Comparative analysis of effective data protection practices in healthcare: Russia and international standards

Cover Page

Cite item

Full Text

Abstract

A comparative legal analysis has been conducted on the legislation and practices regarding the protection of patients' personal data in the healthcare systems of Russia, the USA, the EU, China, and several other Asian countries. The main research methods employed include comparative-legal analysis, formal-legal analysis, expert-analytical methods, visualization techniques, and structural analysis. The aim of the study is to analyze the legislation related to the protection of patients’ personal data in healthcare across different countries and to identify recommendations for Russia. The findings indicate that the USA and the EU are leaders in this area, with specific laws governing the protection of personal data in healthcare that impose strict requirements on medical data operators and significant penalties for violation. It is noted that Russian legislation on data protection in healthcare aligns with global trends toward digitalization and personal data protection. However, challenges remain in law enforcement due to underfunding of IT infrastructure in medical organizations, a shortage of qualified personnel, and low digital literacy among medical staff. The results of this study provide a foundation for further scientific research into the transformation of medical privacy protection systems in light of advancements in big data technologies, AI, and the Internet of Things. The paper advocates for a differentiated legal regulation based on categories of information (such as genetic and biometric data), argues for strengthened liability for violations, and proposes specific legislative innovations.

About the authors

Diana A. Lebedeva

National Research University “Higher School of Economics”

Author for correspondence.
Email: lebedevady@yandex.ru
ORCID iD: 0000-0003-0070-8300
SPIN-code: 1985-0155

Law faculty

3 Bolshoy Tryokhsvyatitelsky Per., Moscow, 101000, Russian Federation

References

  1. Adler-Milstein, J. & Jha, A.K. (2017) HITECH Act Drove Large Gains In Hospital Electronic Health Record Adoption. Health Affairs. 36(8), 1416-1422. https://doi.org/10.1377/hlthaff.2016.1651
  2. Bradford, L., Aboy, M. & Liddell, K. (2019) International health data-sharing norms: from the OECD to the General Data Protection Regulation (GDPR). Hum Genet., 575-582. https://doi.org/10.1007/s00439-018-1919-7
  3. Cheng, L., Liu, F. & Yao, D. (2017) Enterprise data breach: causes, challenges, prevention, and future directions. Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery. 7(5). e1211. https://doi.org/10.1002/widm.1211
  4. Dai, H.N., Zheng, Z. & Zhang, Y. (2019) Blockchain for Internet of Things: A Survey. IEEE Internet of Things Journal. 6. 8076-8094. https://doi.org/10.1109/JIOT.2019.2920987
  5. Edemekong, P.F. & Haydel, M.J. (2024) In: StatPearls. Health Insurance Portability and Accountability Act. StatPearls Publishing. pp. 18-19.
  6. Edemekong, P.F., Annamaraju, P. & Haydel, M.J. (2024) In: StatPearls. Health Insurance Portability and Accountability Act. StatPearls Publishing. pp. 8-12.
  7. Evans, R.S. (2016) Electronic Health Records: Then, Now, and in the Future. Yearb Med Inform. Suppl 1(Suppl 1), 48-61. https://doi.org/10.15265/IYS-2016-s006
  8. Greenleaf, G. (2019) Global Tables of Data Privacy Laws and Bills. 6th Ed. Privacy Laws & Business International Report. (9). https://doi.org/10.2139/ssrn.2280875
  9. Gurtsko, L.D., Smirnov, E.K., Baranova, T.V., Tykyl-Ool, A.С. (2024) Digital competences of medical workers - priority of staffing of the health care system. Zdorovye megapolisa. 5(3), 167-172. https://doi.org/10.47619/2713-2617.zm.2024.v.5i3
  10. Okishev, B.A. (2022) Realisation of personal data protection in the field of medicine. Bulletin of the O.E. Kutafin University (Moscow State Law Academy). (4). 120-126. https://doi.org/10.17803/2311-5998.2022.92.4.120-126
  11. Poduzova, E.B. (2023) Personal data of the patient and his legal representative: the specifics of electronic provision in the context of the application of ‘artificial intelligence’ technologies in digital medicine. Actual problems of Russian law. 18(4), 86-92. https://doi.org/10.17803/1994-1471.2023.149.4.086-092
  12. Wikina, S.B. (2014) What Caused the Breach? An Examination of Use of Information Technology and Health Data Breaches. Perspectives in health information management. 11(Fall), 1h.
  13. Zhang, X., Liu, S., Chen, X., Wang, L., Gao, B. & Zhu, Q. (2018) Health information privacy concerns, antecedents, and information disclosure intention in online health communities. Information and Management. 55(4), 482-493.

Copyright (c) 2025 Lebedeva D.A.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

This website uses cookies

You consent to our cookies if you continue to use our website.

About Cookies