As technology speeds up healthcare professionals’ access to patients’ cellphone data, the collection, usage and sharing of this information can be a concern, prompting experts to call for a comprehensive legal framework in South Africa that includes data protection regulations, ethical guidelines and oversight mechanisms for healthcare data.
The Mercury reports that, according to a study by Dirk Brand and Nezerith Cengiz from Stellenbosch University and Annelize Nienaber McKay from the University of Pretoria and Abertay University in Scotland, adequate legal protection is vital to ensure the use and sharing of a person’s details and information is done in a responsible and ethical manner that respects an individual’s rights and privacy.
“In urgent medical care cases, real-time location is shared with healthcare professionals through smartphones or smartwatches, and in cases of remote health monitoring, via digital applications that transmit data to them to bridge the barrier of access to treatment,” they said.
“As personal information collected through health and fitness apps can be used by healthcare professionals to provide services to people, so can digitally collected health data and even medical insurance data be used in medical research.
“However, the collection, storage and sharing of personal information on phones raises various legal questions relating to the protection of privacy, consent, unlawful data processing, liability and the accountability of stakeholders such as health insurance providers, hospital groups and national Departments of Health.”
They added that health data were more sensitive than other forms of personal data, making this an enticing prospect for cybercriminals.
Because apps are interlinked, e.g, a fitness app that provides the possibility of sharing data on social media apps, the risk of a data breach or unauthorised use of the personal data increases.
“This receives special attention in data protection legislation like the EU’s General Data Protection Regulation and our own Protection of Personal Information Act (Popia), because health information qualifies as ‘special personal information’ under section 26(1) (a) of Popia, and qualifies for special protection,” they said.
But these measures do not adequately address the various ethical and legal issues related to mobility and location data in healthcare, they added, and there was a need for a legal framework that includes ethical guidelines, data protection regulations as well as ethical oversight mechanisms.
Study details
What constitutes adequate legal protection for the collection, use and sharing of mobility and location data in healthcare in South Africa?
Dirk Brand, Annelize Nienaber McKay, Nezerith Cengiz.
Published in the SA Journal of Science on 30 May 2023
Abstract
Mobile phone technology has been a catalyst that has added an innovative dimension in health care and created new opportunities for digital health services. These digital devices can be viewed as an extension of the person using them due to the deluge of personal information that can be collected and stored on them. Data collected on mobile phones are used extensively in health services and research. Personal, mobility and location data are constantly collected. The unique mobile phone architecture provides for an easy flow of data between various role players such as application developers and phone manufacturers. The collection, storage and sharing of personal information on mobile phones elicit various legal questions relating to the protection of privacy, consent, liability and the accountability of stakeholders such as health insurance providers, hospital groups and national departments of health.
Significance
We analyse the major legal concerns of mobility and location data collection and processing through mobile phones in the context of health care and provide recommendations to develop data protection guidelines that are built on the principles of lawfulness, fairness and transparency. The issues explored are of relevance in an African context and to a broader international audience.
The Mercury PressReader article – Legal debate over patients’ cellphone data (Open access)
See more from MedicalBrief archives:
US Congress grills Facebook over patients’ health data privacy breach
Medical providers most likely to be the culprits in health data breaches
Healthcare ‘particularly vulnerable’ to ransomware attack
POPIA is coming into force – are you ready?