Skip to main content

Table 2 Data protection laws in some of the countries

From: Big healthcare data: preserving security and privacy

Country Law Salient features
USA HIPAA Act
Patient Safety and Quality Improvement Act (PSQIA) HITECH Act
Requires the establishment of national standards for electronic healthcare transactions. Gives the right to privacy to individuals from age 12 through 18
Signed disclosure from the affected before giving out any information on provided healthcare to anyone, including parents
Patient Safety Work Product must not be disclosed [63]
Individual violating the confidentiality provisions is subject to a civil penalty
Protect security and privacy of electronic health information
EU Data Protection Directive Protect people’s fundamental rights and freedoms and in particular their right to privacy with respect to the processing of personal data [64]
Canada Personal Information Protection and Electronic Documents Act (‘PIPEDA’) Individual is given the right to know the reasons for collection or use of personal information, so that organizations are required to protect this information in a reasonable and secure way [65]
UK Data Protection Act (DPA) Provides a way for individuals to control information about themselves
Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects
Morocco The 09-08 act, dated on 18 February 2009 Protects the one’s privacy through the establishment of the CNDP authority by limiting the use of personal and sensitive data using the data controllers in any data processing operation [66]
Russia Russian Federal Law on Personal Data Requires data operators to take “all the necessary organizational and technical measures required for protecting personal data against unlawful or accidental access”
India IT Act and IT (Amendment) Act Implement reasonable security practices for sensitive personal data or information. Provides for compensation to person affected by wrongful loss or wrongful gain. Provides for imprisonment and/or fine for a person who causes wrongful loss or wrongful gain by disclosing personal information of another person while providing services under the terms of lawful contract
Brazil Constitution The intimacy, private life, honor and image of the people are inviolable, with assured right to indigenization by material or moral damage resulting from its violation
Angola Data Protection Law (Law no. 22/11 of 17 June) With respect to sensitive data processing, collection and processing is only allowed where there is a legal provision allowing such processing and prior authorization from the APD is obtained