코로나 팬데믹 사태에서 의료 빅데이터 수집과 활용에 따른 법적 문제

선종수 ( Sun Jong Soo ) 한국비교형사법학회 2021 비교형사법연구 Vol.22 No.4

과학기술은 날로 발전하고 있으며, 앞으로 어떠한 모습으로 어떻게 변화할 것인지 예측도 하지만, 그렇지 않은 경우도 있다. 기술 발전에 따라 삶은 풍요로워질 뿐만 아니라 편리해 질 것이다. 그러나 이와는 반대로 다양한 문제도 노출된다. 특히 개인의 사생활 침해는 예전이나 지금이나 향후에도 여전히 풀어야 할 숙제로 남는다. 개인의료정보를 수집·관리·분석을 위해서 정보주체의 명시적 사전동의가 필요하다. 그리고 이를 활용하기 위해서는 광범위한 개인의료정보가 빅데이터로 축적되어야 하며, 이들 정보를 의료기관들 사이에서 공유할 수 있어야 비로소 의료 빅데이터가 구축된 것이라 할 수 있다. 이러한 개인의료정보를 빅데이터로 구축한다는 것은 개인의료정보를 보호한다는 측면과 정면으로 충돌할 가능성이 있다. 개인의료정보의 ‘활용’은 대부분 연구를 위한 목적으로 사용되고 이를 통해 우리 사회의 새로운 방어체계를 구축하는 것에 도움이 되는 긍정적 효과가 나타날 수 있다. 그러나 긍정적 측면이 있음에도 불구하고 개인의료정보는 민감정보로 유출 등으로 인한 피해의 위험성이 언제나 상존하고 있다. 이러한 위험성에 대한 법적 한계를 설정하는 것은 「개인정보 보호법」을 기본으로 하고 있다. 그러나 의료정보라는 특수한 영역을 전반적으로 다룰 수 있는 것은 아니다. 이에 따라 「의료법」을 비롯하여 「보건의료기본법」 등 여러 법률에서 이에 관하여 규율하고 있다. 우리와는 달리 미국, 캐나다 그리고 프랑스의 경우 단일화된 법률로 의료정보를 관리하는 체계를 갖추고 있다. 앞으로 우리 사회는 현재보다 더 많은 의료정보를 수집하고 빅데이터로 축적할 것이며, 이를 여러 산업현장에서 활용할 것이다. 이러한 과정은 필연적으로 자기정보결정권의 침해 문제, 개인의료정보 소유권 문제 그리고 수집되고 분석한 개인의료정보 활용에서 정보 보관과 폐기 등 다양한 문제가 제기될 것이다. 위험성 제거를 위한 강력한 법적 규제를 할 경우 수집한 의료정보를 적절하게 활용함에 제한을 받게 된다. 이는 개인정보를 보호한다는 측면에서만 보면 적합하지만, 모든 국민의 사회보장 또는 보건의료복지의 보장 측면에서 보면 적합하지 않은 결과를 초래하게 된다. 따라서 이를 적절하게 운용할 수 있는 방안을 모색해야 하며, 그 방안은 정책적 모형으로도 가능하지만, 법적 근거를 가질 수 있는 방향으로 찾아야 할 것이다. Scientific technology is developing day by day, and people try to predict in what way and how it will change in the future, but it’s not always predictable. With the development of technology, life will become not only affluent but also convenient. Yet, on the other hand, diverse problems will be exposed, too. In particular, the invasion of personal privacy was, is and will be still the problem to solve. For the collection, management and analysis of personal medical information, clear prior consent by the owner of the information is necessary. In addition, for the use of this, an extensive range of personal medical information needs to be accumulated as big data, and only when this information can be shared among medical organizations, we can say medical big data has been established. This establishment of personal medical information itno big data has the possibility of coming into conflict with the position of protecting personal medical information. The ‘use’ of personal medical information is mostly for the purpose of research, through which, there can be the positive effect of helping establish a new protection system of our society. Yet, in spite of the positive aspect, the danger of damage because of the leakage of sensitive information always coexits in personal medical information. To set legal limit to prevent this danger is based on 「the Personal Information Protection Act」. However, it can’t cover all the areas of the special field of medical information. Accordingly, different laws including 「Medical Law」 and 「Framework Act on Health and Medical Services」 regulate it. Different from Korea, the United States, Canada and France have the system to manage medical information with unified law. Our society will collect more medical information in the future than in the present, accumulate it as big data, and use it in different industrial sites. In this process, a vaiety of problems will necessarily occur, such as the violation of the right to informational self-determination, the ownership of personal medical information, and information keeping and discard in the use of the collected and analyzed personal medical information. In case of strong regulation to get rid of danger, the proper use of the collected medical information becomes limited. It’s appropriate from the aspect of protection of personal information, but it can bring about undesirable results from the aspect of the guarantee of the social security or health care welfare of all citizens. Therefore, the way to manage it properly needs to be found, and even though it is possible as a policy model, the direction should be toward the establishment of the legal foundation.

