On the afternoon of May 12, the National Assembly discussed in groups the draft Law on Personal Data Protection.
Contributing opinions to the Draft, Delegate Nguyen Tri Thuc - Ho Chi Minh City National Assembly Delegation said that there are 4 clauses in this article, of which Clause 2 stipulates: "Organization and individuals operating in the health sector shall not provide personal data to organizations providing health care services or health insurance services, unless there is a written request from the data subject".
However, in reality, in emergency cases, emergencies, referrals, transferring health data is very necessary and the majority of doctors are in a hurry when consulting, sometimes just by phone, not in time to transfer documents.
Mr. Thuc said that if the consent of the data owner (in the medical field, it is temporarily called a patient) allows the doctor to share the data, it will not be possible in time. Not to mention in many cases of coma patients, no family members, or traffic accidents,...
"In these cases, it is necessary to allow 2 doctors, including 2 medical facilities, to exchange data without the consent of patients and families. Therefore, I suggest adding one more question: Allow sharing of health data in emergency, emergency or need for professional consultation without the consent of the patient. This is very important, related to the patient's life" - Mr. Thuc said.
In addition, delegate Nguyen Tri Thuc also mentioned the current situation, in the market, there are many digital health applications, collecting health data, including heart rate, blood sugar, exercise index, etc. However, the draft does not have specific regulations on digital healthcare platforms.
"It is necessary to supplement regulations on the collection and processing of health data in health applications, including encryption standards, security when storing health data on the application, and access procedures for third parties such as hospitals or health insurance.
In addition, there needs to be a mechanism for users to control their data on the application, such as data Deletion rights, limiting information collection, thereby helping to ensure health confidentiality when using the health monitoring app of each individual..." - Mr. Thuc suggested.
Proposal to consider a penalty of 1-5% of business revenue
Delegate Do Duc Hien - Ho Chi Minh City National Assembly Delegation - said that it is necessary to reconsider the regulation on applying an administrative penalty of 1% to 5% of the previous consecutive year's revenue of organizations and enterprises that violate regulations on personal data protection.
"For example, for a large multi-industry corporation, operating in many fields, the annual revenue is very large. The case of an administrative violation handling 1-5% of revenue is very large, I think it is not commensurate, I suggest considering this content and having some research to rectify it" - Mr. Duc said.
Regarding this content, Mr. Truong Trong Nghia - Ho Chi Minh City National Assembly Delegation said:
"The regulation of 1-5% of revenue cannot be said to be too much or too little. It is necessary to have a correlation between the fine level and the damage or profit of the enterprise from the violation".
