Digitalization in Health

EnglishTürkçe

CHAPTER


DOI :10.26650/B/LSB40.2024.035.08   IUP :10.26650/B/LSB40.2024.035.08    Full Text (PDF)

Anonymization and Pseudonymization of Personal Health Data within the Scope of Turkish Personal Data Protection Law and General Data Protection Regulation

Duygu Koçak DikerCemile Turgut

Personal health data is any information relating to the physical and mental health of an identified or identifiable natural person and information related to the health services provided to the person. Data protection is important to ensure that the data subject is not discriminated against or stigmatised in society. The fact remains that access to health data is necessary for the continuity of health services and the development of health research. Legal regulations aim to establish a equilibrium between access to data and the patient’s personal rights. Anonymization is one of the avenues for the achievement of this goal. Anonymization is the rendering of personal data which can not be associated with an identified or identifiable natural person under any circumstances, even if they are to be matched with other data. Through this the connection between the data and the person is broken. Anonymization provides secure sharing of data with third parties and associations. At the same time, policies regarding health service provision are developed and scientific studies are facilitated. Anonymization enables data to be shared securely with third parties and institutions. Moreover, policies regarding health service provision are developed and scientific studies are facilitated. Another way, pseudonymization is the processing of data in such a way that the data can not be attributed to a specific data subject without the use of some additional information or techniques. In anonymized data, the identity of the data subjects can not be determined, whereas in pseudonymized data, the identity of the data subjects can be determined by adding some additional information. Pseudonymization ensures confidentiality, especially when storing personal data, and provides access to limited information even to employees to whom the data is open. Today, with the increase in digitalisation, personal health data are also kept in central electronic environment such as E-nabız central physician appointment system (MHRS). Although access to data becomes safer and faster with digitalisation in health, concerns about the security of personal health data persist. Anonymization and pseudonymization processes carried out by non-experts threaten data security. Therefore, there is a need for continuous technological and legal development and standardisation of anonymization and pseudonymization for the security of health data.


Keywords: Personal Health DataAnonymizationPseudonymizationData ProtectionHealth Policy

References

  • Alçın, A. A. (2022). Türk hukukunda kişisel sağlık verileri ve idarenin kişisel sağlık verilerini koruma yükümlülüğü, TAAD, 51, 365-410. google scholar
  • Emel, B. (2022). Boşanma davalarında kişisel sağlık verilerinin korunması, TBB Dergisi, 162, 205-249. google scholar
  • Develioğlu, M. (2018). 6698 sayılı Kişisel Verilerin Korunması Kanunu ile Karşılaştırmalı Olarak Avrupa Birliği Genel Veri Koruma Tüzüğü Uyarınca Kişisel Verilerin Korunması Hukuku, İstanbul, On İki Levha Yayınları. google scholar
  • Durmuş, V., Uydacı, M. (2020). A legal framework for healthcare: personal data protection for health law in Turkey, Handbook of Research on Intrusion Detection Systems, Hershey, 219-236. google scholar
  • Froomkin, M. (2003). Anonymity In the Balance, Digital Anonymity And The Law, Ed. Nicoll C., Prins J.E.J, Dellen M.J.M, Information Technology & Law Series, 5-46. google scholar
  • Jasserand, C. (2024). Biometric Data, Within and Beyond Data Protection, Ed. Sloot B., Schendel S., The Boundaries of Data, 295-309. google scholar
  • Küzeci E. (2020). Kişisel verilerin korunması, İstanbul, On İki Levha Yayınları. google scholar
  • Polonetsky J, Tene O, Finch K. (2016). Shades of Gray: Seeing The-Full Spectrum of Practical Data De-Identification, Santa Clara Law Review, 56(3), 593-629. google scholar
  • Purtova N. (2018). The Law of Everything. Broad Concept of Personal Data and Future of EU. Data Protection Law, Law, Innovation And Technology, 10(1) 40-81. google scholar
  • Söğüt, İ.S. (2017). Özel Nitelikli Kişisel Veri Olarak Genetik Verilerin Korunması, Kişisel Sağlık Verileri II. Ulusal Kongresi, Türk Tabipler Birliği Yayınları, İstanbul, 73-87. google scholar
  • Schwartz, P., Solove D (2011). The PII Problem: Privacy and a New Concept of Personally Identifiable Information, New York Unıversity Law Review, 86, 1815-1894. google scholar
  • Taştan, F.G. (2017), Türk Sözleşme Hukukunda Kişisel Verilerin Korunması, On iki Levha Yayınları, 2017. google scholar
  • Yılmaz S.S. (2022), Tıp Alanında Kişisel Verilerin Korunması, Seçkin Yayıncılık. google scholar


SHARE




Istanbul University Press aims to contribute to the dissemination of ever growing scientific knowledge through publication of high quality scientific journals and books in accordance with the international publishing standards and ethics. Istanbul University Press follows an open access, non-commercial, scholarly publishing.