Modeling Malaysian Public Opinion by Monitoring the Malaysian Blogosphere
Data Protection & Privacy in Malaysian Total Hospital Information System
-
Upload
quotient-consulting -
Category
Education
-
view
1.960 -
download
0
description
Transcript of Data Protection & Privacy in Malaysian Total Hospital Information System
![Page 1: Data Protection & Privacy in Malaysian Total Hospital Information System](https://reader035.fdocuments.net/reader035/viewer/2022062616/5492d7dcb47959962d8b5589/html5/thumbnails/1.jpg)
ADEQUACY OF DATA PROTECTION IN TOTAL HOSPITAL INFORMATION SYSTEM (THIS); THE MALAYSIAN STORY
By Noriswadi IsmailDoctoral Researcher in RFID, Data Protection & Privacy
MARA Scholar & HeLEX Academic Visitor (1st August 2011 – 19th August 2011)
![Page 2: Data Protection & Privacy in Malaysian Total Hospital Information System](https://reader035.fdocuments.net/reader035/viewer/2022062616/5492d7dcb47959962d8b5589/html5/thumbnails/2.jpg)
Executive Summary
::: Introduction::: THIS Brief Background::: Research Methodology::: PDPA 2010::: 7 Data Protection Principles::: Observations::: Interim recommendation::: Conclusion::: References
![Page 3: Data Protection & Privacy in Malaysian Total Hospital Information System](https://reader035.fdocuments.net/reader035/viewer/2022062616/5492d7dcb47959962d8b5589/html5/thumbnails/3.jpg)
Introduction
![Page 4: Data Protection & Privacy in Malaysian Total Hospital Information System](https://reader035.fdocuments.net/reader035/viewer/2022062616/5492d7dcb47959962d8b5589/html5/thumbnails/4.jpg)
Introduction
10th Malaysian Plan (2010-2014)
::: Transforming delivery of the healthcare system (Streamlining regulatory and service provision rules, reviewing legislation and regulations & review financing options);
::: Increasing quality, capacity and coverage of the healthcare infrastructure (Expanding primary care services, strengthening secondary and tertiary care services and improving provision of healthcare services);
::: Shifting towards wellness and disease prevention, rather than treatment (Expanding the healthy lifestyle campaign and encouraging healthy and active lifestyle); and
::: Increasing the quality of human resources for health
![Page 5: Data Protection & Privacy in Malaysian Total Hospital Information System](https://reader035.fdocuments.net/reader035/viewer/2022062616/5492d7dcb47959962d8b5589/html5/thumbnails/5.jpg)
THIS Brief Background
::: Integrated and comprehensive information system that manages, processes and retains all data relating to administrative, financial and clinical
::: Dr. Rasiah S., “…Electronic Information System that supports the core business of patient care which enables and facilitates the functions in fulfilling its services…”
Source: New Generation Hospitals – IT hospitals, Malaysia’s Health 2005, Ministry of Health, pp 177-186.
![Page 6: Data Protection & Privacy in Malaysian Total Hospital Information System](https://reader035.fdocuments.net/reader035/viewer/2022062616/5492d7dcb47959962d8b5589/html5/thumbnails/6.jpg)
THIS Brief Background
Source: Dr. Nor Bizura Abdul Hamid, Planning and Development Division, Ministry of Health, “HIS – Malaysian Experience” presentation slides, pages 3-5 of 37
![Page 7: Data Protection & Privacy in Malaysian Total Hospital Information System](https://reader035.fdocuments.net/reader035/viewer/2022062616/5492d7dcb47959962d8b5589/html5/thumbnails/7.jpg)
THIS Brief Background
Source: Dr. Nor Bizura Abdul Hamid, Planning and Development Division, Ministry of Health, “HIS – Malaysian Experience” presentation slides, page 25 of 37
![Page 8: Data Protection & Privacy in Malaysian Total Hospital Information System](https://reader035.fdocuments.net/reader035/viewer/2022062616/5492d7dcb47959962d8b5589/html5/thumbnails/8.jpg)
THIS Brief Background(Application Architecture)
Source: Dr Saadon Ibrahim, Privilege Management and Access Controls in HIS Hospitals, Clinical Information Technology Coordinator, Hospital Sultan Ismail, Malaysia, MSC Malaysia IHE Education Session 3/09, Electronic Health Record Privacy, Slide 10 of 47.
