《个人信息保护法》实施下的医疗数据管理和应用探讨

Discussion on the management and application of medical data under the implement of“Act on the Protection of Personal Information”

分析了《个人信息保护法》的规范重点,包括:以“保护”为功能定位、以“告知同意”为个人信息处理中的基本规则、强化信息处理者的义务、对敏感信息处理提出了更高的要求、明确个人信息跨境提供规则等。指出,在个人信息保护视角下,医疗数据具有源于诊疗特定目的、有大量敏感信息、涉及面广且增长快速、有丰富的衍生应用价值、应用多环节等特点。在《个人信息保护法》的框架下,加强医疗数据的管理和利用,需要进一步明晰医疗数据处理规则、加强医疗数据应用的顶层设计、厘清履行法定职责与实施商业行为的边界、加强信息安全技术保障、完善信息安全管理制度。

This paper analyzes the key specifications of“Act on the Protection of Personal Information”.It includes that“protection”is functional orientation,“informed consent”is the basic rule of personal information processing,intensify the obligations of information processors,higher requirements for sensitive information processing,clarify cross-border supply of personal information,etc.It is pointed out that based on the personal information protection,medical data has several characteristics of that comes out from the specific need of diagnosis and treatment,lots of sensitive information,involve a wide range and grow fast,has abundant derivative application value,has application multilink,etc.This paper holds that,in the framework of“Act on the Protection of Personal Information”,needs to further clear processing rules of medical data,strengthen top-level design of medical data application,clear up the boundary between the performance statutory duties and the conduct of business,strengthen information security technology,perfect information security management system for strengthening the management and utilization of medical data.