/#GT070153805
http://hdl.handle.net/11536/141138
Appears in Collections:Thesis