![Page 9: Data Protection & Privacy in Malaysian Total Hospital Information System](https://reader035.fdocuments.net/reader035/viewer/2022062616/5492d7dcb47959962d8b5589/html5/thumbnails/9.jpg)
Research Methodology
::: Literature Review: Journals and policy papers ( 1st August – 19th August 2011)
::: Observations: Malaysian Personal Data Protection Act 2010 (25th July 2011 – 19th August 2011)
::: Qualitative: Semi-structured interview with focused groups – IT Service Providers, Doctors, IT Team, Patients and Users (January 2012-February 2012)
![Page 10: Data Protection & Privacy in Malaysian Total Hospital Information System](https://reader035.fdocuments.net/reader035/viewer/2022062616/5492d7dcb47959962d8b5589/html5/thumbnails/10.jpg)
Research Methodology
::: Limitation: Most of the literature materials are in medical informatics and information system. Lack of legal materials and multidisciplinary materials on the same (especially on local content – Malaysia’s regime/contour)
![Page 11: Data Protection & Privacy in Malaysian Total Hospital Information System](https://reader035.fdocuments.net/reader035/viewer/2022062616/5492d7dcb47959962d8b5589/html5/thumbnails/11.jpg)
PDPA 2010
Data User Forum
TransborderData flow?
Full / PartialIndependence?
![Page 12: Data Protection & Privacy in Malaysian Total Hospital Information System](https://reader035.fdocuments.net/reader035/viewer/2022062616/5492d7dcb47959962d8b5589/html5/thumbnails/12.jpg)
*Exemptions•Processed by an individual only for the purposes of that individual’s personal, family or household affairs, including recreational purposes;
•* Processed for prevention or detection of crime or for the purpose of investigations;
•* The apprehension or prosecution of offenders;
•The assessment or collection of any tax or any other imposition of a similar nature;
•* Processed in relation to information of the physical or mental health of a data subject;
•* Processed for preparing statistics or carrying out research;
•* Processed for the purpose of or in connection with any order or judgment of a court;
•Processed for the purpose of discharging regulatory functions; and
•* Processed only for journalistic, literary or artistic purposes
![Page 13: Data Protection & Privacy in Malaysian Total Hospital Information System](https://reader035.fdocuments.net/reader035/viewer/2022062616/5492d7dcb47959962d8b5589/html5/thumbnails/13.jpg)
7 Data Protection Principles
PRINCIPLES APPLICABLE SECTIONS
Principle 1: General – Consent, Lawful Purpose, Necessary, Adequate and Not Excessive
Sections 6 (1) – (3)
Principle 2 : Notice and Choice Section 7 (1)
Principle 3 : Disclosure Section 8
Principle 4: Security Section 9 (1) & (2)
Principle 5: Retention Section 10
Principle 6: Data Integrity Section 11
Principle 7: Access Section 12
![Page 14: Data Protection & Privacy in Malaysian Total Hospital Information System](https://reader035.fdocuments.net/reader035/viewer/2022062616/5492d7dcb47959962d8b5589/html5/thumbnails/14.jpg)
Observations
::: Actors in action: Ministry of Health officials, doctors, consultants (local or foreign), patients (local or foreign), third parties (vendors, contractors, service providers and sub-contractors)
::: Many actors, different liabilities
::: Exemption: Ministry of Health officials, Federal and State Government doctors – leads to uncertainty in comprehensively applying the PDPA 201 although these actors are dealing directly with patients (as data subjects) and consultants
![Page 15: Data Protection & Privacy in Malaysian Total Hospital Information System](https://reader035.fdocuments.net/reader035/viewer/2022062616/5492d7dcb47959962d8b5589/html5/thumbnails/15.jpg)
Observations
::: Consultants: How their relationship is defined in THIS?
::: Patients: How secured the patients’ personal sensitive data are processed, managed and retained throughout THIS? What happens to the data of demised patients? Who owns it? And whether PDPA 2010 addresses the period of retention on the same?
::: Third parties: Is contractual obligations suffice?
![Page 16: Data Protection & Privacy in Malaysian Total Hospital Information System](https://reader035.fdocuments.net/reader035/viewer/2022062616/5492d7dcb47959962d8b5589/html5/thumbnails/16.jpg)
Observations
::: Transfer of doctors/patients: Whether such transfers reach the adequacy level within the PDPA 2010 - is/are yet to be tested.
