Korean health ministry’s lax management on medical information

Korea’s Government Combined Investigation Unit on Personal Information Crime has brought charges against four IT companies and 20 persons involved in illegal collection of patients’ private medical information including social security numbers, names of diseases and prescriptions from hospitals and pharmacies. T

These companies have sold 4.7 billion cases of personal information for 12.23 billion Korean won (approx. USD 10.44 million). The number of victims reached 44 million. This incident shows how lax Korea’s medical information security system is. The Korea Alliance of Patients Organization argued, “Personal and medical information of 90 percent of the entire Korean population has been sold to foreign nations. The information has become a product that anyone can buy with money. The Korean government must exert its diplomatic power to ensure IMS Health Korea HQ, a multinational medical statistics survey firm, to remove personal information of 43.99 million Koreans.”

The Korea Pharmaceutical Information Center (KPIC), a non-profit foundation under the Korean Pharmaceutical Association, and SK Telecom, Korea’s biggest mobile service provider, are included in the companies involved in illegal collection and leakage of medical information. The KPIC has utilized a computer application that it distributed to pharmacies for free and collected personal information without consent of patients from January of 2011 to November of 2014. The organization has sold the information for 1.6 billion Korean won to IMS Health Korea. The U.S. HQ of the IMS Health Korea sold "statistics of medicine utilization status in Korea" based on the illegally collected information to a Korean medical firm for 7 billion won. Korea was a sitting duck to the multinational medical statistics firm. Civil and criminal trials are underway as the KPIC is also involved in illegal collection and leakage of medical information in 2013. SK Telecom has sold prescriptions of 15.09 million patients without their prior consent to drugstores for 3.6 billion won.

Medical and health big data is recognized for its possibility of utilization for clinical research and new drug development. But the problem lies in a large-scale leakage of personal information. Although Korea bans trades of medical information unlike the U.S., personal information security is lax. It is a common practice for a private hospital to transfer patients’ information to other hospitals without prior consent when the private hospital closes. The health authorities must come up with measures for information security before emphasizing how to utilize such big data.

Under the Act on the Protection of Personal Information that took effect in 2011, it is illegal to process personal and disease information without consent of a patient. IT companies must be blamed for the leakage of patients’ information. But the government should be held accountable for its lax management on the personal information, which allows almost the entire public to become a victim. While the great volume of personal information has been sold to other nations, what has the Ministry of Health and Welfare done?