從個人資料保護法談病歷與類病歷銷毀作業之實務分享

The Practical Sharing of Medical Records and Similar Medical Records Destroy from Personal Data Protection

隨著「個人資料保護法」的實施，法規面已將適用範圍擴及至紙本個人資料隱私，若醫院未能強化本身的個資防護能力，一旦發生個資外洩之情事而導致當事人遭受損害時，對醫院及管理人員都是非常大的震撼與挑戰，因此，醫院對於病歷資料及電子病歷的管控方式必須更謹慎，後續資料銷毀方式都要考慮詳細，才能達成民眾對醫院的期待與本身的社會責任。病歷為醫療業務和醫學研究重要資料根據，無論是病歷的保存、記錄、完整性以及疾病統計，皆依靠病歷資訊管理人員進行管理。由於2012年10月政府實施個資法，將個人資料從蒐集、處理、利用以及刪除之各項環節訂定所需規範，也讓有關病歷管理之法律議題受到主管機關及醫療機構高度的重視，因此，如何防範病歷外洩成為重要的議題。本文之目的在探討個資法的重要性，藉以說明各種病歷銷毀的流程，以及病歷資訊管理人員該如何保護病歷以提高安全防範措施，輔以說明目前醫療院所實務之經驗與業界分享。 Along with the implementation of Personal Information Protection Act (PIPA) a while ago, its regulatory coverage has been extended to the privacy of personal information in form of paper copies. From then on, if the hospital failed to step up its own personal information protection capacity, patients' personal data leakage might well take place, which might cause severe damages to the patients. When that happens, the hospital involved and its management are bound to suffer from great shocks and face unpleasant challenges. Therefore, the hospital has to become much more careful in both dealing and controlling its more conventional medical records and the newer electronic relevant data, as well as to give more detailed thoughts to the data destruction that would eventually follows, in order to achieve the expected high standards of public prospect and its own social responsibility. Medical records are the important information based on our past medical business routines and research endeavors. All relevant aspects and derivatives of the existing medical records including their preservation, recording process, integrity, and disease statistics rely totally on the management of the staff of hospital medical record office. As a result of our government implementation of PIPA in October 2012, required standards were set out for each and every step of the record's collection, process, utilization, and delete of those person data, and legal issues relating to the medical records management were paid close attention by both competent authorities and medical organizations. In other words, how to prevent medical records leakage has become a very important issue. This study aimed first to explore the importance of PIPA, which helps explain the needs of destruction process of various kinds of medical records, and to emphasis what a medical information manager has to do to protect medical records by taking all necessary safety precautions. Furthermore, we put forward our own practical experiences in this study in order to share with our friends in the industry.

Along with the implementation of Personal Information Protection Act (PIPA) a while ago, its regulatory coverage has been extended to the privacy of personal information in form of paper copies. From then on, if the hospital failed to step up its own personal information protection capacity, patients' personal data leakage might well take place, which might cause severe damages to the patients. When that happens, the hospital involved and its management are bound to suffer from great shocks and face unpleasant challenges. Therefore, the hospital has to become much more careful in both dealing and controlling its more conventional medical records and the newer electronic relevant data, as well as to give more detailed thoughts to the data destruction that would eventually follows, in order to achieve the expected high standards of public prospect and its own social responsibility. Medical records are the important information based on our past medical business routines and research endeavors. All relevant aspects and derivatives of the existing medical records including their preservation, recording process, integrity, and disease statistics rely totally on the management of the staff of hospital medical record office. As a result of our government implementation of PIPA in October 2012, required standards were set out for each and every step of the record's collection, process, utilization, and delete of those person data, and legal issues relating to the medical records management were paid close attention by both competent authorities and medical organizations. In other words, how to prevent medical records leakage has become a very important issue. This study aimed first to explore the importance of PIPA, which helps explain the needs of destruction process of various kinds of medical records, and to emphasis what a medical information manager has to do to protect medical records by taking all necessary safety precautions. Furthermore, we put forward our own practical experiences in this study in order to share with our friends in the industry.