Privacy has emerged as a major issue for telemedicine initiatives. Modern computing capabilities mean that huge quantities of data can be stored, sorted and accessed by large numbers of people in ways that were not possible before. The development of such processing technologies poses intensive threats to privacy. These threats act as a catalyst to provoke the introduction and re-examination of protective measures for safeguarding one’s privacy. In the United States for instance, there is no comprehensive federal law that protects the privacy of medical records. However, in 1996, the Health Insurance Portability and Accountability Act 1996 (HIPAA) requires the U.S. Department of Health and Human Services (HSS) to issue privacy regulations which were released in 2001. These regulations are designed to protect individually identifiable medical information, which includes information in electronic and written form and information spoken between healthcare providers. Protected health information prohibits the use of individually identifiable health information without the consent of the patient except for “treatment, payment and healthcare operations.” The penalties for violating the privacy regulations are based, in part, on the intent behind the violation. For instance, simple mistakes and inadvertent violations may entail fines ranging from one hundred dollars to twenty-five thousand dollars. If the violation was due to commercial gain, commercial advantage or malicious harm, the maximum fine is two hundred and fifty thousand dollars.
At the moment, the Constitution of Malaysia does not specifically recognize the right to privacy, but does provide for several related rights, including freedom of assembly, speech and movement. However, e-commerce concerns and the desire to comply with the adequacy provisions of the European Union Data Protection Directive, have led the Malaysian Ministry of Energy, Communications and Multimedia (MECM) to begin drafting a new personal data protection bill. The Bill aims to regulate the collection, possession, processing and use of personal data by any person/organization (“the data user”), including the government, so as to provide protection to an individual’s (“the data subject’s”) personal data and safeguard the individual’s privacy. The legislation will also establish a set of common rules and guidelines on the handling and treatment of personal data by any person/organisation. Amongst the stated objectives of the Bill are as follows:
(i) to provide adequate security and privacy in handling personal information;
(ii) to create confidence among consumers and users of both networked and non networked industries;
(iii) to accelerate uptake of e-transactions;
(iv) to promote a secure electronic environment in line with Multimedia Super Corridor objectives.
The proposed law also sets out nine data protection principles governing the collection, use, disclosure, accuracy, retention, access to and security of personal data. If enacted, it will establish a government-appointed data protection commissioner with the power to monitor and enforce compliance, promote public awareness of the law, encourage trade bodies to prepare industry codes of practice and cooperate with counterparts in foreign countries. Proposed penalties for violating the law will include punitive fines of up to MYR250,000 (USD65,790) and imprisonment for up to four years. Civil damages for data subjects (including compensation for injury to feelings) are also contemplated. Part III of the draft bill provides for the establishment of a tribunal to assist in the exercise of performance of the Commissioner's powers and functions in the public interest. While the detailed operation of the tribunal will be left to regulation, it is presumed it would function as an appellate body.
0 comments:
Post a Comment