개인의료정보 활용 가능성에 대한 비교법적 고찰: 한국과 중국을 중심으로

이한주 경희대학교(국제캠퍼스) 국제지역연구원 2023 아태연구 Vol.30 No.3

In the era of big data, the medical and industrial worlds are making great efforts to utilize medical information based on various technologies. Of course, it is true that the government has a positive attitude towards the use of information to pioneer new industrial fields in the era of great change called the 4th Industrial Revolution. However, compared to general personal information, the need for protection is required at a high level in that the degree of damage to the information subject is much greater in case of infringement of medical information. For this reason, the protection and utilization of medical information are often perceived as contradictory or difficult to coexist like two sides of a coin. In February 2020, the Personal Information Protection Act was revised, and through this, the contents of ‘pseudonymized information’ were newly established. This is defined as ‘information that cannot identify a specific individual without the use or combination of additional information to restore personal information to its original state by pseudonymizing it’. However, there is a possibility that pseudonymous information can be technically restored as personal information, and in this case, if an infringement of personal information occurs, an issue may be raised about how to solve it. In particular, when pseudonymized medical information is restored, it can cause serious infringement on government entities. On the other hand, Korea has been discussing for a long time since the introduction of the right to request transmission in Article 20 of the GDPR of the EU, and the right to request transmission of personal information was newly regulated with the revision of the Personal Information Protection Act in 2023. This right can request companies and institutions that hold their personal information to transfer that information to another place, which is one of the core rights of information subjects necessary to implement My Data. However, if the patient, the subject of information, requests to transmit his or her medical information to another institution, a problem of information leakage may occur. In this paper, we look at the provisions of pseudonymous information and the right to request personal information transmission in terms of personal information utilization in our personal information protection law and similar contents in China’s personal information protection law, and try to find implications for the development of our law.

개인정보보호법상 의료정보 적용의 문제점과 해결방안

이한주(Lee Han Joo) 헌법이론실무학회 2016 헌법연구 Vol.3 No.2

헌법상 개인정보자기결정권에 의해 보호받는 의료정보는 현재 개인정보보호법 등의 규율을 받고 있다. 물론 개인정보보호법 상의 ‘민감정보’규정에 의해 일반정보와 비교해서 특별한 보호를 받는 것으로 이해할 수 있지만, 이 규정들을 통해서 완전하게 보호가 이루어지고 있다고 판단하기는 어렵다. 이는 크게 두 가지 관점에서 파악할 수 있다. 첫째, 민감정보는 의료정보 외에도 사상, 정치적 견해 등을 포함하는데, 각 분야별 정보를 동일한 수준으로 보호하도록 하고 있다. 둘째, 의료정보 중에서도 더 많은 보호를 필요로 하는 정보에 대해서도 동일하게 보호하고 있다. 결국 이는 의료정보를 포함해서 모든 민감정보를 동일한 규정으로 처리하는 것을 의미하는데, 각 정보들의 특성, 중요도 등을 고려하면 바람직하지 않다고 판단된다. 본 논문에서는 의료정보의 특성을 통해서 헌법적 보호 필요성을 도출하고, 기존의 개인정보보호법의 문제점 제기를 통해서 동법의 개정가능성 및 개별법으로서의 개인의료정보보호법 제정의 필요성 여부를 살펴보고자 한다. 특히 개별법 제정과 관련하여 과거 17대·18대 국회 때의 입법과정과, 외국에서 의료정보와 관련된 개별입법제정 여부를 확인한 후에 새로운 법률의 입법방향과 주요내용을 제시해보고자 한다. In the knowledge and information society, the protection of personal information is recognized with the issue of importance. But so far the means for the protection of personal information was insufficient, and each individual could not comprehend well the protection of personal information even though it is that important. In addition, it is not easy to discuss information in the legal category because it is impossible to classify the type of information or to apply to a general principle to information. Although it is necessary to reveal these problems in the dimension which is constitutional, the research is not plentifully advanced. Especially there was little research which relates with the problem of personal medical information. Consequently this doctoral dissertation presents a problem solving method. International organizations (UN, OECD) and the developed countries such as the United States, Germany and Great Britain and Japan had a deep concern about personal information protection. Except United States, many countries have a general principle and provision about the protection of not personal medical information but personal information. In past we distinguished a public section and a private sector respectively in protecting of personal information. But ‘The Personal Information Protection Law’ as general law for all types of information was established in 2011. The personal information of all types is made to be under the application of this law. Nonetheless, this law has a problem and will not be able to protect personal medical information. Consequently through solving these problems, I wish to propose the principle and contents of provisional name ‘Personal medical information protective bill’.

