Presented at the Healthcare CEO50 Certificate Program, School of Hospital Management, Faculty of Medicine Ramathibodi Hospital, Mahidol University, Bangkok, Thailand on October 12, 2021
3. 3
▪ Computer Crimes
▪ Electronic Transactions & Electronic Signatures
▪ E-commerce, Cyber Law
▪ Personal Data Protection Law (Generic)
▪ Cybersecurity Law
▪ Digital Government Law
กฎหมาย ICT
41. 41
• แบ่งเป็น 11 หมวด (Domains)
– Security policy
– Organization of information security
– Asset management
– Human resources security
– Physical and environmental security
– Communications and operations management
– Access control
– Information systems acquisition, development and
maintenance
– Information security incident management
– Business continuity management
– Regulatory compliance
มาตรฐาน Security ตามวิธีการแบบปลอดภัย
128. 128
Common Healthcare Use Cases
• Patient Care (Including Referrals)
• Emergency/Life-Saving
• Non-Emergency
• Occupational Health & Medicine / Welfare
• Healthcare Service Required by Law
• Elective
• Claims & Reimbursements / Public & Private Health Insurance
• Disease Control
• Disaster Management
• Public Health / Health Systems Management
• Health Professionals Training
• Quality Improvement/Audit/Quality Survey/Accreditation
• Human Subjects Research
• Medico-Legal & Ethical/Disciplinary/Investigative Uses
• Public Safety & National Security
129. 129
PDPA กับการวิจัย
• Research Not Involving Personally Identifiable Information (PII)
• Human Subject Research Involving Personally Identifiable
Information (PII)
• Authorized by Law (Legal Obligation, Public Task, Legitimate Interst vs.
Requiring Informed Consent)
• Prospective Research
• Informed Consent Feasible
• Informed Consent Not Feasible
• Retrospective Research
• De-identification Feasible
• De-identification Not Feasible
145. 145
▪Privacy: “The ability of an individual or group to seclude
themselves or information about themselves and thereby
reveal themselves selectively.” (Wikipedia)
▪Security: “The degree of protection to safeguard ... person
against danger, damage, loss, and crime.” (Wikipedia)
▪Information Security: “Protecting information and information
systems from unauthorized access, use, disclosure, disruption,
modification, perusal, inspection, recording or destruction”
(Wikipedia)
Security & Privacy