LAHORE: A report on “Data Privacy in Pakistan’s Healthcare Sector” has called for legislation to safeguard the privacy of patients as per international standards.
It also suggested developing protocols to ensure the patient is kept informed on how the data will be used, and the patient should have the option to pursue legal action in case of a breach of privacy or consent.
The Digital Rights Foundation launched its report ‘Data Privacy in Pakistan’s Healthcare Sector’ on Monday at a local hotel.
The research report consisted of survey responses from 85 medical practitioners and 64 individuals who had accessed medical healthcare in the country. Furthermore, 17 in-depth interviews were conducted, including those with two public health officials.
The study finds that most people attach a great degree of importance to medical data – 38.6 percent of respondents said they considered it equally important as other kinds of data, 31.8 percent said it was more important, and the remaining 29.5 percent considered it less sensitive than general data.
Moreover, while consent is considered the benchmark for data collection, only 40.9 percent of the respondents said consent was obtained when data was collected, 31.8 percent said it was not obtained, and the remaining 27.3 percent said they were unsure.
The study finds that 36.4 percent of patient data was recorded digitally, 27.3 percent was manually collected, and 27.3 percent said a hybrid approach was adopted.
The report suggested that protocols be developed to inform patients about how their data would be used and that they would have legal recourse over the breach. A data protection law should be passed to safeguard medical data and it could only be obtained on the basis of informed, active consent.
It also suggested that medical practitioner protocols and code of ethics should be made more robust and accountability and redressal mechanisms should be developed through data protection legislation and professional licensing regimes to create pathways for filing complaints in case of breach of consent and data.
The utmost priority should be given to ensure that data is shared only with the relevant medical authorities as per the law.
It also suggested taking measures to store data in an anonymised and aggregated manner as much as possible, with the understanding that even anonymised data can be identified.
Published in Dawn, February 28th, 2023