2023년 개정 개인정보보호법과 마이데이터 활용 방안 -보험업을 중심으로-

유주선 한국금융법학회 2023 金融法硏究 Vol.20 No.2

2020년 데이터 3법이 개정되어 데이터 이용의 활성화를 도모한 바 있다. 데이터 3법 개정에도 불구하고 개정된 법률 내용이 현실과 괴리되어 불합리하다는 지적이 제기되었다. 현실에 합당한 개인정보 활용을 도모하고, 정보주체의 개인정보 보호를 강화하며 개인정보보호법의 국제적 정합성을 도모하고자 2023년 다시 한 번 개인정보보호법 개정이 이루어졌다. 금번 개정 내용 가운데 본 논문은 마이데이터 사업과 관련된 내용을 다루고 있다. 마이데이터 사업은 개인정보주체의 권리확대를 그 내용으로 하는 개인정보 전송요구권과 밀접한 관련을 맺고 있다. 이러한 권리는 유럽연합의 GDPR과 신용정보법에 도입된 내용을, 우리의 입법자가 일반법인 개인정보보호법에 도입한 것이다. 개인정보보호법상 개인정보 전송요구권 도입은 개인이 제공한 정보를 본인이나 제3자에게 전송할 수 있게 된다. 개인정보 전송요구권은 정보주체로 하여금 자신의 개인정보가 먼저 보유한 특정 회사에만 처리되어 머물러 있지 않게 된다. 즉, 후발 회사 역시 새로운 서비스나 이전 회사에 제시되었던 서비스를 능가하는 서비스를 제공할 수 있게 될 것이다. 신용평가나 자산관리를 포함한 건강관리나 맞춤형 상품을 추천할 수 있는 계기가 마련될 수 있게 될 것이다. 마이데이터 사업의 도입은 보험업에도 상당한 관심을 촉발할 것으로 예상된다. 무엇보다도 새로운 건강 관련 보험상품이 출현할 가능성이 높다. 개인의 건강검진 정보를 통한 개인에 최적화된 상품이 제공될 수 있게 된다. 개인의 맥박이나 혈당, 생활습관이나 운동량 등의 의료정보는 이러한 상품개발에 중요한 바탕이 될 수 있다. 하지만 마이데이터 사업이 활성화되기 위해서는 마이데이터 종합지원 플랫폼 구축, 전송체계 표준화, 과금 체계의 합리화, 데이터 유통시장 연계 강화 등이 조기에 개선되어야 하며, 의료법과 관련되어 아직 미해결된 부분이 남아 있는바, 이를 해소하는 작업이 이행되어야 할 것이다. In 2020, the three data laws were revised to promote the use of data. Despite the revision of the Data 3 Act, it was pointed out that the contents of the revised law were estranged from reality and were unreasonable. In 2023, the Personal Information Protection Act was revised once again to promote the use of personal information appropriate to reality, strengthen the protection of personal information of information subjects, and promote international consistency of the Personal Information Protection Act. Among the contents of this revision, this thesis deals with contents related to the My Data project. The My Data business is closely related to the right to request transmission of personal information, the content of which is to expand the rights of the subject of personal information. These rights were introduced in the GDPR and Credit Information Act of the European Union, and our legislators introduced them into the general law Personal Data Protection Act. The introduction of the right to request transmission of personal information under the Personal Information Protection Act enables individuals to transmit information provided to them or to a third party. The right to request the transfer of personal information allows the information subject to process his/her personal information first and not stay in a specific company. In other words, latecomers will also be able to provide new services or services that surpass those offered by previous companies. It will be possible to provide an opportunity to recommend health care or customized products, including credit evaluation and asset management. The introduction of the My Data business is expected to spark considerable interest in the insurance industry. Above all, new health- related insurance products are likely to emerge. Products optimized for individuals can be provided through personal health checkup information. Medical information such as an individual's pulse rate, blood sugar, lifestyle, or amount of exercise can be an important basis for product development. However, in order to activate the My Data business, the establishment of a comprehensive My Data support platform, standardization of the transmission system, rationalization of the billing system, and strengthening of data distribution market connection must be improved at an early stage. However, work to resolve this will have to be implemented.

