以資訊治理結構檢討我國醫療資訊隱私之保護

Reviewing the Protection of Information Privacy in Medical Field by the Structure of Data Governance

本研究從資訊治理的視角，檢討我國醫療資訊隱私保護的現況，並透過比較法分析歐盟與日本的醫療資訊治理模式，以提出適切的制度改革建議。我國現行法制雖提供資訊主體一定程度的控制權，但在資訊流通、隱私保護與公共利益之間的平衡仍顯不足，特別是在人工智慧與大數據應用日益擴展的背景下，如何確保資訊主體的自主性與隱私權，成為關鍵課題。歐盟透過一般資料保護規則（General Data Protection Regulation，以下簡稱GDPR）與歐洲健康資料空間（European Health Data Space，以下簡稱EHDS）建立完整的資料治理框架，強調資料標準化與跨境共享，並引入資料利他主義機制，以促進醫療研究與公共健康發展。日本則透過個人情報保護法與次世代醫療基盤法強化醫療資訊的去識別化與假名化機制，確保資訊利用的安全性與合法性。本文建議，我國應強化資訊主體的控制權，細緻化同意機制，並導入資料利他主義概念，建立符合現代醫療科技發展的資料治理體系，確保個人隱私保護與醫療資訊應用之間的平衡。

This study examines the current state of medical information privacy protection in Taiwan through the lens of information governance. By conducting a comparative legal analysis of the medical information governance models in the EU and Japan, the study proposes institutional reforms to address existing deficiencies. While Taiwan’s current legal framework grants data subjects certain control over their medical information, it remains inadequate in balancing data flow, privacy protection, and public interest—particularly in the context of AI and big data applications. The EU has established a comprehensive information governance system through the General Data Protection Regulation (GDPR) and the European Health Data Space (EHDS), emphasizing data standardization and cross-border sharing while incorporating data altruism mechanisms to facilitate medical research and public health advancements. Japan, through the Personal Information Protection Act and the Next-Generation Medical Infrastructure Act, enforces strict de-identification and pseudonymization mechanisms to ensure the secure and lawful use of medical data. This study recommends strengthening data subjects’control rights, refining consent mechanisms, and introducing data altruism principles to develop an information governance system aligned with modern medical technology, ensuring a balance between privacy protection and medical data utilization.