DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

“Patient Privacy in a Mobile World – A Framework to Address Privacy Law Issues in Mobile Health“

Posted on June 26, 2013 by Dissent

From the Executive Summary of this new white paper:

Amid the rapid growth of mobile network technology and infrastructure throughout the world, especially in low- and middle-income countries, the potential of mobile to support the achievement of health priorities is an area of active exploration and engagement. According to a 2011 World Health Organization report, governments cite issues related to data privacy and security and the protection of individual health information as two of the top barriers to the expansion of mHealth. Protecting personal health information that is collected and transmitted over mobile devices is essential to bringing mHealth to scale and providing a mature foundation for its continued growth.

The mHealth Alliance, the Thomson Reuters Foundation, Merck, and Baker & McKenzie partnered on a project to better understand privacy and security policy issues related to mHealth and identify gaps that must be addressed to protect health data. The partnership undertook a global landscape analysis of current privacy legislation and regulation was undertaken, with a closer look at a selected group of case study countries in Africa, Asia and Latin America, to establish a baseline for the discussion and provide examples of what different approaches to privacy regulation are already in use. The results of this review show that the world of privacy law is roughly divided into three major camps: (1) omnibus data protection regulation in the style of the European laws that regulate all personal information equally; (2) U.S.-style sectoral privacy laws that address specific privacy issues arising in certain industries and business sectors, so that only certain types of personal information are regulated; and (3) the constitutional approach, whereby certain types of personal information are considered private and inviolate from a basic human rights perspective but no specific privacy regulation is in place otherwise.

Among the new laws that have been adopted in recent years, the European omnibus approach has been the most popular. This may be attributed at least in part to the cross-border transfer restrictions found in the European laws, which allow free transfer of personal information across borders only to those countries deemed to have “adequate” data protection regulation in place (i.e. laws similar to those found in Europe). To date, the European Commission has recognized the adequacy of privacy laws in Andorra, Argentina, Canada, Faeroe Islands, Guernsey, Israel, Jersey, the Isle of Man, Switzerland, Uruguay and the U.S. Department of Commerce Safe Harbor Privacy Principles. However, for the rest of the world, this style of law poses an additional barrier to the cross-border transfer of personal information, an issue that is especially relevant to mHealth and its many transnational aspects.4

Otherwise, this paper summarizes the other major aspects of current laws to provide a snapshot of where the laws stand today and a baseline for discussing potential reform and the adoption of new laws. Interestingly, very few of the existing laws cover health information specifically (the United States being the prime exception) and fewer still make any reference, even in terms of regulatory guidance, to mHealth. The current application of these privacy laws to mHealth issues, therefore, is by extension of existing, more general principles related to privacy protection. For this reason and to provide more specific examples that can be used to address mHealth privacy issues, this paper also offers an overview of medical ethics and patient confidentiality codes in effect throughout the world.

This paper then goes on to set forth a functional framework for addressing privacy law issues around the globe, which adapts and is sensitive to particular cultural, technological and institutional contexts. The main pillars of the framework are: (1) fact gathering and analysis that aim to identify the key drivers for privacy regulation in a particular jurisdiction and the existing environment for the development of such laws; (2) determining scope of coverage in a thoughtful and deliberate manner that takes into account the results of the fact-gathering stage and the potential impact of scoping decisions on the further uptake of mHealth in a particular jurisdiction; (3) deciding the nature of any notice and consent requirements built into the privacy law reflecting the cultural and technological context of the jurisdiction where the law would be implemented; (4) incorporating the principle of data minimization into any law as a best practice; (5) encouraging the right of data integrity and accessibility for data subjects while requiring such requests to be commercially reasonable and feasible for the entities storing data to honor; (6) requiring the adoption of reasonable data security measures while remaining nimble and open to new technological advances in this area; (7) ensuring that data is protected throughout its lifecycle through cross-border and third- party transfer restrictions, while being sensitive to the operational burdens such restrictions could place on market participants and the consequences for the uptake of mHealth; (8) determining the enforcement and sanctions mechanisms built into the law to credibly encourage compliance, which also requires an honest assessment of the jurisdiction’s enforcement resources.

The hope is that the work undertaken here can provide a working taxonomy and toolbox for those who continue to explore and develop these issues in the coming months and years. It is worth noting that this paper does not set out to prescribe legal solutions to specific data privacy problems or advocate for one universal model law for the entire world. The authors believe that a one-size- fits-all approach is simply not appropriate in the privacy context and much less in an environment, such as mHealth, where the technology and the issues are still evolving every day.

Read the report here (pdf).

No related posts.

Category: Uncategorized

Post navigation

← Medical lab loses thousands of B.C. patient records
Iowa DHS discloses that backup tape with PHI of former patients at Mental Health Institute and state employees is missing →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.