개인의료정보 비정형데이터 관리시스템 설계 및 구현

이동원,이상준 한국지식정보기술학회 2021 한국지식정보기술학회 논문지 Vol.16 No.1

Medical data is in the spotlight with the greatest potential value, and it is becoming an era of medical big data due to the use of information systems. Most medical data are unstructured and contain personal medical information. Due to the frequent leakage of personal medical information and lack of clear procedures and guidelines for managing unstructured data, it is time for practical research that can be applied to personal information processing systems. In this paper, a study was conducted on the management of unstructured data for personal information processing systems. In order to classify unstructured data, irregularly managed data were grouped by attributes and stored in each folder, and a file list classification system was designed based on conditions such as personal information, scan quality, and applicability of unidentifiable processing technology for files containing stored personal medical information in each folder. A survey was conducted for the operation of the designed file list classification system, and unstructured data was classified based on these results. By applying a dual access authority method that combines dual encryption (de-identification processing solution, file encryption solution) and access authority and cryptographic authority method, the personal information processing system was implemented so that personal medical information can be utilized and operated.

개인정보 보호와 빅데이터 활용의 충돌, 그 문제와 입법정책 과제

윤석진(Seok Jin Yoon) 중앙법학회 2015 中央法學 Vol.17 No.1

Recently, an area of the health & medical sector is going ahead noticeable in the domestic Big Data policy area. The health & medical information of individuals is equivalent to the most sensitive information. Sensitive information, such as medical and health information is collected and analyzed over the steps in the public sector. Being transferred to the private sector, private sector leverage big data management and controlling them has a very important meaning in the privacy level. The current health & medical Big Data Policy did not have a legislative basis in despite of its usefulness virtually. Accordingly, it is necessary to improvement the legislation of the health & medical Big Data Policy. To do this, it is necessary to flexibly determine the scope of protection of personal information on the "Personal Information Protection Act". And there is a need to confirm personal information is "subject to privacy protection" and "free circulation destination". And it is necessary to introduce a personal information collecting method based on opt-out system in "Personal Information Protection Act". On the other hand, in the "Act on Promotion of the provision and Use of Public Data" shall have the leverage big data based on opt-out scheme according to the "Personal Information Protection Act". Thus, it is required to determine how the data in the public policy of all operations, including health & medical Big Data. In this case, "Act on Promotion of the provision and Use of Public Data" shall have the action to reduce the risks according to introduction of the opt-out system. For this purpose it is necessary to ensure the Right to Informational Self-Determination as procedural rights of the subject of information. Finally, "Act on Promotion of the provision and Use of Public Data" are in a position of special laws for the "Personal Information Protection Act" in the Personal Information Protection``s area. At the same time, "Act on Promotion of the provision and Use of Public Data" should be brought to the location of the Basic Law in Big Data application fields. This will be the most desirable and the legal system in the area take advantage of Big Data.

