摘要
在健康医疗大数据时代,医疗机构数据合规不仅是一种创新性的医疗数据治理模式,还是加强患者个人信息保护与规范医疗数据资源合法利用的重要方式.在执行医疗机构数据合规义务时存在医疗数据非类型化保障、医疗机构数据合规技术风险和合规技术能力不足等障碍.构建医疗机构数据合规体系应坚持知情同意、正当目的等基本原则,明确医疗机构在数据收集、数据脱敏、数据储存、数据利用等环节的流程与规范内容,打造事前风险识别、事中场景监督、事后风险应对的数据合规机制,加强相关部门之间的协同监督,确保医疗机构数据合规义务的规则得以有效执行.
Abstract
In the era of health and medical big data,data compliance of medical institutions is not only an innovative governance,but also important to strengthen the protection of patients'personal information and legally standardize the use of medical data resources.The essence of data compliance is to prevent legal risks in data processing.There are three realistic barriers in the development of data compliance,which are untyped medical dataset,technical risks of data compliance and inadequate technical capabilities in medical institutions.In order to build a data compliance system for medical institutions,it is necessary to be based on the legal and regulatory framework,adhere to the basic principles of informed consent,legitimate purposes,minimum impact and so on.In addition,it is important to clarify the process and normative content of data collection,data desensitization,data storage,and data utilization of medical institutions.It is also significant to create management mechanism which is divided into pre-stage,inbetween-stage and post-stage,including risk identification,scene supervision,and risk resolution.Moreover,strengthening the coordinated supervision of relevant departments and sorting out the key points of law enforcement,is to ensure the development of medical institutions'data compliance.
基金项目
天津市科研创新服务产业专项(2022SKYZ276)
维普
万方数据