Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Privacy and Governance Opportunities and Challenges

Published byTheodore Kelley Modified over 6 years ago

Similar presentations

Presentation on theme: "Data Privacy and Governance Opportunities and Challenges"— Presentation transcript:

1 Data Privacy and Governance Opportunities and Challenges
Ehealth Identifiers Data Privacy and Governance Opportunities and Challenges

2 Some Background

3 Health Identifiers have

4 Act sets out the underpinning for IHI and its use in EHR systems
Creates a framework for governance Establishes a number of key registers Patients Healthcare workers Healthcare service providers Relevant Agents Section 15 of the Act requires inaccuracies in data to be reported within 30 days Relationship to Article 19 GDPR in this context… The enabling legislation was passed in Castlebridge contributed to the prelegislative consultation and the consultation on the application of HIQA standards to the legislation. We produced a detailed whitepaper over 3 editions, reflecting the evolution of the Act and the supporting standards. At no point were we happy that a foundation for best practice was being established. Important that the legislation be reviewed in light of GDPR as this places additional wrinkles in the way in which things should be interpreted and the potential conflicts between this Act and EU law.

5 Examined proposed HIQA standards (1st and 2nd editions)
Noteworthy that a number of applicable standards proposed by HIQA subsequently dropped from Governance 3rd Edition provides a section by section analysis, highlighting areas of conflict with Data Protection law Submitted as part of PIA, but not included as judged “strategic” in nature The report was available from 2014 in its 1st edition. This looked primarily at the HIQA standards that were being proposed for the implementation of IHI. 2nd Edition addressed the output of the HIQA /HSE head to head on the final standards to be applied. Our 3rd edition looked at a section by section analysis of the Act, particularly in light of the Bara ruling. We also looked at some of the practical issues and considerations in the implementation of the Act, including issues like the apparent intent in the legislation to codify professional disciplines into the identifiers for individual health practitioners, which would mean a surgeon switching to being an anaesthetist could have their ID recording the wrong specialism for the rest of their career.

6 Some issues… Bara ruling – impacts in relation to Section 3 of the Act (Public Interest). Bara requires that, not withstanding any legal basis, people must be informed of the sharing of their data Bara ruling – technically the same problem, but a doozy so mentioning twice PIA undertaken only AFTER Health Identifier Registers were built Only a sub-set of HIQA’s Standards for Better Safer Patient Care have been applied in the governance of Health Identifiers. The Gender Recognition Act 2015 Need to ensure that the Identifier is not misused to reidentify previous gender of people who have changed

7 Some Issues Section 31 post GDPR
Section 31 empowers Minister to enter into Data exchange agreements Requires DPC to be consulted GDPR will require a PIA to be undertaken (by definition) Section 27 extends GDPR protections to the data of the deceased (specifically re: security) Section 25 of the Act creates personal liability for breaches, echoing similar provisions in Data Protection Act 2018 and its predecessor. Section 10 of the Health Identifiers Act makes the DPC subservient to the Minister in the exercise of their function, which is counter to GDPR, Charter of Rights, and EU Treaty obligations.

8 A problem Section 8 of the Act allows for any Government Minister to be asked for data to contribute to the development and validation of the Register. This has happened, for a production system, despite the Bara ruling It is not possible for a public body to rely solely on a statutory provision to acquire data.

9 The Privacy Impact Assessment
Public consultation only commenced AFTER processing had taken place and was in a “live” system. This is not “best practice” for a PIA But feedback was taken on board..

10 Where we are now…

11 The database exists It is being used A health warning should be applied to compatibility with EU law The means by which data was obtained open to challenge Extending uses of IHI and eHealth IDs will require timely PIAs and transparency “Build it and they will come” not a good design philosophy

12 Image credit: Digital Rights Ireland
Public Services Card report from DPC will turn spotlight on data sharing in Public Sector IHI database proposes to hold photographs of patients… If source is the Public Services Card data set, this will be unlawful. (Bara, GDPR etc.) Scepticism about Public sector data sharing and handling of personal data not helped by PSC debacle Image credit: Digital Rights Ireland

13 Presented as a panacea, but DPC has been clear that an “umbrella” law to allow for Public Sector data sharing is not compatible with EU law and with the principles of transparency etc. in GDPR. Bill now passing through Report stage in the Seanad and 50+ amendments have been tabled by one Senator alone to try and bring the Bill in line with basic principles of EU law and the Charter of Fundamental Rights The Bill is not YET an Act and should not be viewed as a done deal panacea.