디지털헬스케어환경에서 개인정보의 활용과 규제의 합리적 조화방안 연구

김수영,김현경 경북대학교 IT와 법연구소 2016 IT와 법 연구 Vol.0 No.12

The developments of ICT are anticipated as a solution to address the challenges of medical areas, such as medical treatment, preventive medicine. But now our country has been severely restricted in the "Medical Service Act" and "Personal Information Protection Act", with respect to the use of personal health information in its application for medical purposes, etc, therefore medical services using cloud computing and big data analysis are impossible. Already, leaders in the ICT sector such as Apple, Google and Samsung, pointed to digital healthcare industry as the next generation industry and has ventured a bold investment, however in Korea, the commercialization of these advanced digital healthcare services has been delayed. In this paper, we explore the regulatory Improvement of "personal health information" for the rational implementation of digital health care services. Restrictions on the personal medical information based on the characteristics of the conventional health care settings are not proper and regulation of personal medical information that meets the new digital healthcare environment must be made. As the way, the paper proposed the following. ; First, the rational modification of the regulatory are needed for acceptance of new technologies such as cloud computing, etc. Second, the application range of the EMR system should be extended as to maximize the added value of personal health information. Third, the appropriate regulation and surveillance and monitoring system of healthcare apps and digital medical equipment that generates the personal health information were established so that the public interest in the medical area to be compliant in order to ensure the accuracy and reliability of personal health information.

보건의료정보의 법적 보호와 열람ㆍ교부

정용엽 대한의료법학회 2012 의료법학 Vol.13 No.1

In a broad term, health and medical data means all patient information that has been generated or circulated in government health and medical policies, such as medical research and public health, and all sorts of health and medical fields as well as patients' personal data, referred as medical data (filled out as medical record forms) by medical institutions. The kinds of health and medical data in medical records are prescribed by Articles on required medical data and the terms of recordkeeping in the Enforcement Decree of the Medical Service Act. As EMR, OCS, LIS, telemedicine and u-health emerges, sharing and protecting digital health and medical data is at issue in these days. At medical institutions, health and medical data, such as medical records, is classified as “sensitive information” and thus is protected strictly. However, due to the circulative property of information, health and medical data can be public as well as being private. The legal grounds of health and medical data as such are based on the right to informational self-determination, which is one of the fundamental rights derived from the Constitution. In there, patients' rights to refuse the collection of information, to control recordkeeping (to demand access, correction or deletion) and to control using and sharing of information are rooted. In any processing of health and medical data, such as generating, recording, storing, using or disposing, privacy can be violated in many ways, including the leakage, forgery, falsification or abuse of information. That is why laws, such as the Medical Service Act and the Personal Data Protection Law, and the Guideline for Protection of Personal Data at Medical Institutions (by the Ministry of Health and Welfare) provide for technical, physical, administrative and legal safeguards on those who handle personal data (health and medical information-processing personnel and medical institutions). The Personal Data Protection Law provides for the collection, use and sharing of personal data, and the regulation thereon, the disposal of information, the means of receiving consent, and the regulation of processing of personal data. On the contrary, health and medical data can be inspected or delivered of the copies, based on the principle of restriction on fundamental rights prescribed by the Constitution. For instance, Article 21(Access to Record) of the Medical Service Act, and the Personal Data Protection Law prescribe self-disclosure, the release of information by family members or by laws, the exchange of medical data due to patient transfer, the secondary use of medical data, such as medical research, and the release of information and the release of information required by the Personal Data Protection Law.

