醫療健康服務發展中之趨勢已經來到雲端應用結合醫療服務,其中PHR服務模式已不同於過去病歷只儲存於傳統醫療機構,而是一個可整合不同來源之個人醫療健康紀錄之平台,如可由系統個人使用者上傳資料或是由其他機構匯入資料,而系統個人使用者只需要透過終端裝置上網登入平台後,即可管理和存取個人或是家人之醫療健康相關資訊。 但是,當個人將醫療資訊儲存於網路雲端空間,亦代表者,資料是交由服務平台業者所管理,系統個人使用者也就無法即時控管資料被利用之方式。而服務提供者是否能提供健全之個人隱私保護?又當大量醫療健康資訊在平台內形成巨量資料巨集時,服務提供者未來將如何處理和利用平台內部資訊,該處理或利用之方式即可能增加個人資訊隱私被侵害之風險。 面對此新興醫療服務模式將會帶給系統個人使用者之醫療健康資訊隱私之威脅,我國現行之醫療相關法規範與個資法,目前皆未能提供健全之保護模式,來平衡醫療健康資訊之利用和個人醫療健康資訊隱私之保護。本文即建議得制訂PHR專法來管制PHR服務平台之運作,並以「具名資料利用須嚴格限制,匿名資料利用仍須採有限度之管制模式,非得以任意利用」 此精神為手段,為保護個人資訊隱私,亦一併兼顧管制服務平台對於資料蒐集、處理或利用方式之目的,亦讓有意提供PHR服務平台者於提供服務時有得遵循之法律依據。由於本文之篇幅、時間和能力有限,PHR專法之討論主要集中於PHR系統中關於個人資訊隱私保護之相關規範方式之建議。 ;This thesis is focus on the Personal Health Records (PHRs) stored in the cloud computing systems which as a hub can integrate any kinds of medical records and personal health information from user himself/herself or different sectors. The users can access theirs or family’s health data through the webside. Although the PHRs systems can bring users the benefit of management and accessing the medical records and personal health records, it is also leads privacy threat to personal medical information. Because of service provider managing users medical information, users cannot control and decide the way of data using immediately. Especially, the PHRs system stored a lot medical information to become a Big Data. Service provider may do what they want to process or use the information in the PHRs systems. The new medical services, PHRs, do bring the challenges to the protection of personal medical information. Under the current legal system, due to the lack of a proper regulation to regulate the using of medical information, and it is necessarily needed. Therefore, this thesis proposed to enact a PHR law to regulate the processing, using and disclosure of medical information. The key to enact the regulation to protect personal information is that “ When using the identifiable medical information should be regulated strictly; when using the de-identified medical information should depends on it is an reversible anonymisation or irreversible anonymisation with different regulations.” In sum, this thesis expects to balance between the using of medical information and the protection of personal medical information according to the above. The PHRs law would also be an accurate model to PHRs service provider to provide service legally. Due to limited time, space and my capability, the PHRs law will focus on the protection and constraining of personal medical information in PHRs systems.
