Japan Journal of Medical Informatics Volume 24, Issue 5

Social Background to Legislation of the Personal Data Protection Act in Japan

 In April 2005, the Personal Data Protection Act became effective in Japan. There are two guidelines for the healthcare area to support the Personal Data Protection Act, “Guideline for the Appropriate Treatment of Personal Data on Healthcare Providers” and “Guideline Concerning Safety Management of Medical Information Systems”. Medical professionals, including members of our association specializing in medical informatics, might feel that the requirements of these law and guidelines are severe and that they make their routine clinical work, research and education quite complex. However, in view of the current situation in Japanese medical facilities and the ideas underlying the Personal Data Protection Act, these guidelines are actually not thoroughgoing enough. In other words, it is highly probable that these guidelines will need to be revised and made more strict in the near future.
 The basic concept underlying the Personal Data Protection Act is the protection of personal data, which is a basic right of a citizen, rather than the conventional notion of an obligation to maintain confidentiality. Therefore, when dealing with the Personal Data Protection Act, primary attention must be paid to the underlying principle and the citizen’s attitude that serves as the background of these principle. To understand the citizen’s attitude, it is quite important to know the historical background of privacy in Japan.
 This paper will present the social background against which the Personal Data Protection Act was legislated and trace the course of changes and the elevation of the citizen’s attitude of privacy protection in Japan, with reference to the situation in other countries.

The Structure of Japan Personal Data Protection Act

 Japan Personal Data Protection Act was established in May, 2003. After annexed new clauses such as “the obligation of personal data dealing sectors” and “the promotion of private body protection”, it is scheduled to be enforced in April, 2005.
 As it urges that the ministries which manage “the project” should develop the guidelines for the “right” use of personal data, National Life Council issued the keynote on personal data protection based on its fundamental principle and future direction.
 Under the ongoing sophisticated computerization, with considering the usefulness of personal data both in the public and private sectors, it aims to protect personal right and benefit including individuality, dignity, and property, which is expected to lead to the well-balanced data access.
 While, it is not too much to say that medical services are built on the accumulation and use of personal health data. Besides, without doubt, “right” data access is the key for the improvement of public health and the development of science. Here, Personal Data Protection Act will be refocused from the view point of accelerating the right use of medical information.

Introduction of “Security Guidelines for Medical Information Systems by Ministry of Health, Labor and Welfare of Japan 2005”

 In March 2005, the Ministry of Health, Labor and Welfare of Japan published “Security Guidelines for Medical Information Systems 2005”. This guideline have some standpoints, the supplemental guidelines of “Guidelines for privacy protection in health field, a part of infrastructure for Information and Communication Technology Strategy of Japanese government, guidelines for applying Digital Documents Act in health field, and update version of guidelines for digital storage of medical records. Indeed we had some security guidelines for medical information systems, but those are only applied with limited situation and not for general information system security. This is the first attempt to make guideline for general security of various medical information systems and we hope this guideline will be baseline to build up social consensus for security and privacy protection of medical information systems.