Brian Hioeby Brian Hioe
語言:
English
Photo Credit: Solomon203/WikiCommons/CC BY-SA 3.0
THE EXECUTIVE YUAN has approved draft legislation to manage the data from the National Health Insurance (NHI) system. Such legislation follows on a 2022 ruling by the Constitutional Court that decided that the use of NHI data by academic and research institutions was permissible, but there was a requirement for an opt-out mechanism and an oversight mechanism. To provide that oversight mechanism, a consultative committee will be established.
Penalties will also be established for misuse of NHI data. Unauthorized use of data can be fined between 2 million and 10 million NT and a one-year ban on using NHI data. Likewise, theft, destruction, or other illegal actions against the NHI core system could lead to a maximum seven-year prison sentence and an additional 10 million NT fine, while violations on the basis of national security could face a maximum ten-year prison sentence with an additional 50 million NT fine.
Taiwan’s NHI system provides a wealth of data that could be used for the development of new drugs, or targeted treatments. At the same time, civil society groups have also been critical of the potential for misuse on privacy grounds. Even if health insurance information used for research purposes is supposed to be anonymized, there have been criticisms in the past that this is insufficient.
This led civil society groups such as the Taiwan Association for Human Rights to file a lawsuit on constitutional grounds, calling for an opt-out mechanism, seeing as the use of private data may be something that marginalized groups do not wish for. The possibility of anonymized data being re-identified through comparison with other data sets has also been raised.
Taiwan, too, has faced issues with database leaks in the past. In 2023, there was a police investigation into government workers at the NHI system who could have been responsible for earlier leaks dating back to 2009, with workers questioned over records they retained or overseas accounts that they had been found to have. Yeh Feng-ming, the now-retired chief secretary of the National Health Insurance Administration (NHIA), was found to have over 1 billion NT in overseas accounts, with it suspected that he and other NHIA workers may have sold this information to China.
The NHI leak took place in the same timeframe as a purported leak of household registration information for almost all Taiwanese citizens. The dataset was for household registration for 23.57 million pieces of information on household registration, apparently stolen from the Ministry of the Interior’s Department of Household Registration, and was for sale on the BreachedForum website.
The same account offering this dataset for sale was also selling 28.11 million pieces of information from the Bureau of Labor Insurance and 1.68 million pieces of stock exchange information. This purports to include information on the residences of government officials such as vice president William Lai, National Security Council Wellington Koo, and Minister of Economic Affairs Wang Mei-hua.
The Ministry of the Interior (MOI) denied that the household registration is accurate, claiming that the data is outdated. Some of the information seems to show a dating system that is no longer used.
An apparent whistleblower hacker who went with the information to the Taiwan People News stated that some of the information is from when Taiwan’s entire national database was leaked onto the Dark Web in May 2020 by the hacker Toogod, which was supposedly from 2019. The MOI was accused of trying to deflect blame for the leak or being unaware of it entirely.
Indeed, the same year, the use of genetic information for more than 600,000 patients for an Academia Sinica research project led to criticisms from legislator Huang Kuo-shu in February that this could potentially be a violation of the Human Biobank Management Act. Namely, according to the Human Biobank Management Act, patients must consent to their data being used and be allowed to withdraw use of the data at any given time. Some patients may not have signed off consent on their data being used, but had their information included in the database.
As part of the project, Academia Sinica’s Institute of Biomedical Sciences has access to the genetic information of over 600,000 individuals, to match individuals with suitable medicines in a manner that minimizes resources.
While efforts by the Executive Yuan to propose draft legislation on NHI data come after the Constitutional Court ruling and in light of these controversies, one notes that this predates the rise of AI tools in the last few years. It is to be seen whether the legislation is adequate to deal with AI tools.