14 The Future

15 Fundamental weakness in underpinning legislation remains
Future use of data (OpenData /AI etc.) will require PIAs to be completed Fundamental weakness in underpinning legislation remains Need to ensure that long term societal and social benefit is delivered Requires rigorous attention to detail around basics of data privacy and governance Requires investment in transparency and engagement with health care stakeholders as individuals

16 Increasing focus of DP regulators
Recent conference of global regulators in Brussels had Data Ethics as its core topic Compliance with core legislation remains a fundamental

17 People Practices Policies Legislation Ethics

18 Conclusion

19 Ethical Data and Information Management: Concepts, Tools & Methods
Available from: Amazon Book Depository Easons.ie Waterstones .. And more

Download ppt "Data Privacy and Governance Opportunities and Challenges"

Similar presentations

NIGB NATIONAL INFORMATION GOVERNANCE BOARD Harry Cayton, Chair, National Information Governance Board.

NIGB NATIONAL INFORMATION GOVERNANCE BOARD Harry Cayton, Chair, National Information Governance Board.
The Equality and Human Rights Agenda and the Possible Implications for Regulation David Darton, Director of Foresight, Equality and Human Rights Commission.

The Equality and Human Rights Agenda and the Possible Implications for Regulation David Darton, Director of Foresight, Equality and Human Rights Commission.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
Data-Sharing and Governance Consultation ANALYSIS OF RESPONSES.

Data-Sharing and Governance Consultation ANALYSIS OF RESPONSES.
Building Control and the CIOB Kevin Dawson Chairman Faculty of Building Control and Standards.

Building Control and the CIOB Kevin Dawson Chairman Faculty of Building Control and Standards.
David Halldearn, ERGEG Conference on Implementing the 3 rd Package 11 th December 2008 Implementating the 3rd Package: An ERGEG Consultation paper.

David Halldearn, ERGEG Conference on Implementing the 3 rd Package 11 th December 2008 Implementating the 3rd Package: An ERGEG Consultation paper.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Internal auditing for credit unions Nuala Comerford, Chair IIA Irish Region Committee Pamela McDonald Council Member IIA Credit Union Summer School Thursday,

Internal auditing for credit unions Nuala Comerford, Chair IIA Irish Region Committee Pamela McDonald Council Member IIA Credit Union Summer School Thursday,
IPhVWP Polish Presidency, Warsaw October 6 th 2011 Almath Spooner Irish Medicines Board Monitoring the outcome of risk minimisation activities.

IPhVWP Polish Presidency, Warsaw October 6 th 2011 Almath Spooner Irish Medicines Board Monitoring the outcome of risk minimisation activities.
Inclusion Ireland Annual Conference 28 March 2009 “Living Life to the Full” So where do Standards come in? Niall Byrne Deputy Director Office of the Chief.

Inclusion Ireland Annual Conference 28 March 2009 “Living Life to the Full” So where do Standards come in? Niall Byrne Deputy Director Office of the Chief.
DEPARTMENT: RURAL DEVELOPMENT & LAND REFORM DEPARTMENT OF RURAL DEVELOPMENT AND LAND REFORM GEOMATICS PROFESSION BILL 2013 A Briefing to the Parliamentary.

DEPARTMENT: RURAL DEVELOPMENT & LAND REFORM DEPARTMENT OF RURAL DEVELOPMENT AND LAND REFORM GEOMATICS PROFESSION BILL 2013 A Briefing to the Parliamentary.
The Aarhus & Espoo Conventions Making implementation work for stakeholders.

The Aarhus & Espoo Conventions Making implementation work for stakeholders.
Registrant Engagement Through CPD Aoife Sweeney, Head of Education, CORU - Health and Social Care Professionals Council, Ireland.

Registrant Engagement Through CPD Aoife Sweeney, Head of Education, CORU - Health and Social Care Professionals Council, Ireland.
State Alliance for e-Health Conference Meeting January 26, 2007.

State Alliance for e-Health Conference Meeting January 26, 2007.
“What’s Ethics Got To Do With It” Presentation to the Canberra Evaluation Forum Gary Kent Head Governance Australian Institute of Health and Welfare.

“What’s Ethics Got To Do With It” Presentation to the Canberra Evaluation Forum Gary Kent Head Governance Australian Institute of Health and Welfare.
Youth Justice Service Conference – 26 th January 2006 Youth Justice Reform An NGO Perspective from the Irish Youth Justice Alliance Jillian van Turnhout.

Youth Justice Service Conference – 26 th January 2006 Youth Justice Reform An NGO Perspective from the Irish Youth Justice Alliance Jillian van Turnhout.
Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.

Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.
Joana Mendes Amsterdam Centre for European Law and Governance, University of Amsterdam Jean Monnet Seminar, University of Macau 27 October 2011 Participation.

Joana Mendes Amsterdam Centre for European Law and Governance, University of Amsterdam Jean Monnet Seminar, University of Macau 27 October 2011 Participation.
1 Status of PSC recommendations (January 2005 - December 2007) Portfolio Committee on Public Service and Administration 14 March 2008.

1 Status of PSC recommendations (January December 2007) Portfolio Committee on Public Service and Administration 14 March 2008.
Some E- Health developments in Estonia

Some E- Health developments in Estonia

Similar presentations

Ads by Google