美国和欧盟基于个人健康记录隐私和安全的法律框架比较及对我国的启示

A Comparative Study of the Legal Framework based on Privacy and Security of Personal Health Records between the United States and the European Union and the Enlightenment to China

作为个人医疗健康信息自我管理工具,个人健康记录能为个体患者和整个医疗系统带来益处,但存在损害信息安全性和隐私性的隐患。笔者对美国和欧盟适用于个人健康记录隐私和安全的法律框架重要组成部分予以梳理和比较分析,指出美国相关法案的数据保护模式有利于促进数据流通,欧盟数据保护措施更全面和严格。结合我国个人健康记录相关立法现状,提出界定个人健康记录相关概念、明确责任主体、完善监管机制、采用相关标准等建议。

Personal health records(PHR)has been recognized as a promising tool for self-management of personal medical and health information,which brings benefits to both patients and the entire medical system.The main obstacle to the implementation of PHR is that the public questions about their capability of PHR system to protect the security and privacy of sensitive information.This paper reviewed and compared the important components of the legal framework applicable to privacy and safety of PHR between the United States and the European Union.The PHR data protection model of the relevant laws in the United States is conducive to fully promoting data flow,and the EU data protection measures are more comprehensive and stringent.Combined with the existing legislation of PHR in China,this paper put forward some suggestions,such as defining the legal attributes of such concepts as PHR,defining the subject of responsibility,improving the mechanism of supervision and adopting recognized standards.