[Asia Economy Reporter Seulgina Jo] With the passage of the Data 3 Act, the market for data linkage using pseudonymized information has begun in earnest. Meanwhile, a guideline has been released stating that healthcare data that could cause significant harm to individual rights?such as mental illness and sexually transmitted infections?must, in principle, obtain prior individual consent. The same applies to cases where safe pseudonymization methods have not yet been developed, such as genomic information.


The Ministry of Health and Welfare and the Personal Information Protection Commission disclosed the 'Healthcare Data Utilization Guideline' on the 25th as a follow-up measure to the enforcement of the Personal Information Protection Act. Following the release of the ‘Pseudonymized Information Processing Guideline (Pseudonymization Edition)’ by the Protection Commission earlier this month, this is the first sector-specific guideline issued for the healthcare field.


This guideline was prepared to present standards that personal information processors can refer to for the safe use of pseudonymized information in the healthcare sector. By presenting criteria, methods, and procedures for pseudonymization, it aims to prevent misuse or abuse during pseudonymization and minimize confusion in the field.


Accordingly, personal information processors must follow the basic principles of personal information processing presented in the ‘Pseudonymized Information Processing Guideline’ but must comply with the methods and procedures outlined in this guideline when pseudonymizing healthcare data.


First, when a personal information processor intends to pseudonymize and utilize healthcare data, they must obtain approval from the Data Deliberation Committee regarding the purpose, appropriate pseudonymization methods, and processing environment. Additionally, after pseudonymization, the committee must conduct an adequacy review to verify whether pseudonymization was properly performed and whether there is any possibility of re-identifying specific individuals.


According to the released guideline, specifically, information that could cause significant harm to individual rights upon re-identification?such as mental illness, sexually transmitted infections, acquired immunodeficiency syndrome (AIDS), rare diseases, abuse, and abortion information?should, in principle, be used only with consent.


Identifiers with a high likelihood of identifying individuals during pseudonymization, such as insurance subscriber numbers and patient numbers, must be deleted or replaced with serial numbers. For other information, appropriate pseudonymization methods are suggested by type, considering the possibility of re-identification.


Furthermore, in cases where safe pseudonymization methods have not yet been developed, such as for genomic information, utilization is allowed only with individual consent. However, exceptions are made only when the possibility of personal identification is significantly low, such as the presence or absence of gene mutations for widely known diseases, mutation types, or new mutation information of neoplasms with germline mutations removed.


Along with this, personal information processors must comply with safety assurance standards during the pseudonymization process and take additional measures to prevent re-identification.


If an individual does not wish to have their information pseudonymized and utilized, they can request this from the personal information processor. In this case, they will be excluded from pseudonymization (OPT-OUT).


Im In-taek, Director of the Health Industry Policy Bureau at the Ministry of Health and Welfare, said, “We jointly prepared this guideline with the Protection Commission to ensure that healthcare data can be safely used in scientific research, including drug and medical device development. Through this guideline, we present specific pseudonymization methods and procedures applicable in healthcare settings and establish institutional measures and grounds to balance the social utilization of data and the protection of individual privacy in accordance with the purpose of the amendment to the Personal Information Protection Act.”


Hot Picks Today

"Stocks Are Not Taxed, but Annual Crypto Gains Over 2.5 Million Won to Be Taxed Next Year... Investors Push Back" "Stocks Are Not Taxed, but Annual Crypto Gains Over 2.5 Million Won to Be Taxed Next Year... Investors Push Back"

Kang Yu-min, Director of the Personal Information Policy Bureau at the Protection Commission, said, “It is very meaningful that the first sector-specific guideline was published for the highly important medical field. We expect that the safe use of pseudonymized information in healthcare settings will accelerate the establishment of the pseudonymized information processing system. Going forward, through the publication of guidelines in major sectors, we plan to ensure that pseudonymized information is safely processed across all fields.


한글 기사 보기
This content was produced with the assistance of AI translation services.

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.

Today’s Briefing