::: Secondary Opinion: Whether seeking such secondary opinion outside Malaysia deemed to be adequate under the PDPA 2010 - is yet to be tested
::: Transborder data flow: Whether such transborder data flow from a Malaysian hospital to another hospital deemed to be regarded as commercial transaction – is yet to be tested
![Page 17: Data Protection & Privacy in Malaysian Total Hospital Information System](https://reader035.fdocuments.net/reader035/viewer/2022062616/5492d7dcb47959962d8b5589/html5/thumbnails/17.jpg)
Observations
::: THIS dilemma 1: Different hospitals, different service providers (system integrators) – Standardisation challenge
::: THIS dilemma 2: Different policies on the integrated systems, and different levels of information security & privilege access – privilege management
::: THIS dilemma 3: At least, there are 3-4 parties involved in a specific application architecture. A back-to-back arrangement on data protection & privacy compliance is technically sophisticated
![Page 18: Data Protection & Privacy in Malaysian Total Hospital Information System](https://reader035.fdocuments.net/reader035/viewer/2022062616/5492d7dcb47959962d8b5589/html5/thumbnails/18.jpg)
Interim recommendation
‘360 degree data health check’
![Page 19: Data Protection & Privacy in Malaysian Total Hospital Information System](https://reader035.fdocuments.net/reader035/viewer/2022062616/5492d7dcb47959962d8b5589/html5/thumbnails/19.jpg)
Interim recommendation
::: Rationale 1: To be able to understand the inter-relationship
::: Rationale 2: To be able to assess the limitations
::: Rationale 3: To be able to recommend workable information governance model for THIS
![Page 20: Data Protection & Privacy in Malaysian Total Hospital Information System](https://reader035.fdocuments.net/reader035/viewer/2022062616/5492d7dcb47959962d8b5589/html5/thumbnails/20.jpg)
Interim recommendation
::: How to achieve this?: Pilot interview and semi-structured interview (qualitative)
::: Expected period of outcome: By the fourth quarter of 2011 or the latest, first quarter of 2012.
::: Dissemination strategy: Publication in the Malaysian Journal of Public Health and series of workshops & presentations before the Ministry of Health: Expected by first quarter of 2012.
![Page 21: Data Protection & Privacy in Malaysian Total Hospital Information System](https://reader035.fdocuments.net/reader035/viewer/2022062616/5492d7dcb47959962d8b5589/html5/thumbnails/21.jpg)
ReferencesArticles & Policy Papers
Dr. Nor Bizura Abdul Hamid of Planning and Development Division, Ministry of Health Malaysia’s presentation on Hospital Information System – Malaysian Experience
Dr. Saadon Ibrahim of Clinical Information Technology Coordinator, Hospital Sultan Ismail Malaysia’s presentation on Privilege Management and Access Control in HIS hospitals
Economic Transformation Programme – A Roadmap for Malaysia, Chapter 16, healthcare (p1-36)
Ganthan Narayana Samy, Rabiah Ahmad and Zuraini Ismail, Threats to Health Information Security, Journal of Information Assurance and Security 5 (2010) 146-153
Health Facts 2009, Health Informatics Centre, Planning and Development Division Ministry of Health Malaysia (July 2010)
Sapiah Sulaiman and Rose Alinda Alias, Information Ethics in Malaysia paperless Hospital, Proceedings of the Postgraduate Annual Research Seminar 2006
Suhaila Samsuri, Rabiah Ahmad and Zuraini Ismail, Towards Implementing a Privacy Policy: An Observation on Existing Practices in Hospital Information System, Journal of e-health Management, Vol. 2011 (2011), Article ID345834.
The 10th Malaysian Plan (2010-2014)
![Page 22: Data Protection & Privacy in Malaysian Total Hospital Information System](https://reader035.fdocuments.net/reader035/viewer/2022062616/5492d7dcb47959962d8b5589/html5/thumbnails/22.jpg)
References
Book
Abu Bakar Munir & Siti Hajar Yasin, Personal Data Protection in Malaysia, Law and Practice, Sweet & Maxwell Asia (2010)
Websites
MSC Malaysia <www.mscmalaysia.my>PEMANDU, Economic Transformation Programme <http://etp.pemandu.gov.my/>
Ministry of Health Malaysia <http://www.moh.gov.my/>Malaysia Health Fact 2009
<http://www.moh.gov.my/images/gallery/stats/heal_fact/healthfact-P_2009.pdf>
![Page 23: Data Protection & Privacy in Malaysian Total Hospital Information System](https://reader035.fdocuments.net/reader035/viewer/2022062616/5492d7dcb47959962d8b5589/html5/thumbnails/23.jpg)
Conclusion
It is hoped that the impact of this research will be able to address the application of PDPA 2010 within the Total Hospital Information System (THIS).
It is also hoped that the outcome of dissemination shall become a blueprint headway to responding any potential issues relating to data protection and privacy compliance in Malaysia’s healthcare.
![Page 24: Data Protection & Privacy in Malaysian Total Hospital Information System](https://reader035.fdocuments.net/reader035/viewer/2022062616/5492d7dcb47959962d8b5589/html5/thumbnails/24.jpg)