50 million pieces of medical data that have been dormant for 7 years... Digital healthcare law awakens [Daeryun’s Biz law forum]

Ministry of Health and Welfare promotes enactment of basic health and medical data law
Conflicts and conceptual confusion in the existing legal system must be resolved first.

Korea is a country with the world's best health care infrastructure and a vast electronic medical record (EMR) of more than 50 million people. However, this valuable data resource is trapped in a complex legal system and is trapped in the so-called 'data paradox' where it cannot be utilized properly.

To overcome this, the Ministry of Health and Welfare is once again strongly promoting the enactment of the 'Act on the Promotion of Digital Healthcare and Promotion of Utilization of Healthcare Data (hereinafter referred to as the Digital Healthcare Act)', which will function as a basic law regarding the use of healthcare data. In order for this law to be successfully established, the critical consistency problem of the existing legal system must be resolved prior to enactment.

Can this be a stepping stone to escape the ‘data paradox’?

The root cause of the current lack of utilization of healthcare data in Korea is the conflict between laws and conceptual confusion that has intensified since the revision of the three data laws in 2020.

In practical settings such as clinical research, the Bioethics Act (clinical research jurisdiction) and the Personal Information Protection Act (introduction of the concept of pseudonym processing) are applied simultaneously, resulting in a conflict of regulatory jurisdiction. The concept of 'anonymization' under the Bioethics Act is different from internationally accepted anonymization, and at the same time, it is ambiguous as it encompasses the concept of pseudonymization under the Personal Information Act. This conceptual confusion is a long-standing problem that has not yet been resolved, although the need for improvement has been pointed out for over 7 years since 2018, around the implementation of the European Union (EU) General Data Protection Regulation (GDPR).

There was extreme confusion in the field about which legal standard should be followed first, and the 'Health and Medical Data Utilization Guidelines' prepared under the Personal Information Act remained as administrative guidelines without legal binding. If there had been a consistent process of revising existing laws in 2018 or 2020, industrial development would have accelerated much more. This is an example of an example where, even though regulations have been relaxed, the burden on companies has actually increased due to the lack of consistency between laws.

The Digital Healthcare Act must fulfill its mission as a 'system maintainer' that corrects the relationship between existing fragmented laws, rather than being a 'rooftop' regulation. This means that the true success of this law depends not on simply enacting a new law, but on ‘legal and institutional resilience’ that comprehensively resolves conflicts between existing laws.

Balance between enabling and protecting ‘data use’

The Ministry of Health and Welfare must implement laws that balance the conflicting values ​​of promoting data use and protecting it. In particular, with regard to commercial use, measures to provide transparency to data subjects and strengthen data control rights, such as my data-based dynamic consent method, can be considered to secure public trust.

Only when data that has undergone minimal data processing can be safely collected with the consent of the public can its use with high added value be promoted. This will soon become a key driver in accelerating the use of sensitive healthcare data. This is why the Digital Healthcare Act seeks to legally establish strong protection measures by providing additional consent for high-risk sensitive information and specifying penalties for attempts to re-identify.

The Digital Healthcare Act must provide a definition of the highest concept that resolves the conflict between the concept of pseudonymization under the Personal Information Act and the concept of anonymization under the Bioethics Act. In addition, the utilization standards and deliberation procedures that were existing administrative guidelines must be absorbed into legal sub-regulations to provide a legal basis, and the stability of regulations must be increased to completely eliminate uncertainty in the practical field.

Through EMR standardization, we must overcome the gap between the rich and the poor in data.

EMR standardization is an essential element that accelerates the use of data transfer and combination. However, progress has been slow compared to its importance for various reasons, such as difficulty in securing budget, diversity of terminology standards, and various EMR forms by institution.

Insufficient standardization deepens the information gap between general hospitals, small and medium-sized hospitals, and clinics, resulting in the phenomenon of the rich getting richer and the rich getting richer in data. For startups and small businesses, it is difficult to enter the market due to high initial barriers during the data collection process. Ultimately, this results in each organization collecting large-scale data on its own, as in the United States, or relying on government-led national projects as is the case today, which serves as the root cause of slowing down the development of related industries.

The Digital Healthcare Act sets out the basis for the Minister of Health and Welfare to set and announce standards for efficient management of the EMR system, and the government must prepare detailed policies based on this to provide strong policy momentum for standardization work.
 

If the Digital Healthcare Act is successfully enacted, it will become an institutional watershed in which data-based precision medicine, artificial intelligence (AI) diagnostic assistance, and customized health management services are introduced in earnest into the medical field. However, this presupposes that the Digital Healthcare Act properly maintains the consistency of existing laws.

2026 is an important turning point in Korea’s digital healthcare. If we continue to increase regulations while ignoring conflicts between laws and confusion over concepts, we will repeatedly end up lagging behind in competitiveness in data utilization even though we have the world's best medical infrastructure.

This time, we must complete a consistent medical data law system to regain the time lost over the seven years since 2018. Securing legal consistency is the key to the success of the Digital Healthcare Act.

Lee Seo-hyung, attorney at Daeryun Law Firm

[View full article]
50 million pieces of medical data that have been dormant for 7 years... Digital healthcare law awakens [Daeryun’s Biz law forum] (Shortcut)