A Framework to Evaluate Citizens’ Data Privacy in Health Care Systems and Tracing Apps used during COVID-19

Abstract

Healthcare industry has seen rapid growth worldwide in recent years and many advance countries have shifted from manual records to computerised health care systems. Automated healthcare systems, mobile health apps, wearable gadgetries, and various types of sensors collect and stores individuals’ data in electronic form. These steps have revolutionised the healthcare industry, however, raised serious data privacy concerns globally being privacy the fundamental human right. As health records are extremely valuable and are always subject to data breaches. To address this, countries all over the world are taking appropriate measures and tightening their data protection laws. In this research, initially health systems and use of medical data is discussed along with related privacy and security challenges. Then, the data privacy during pandemic and various data privacy preserving techniques have been presented. Then, popular data privacy legislations of key countries like HIPPA (US), GDPR (EU), PIPEDA (Canada) and PIPL (PRC) have been discussed along with regulations which cover citizen privacy in Pakistan. Based on best principles and practices of popular regulations, a framework has been proposed to evaluate citizens data privacy in Health care systems and Apps with Key Performance Indicators (KPIs). Finally, a case study has been presented in which tracing apps used to collect data during COVID-19 were analysed in detail and evaluated through proposed framework. At the end recommendations are made basing on privacy concerns found as result of evaluation.