의료정보관리 전공 학생의 개인정보보호 인식에 관한 연구

송경진 한국전문경영인학회 2023 專門經營人硏究 Vol.26 No.3

사회적인 정보화 흐름에 맞추어 의료시장에서도 정보를 활용한 의료서비스 제공이 보편화 되었다. 정보화시대의 도래로 각종 자료를 경영, 마케팅, 통계 등 다양한 분야에서 활용하 고 있지만 정보유출과 침해로 인한 피해를 초래하기도 한다. 특히 개인의 의료정보는 진단명, 유전정보 등 민감한 정보를 포함하기에 그 중요성이 더욱 크다. 이에 본 연구는 의료현장에서 환자의 개인정보를 밀접하게 다루는 보건의료정보관리 전공학생들의 개인 정보보호 행위에 대한 인식과 실천의도를 알아보고자 수행되었다. 부산광역시의 보건의 료정보관리 전공학생들을 대상으로 자가기입식 설문지를 통해 자료수집 하였으며, SPSS 프로그램을 이용하여 통계적으로 분석하였다. 분석결과 개인정보보호에 대한 일반적 인 식 중 변화성과 주체성이 개인정보보호 행위의 인식도에 유의한 영향을 미치는 것으로 나타났으며, 변화성과 주체성, 책임성이 개인정보보호 행위의 실천의도에 유의한 영향을 미치는 것으로 나타났다. 또한 개인정보보호행위의 인식도는 실천의도에 유의한 영향을 미치는 것으로 나타났다. 추가적으로, 교육여부에 따른 차이를 분석한 결과 교육을 받은 학생들이 개인정보보호의 일반적 인식 중 주체성과 책임성에서 높은 인식수준을 보였으며 집단 간 차이가 유의한 것으로 나타났다. 이를 통해 의료현장에서 개인정보보호 행위를 실천하기에 개인정보보호에 대한 인식이 중요하며, 교육을 통해 수준을 높일 수 있다는 것을 알 수 있었다. 이에 본 연구는 개인정보보호와 관련한 교육의 중요성을 강조하며 학교의 개인정보보호 교육 활성화를 위한 기초자료로서 널리 활용되기를 기대한다. line with changes in social informatization, the provision of medical services through informatization has become common in the medical market. The advent of the information age is widely used in various aspects such as management, marketing, and statistics through various data, but it also leads to cases of damage caused by information leakage and infringement. In particular, personal medical information is more important because it includes sensitive information such as diagnosis and genetic information. Accordingly, this study was conducted to find out the perceptions and practical intentions of students majoring in health information management who closely deal with patients' personal information in the medical field. Data was collected through a self-written questionnaire for students majoring in health information management in Busan, and statistically analyzed using the SPSS program. Among the general perceptions of personal information protection, change and subjectivity significantly affect the perception of personal information protection behavior, and change, subjectivity, and accountability significantly affect the intention to practice personal information protection behavior. In addition, it was found that the degree of recognition of personal information protection behavior had a significant effect on the intention to practice. Additionally, as a result of analyzing differences according to educational status, the students who received education showed a high level of recognition in subjectivity and account ability among the general recognition of personal information protection, and the difference between groups was significant. Through this, it was found that recognition of personal information protection is important to practice personal information protection behavior in the medical field, and the level can be raised through education. Therefore, this study emphasizes the importance of education related to personal information protection and expects to be widely used as basic data for revitalizing personal information protection education in schools.

응급환자 의료정보 활용에 대한 법적 고찰 및 개선방안 연구 - 사후거부권 도입(opt out)과 진료정보시스템 정비를 중심으로 -

권오탁 한국법제연구원 2024 법제연구 Vol.0 No.66

개인정보이며 민감정보인 의료정보는 응급상황에서 신속하고 정확한 진단과 처방에 기반한 적절한 응급의료서비스를 응급환자에게 적시에 제공하기 위한 중요한 자료원이다. 따라서 응급환자의 생존 가능성을 높이고 국민의 생명보호라는 국가의 의무를 보다 충실히 수행하기 위해서는 응급상황에서 개인의 의료정보가 적극적으로 활용될 수 있어야 한다. 그런데 의료정보는 「헌법」에서 보호하고 있는 개인정보자기결정권의 대상이다. 또한 수집된 의료정보를 활용하기 위해서는 정보주체의동의가 전제되거나 법률에 그 근거가 있어야 한다. 그러나 응급상황에서는 동의를 받을 수 없는 경우가 많다. 더군다나 현행 「개인정보보호법」이나 「응급의료에 관한 법률」에서는 응급상황에서 기존에 수집된 의료정보를 응급환자의 동의 없이 활용할 수 있는지 명확하지 않다. 따라서 정보주체의 동의 없이도 최소한 응급상황에서는 해당 응급환자의 의료정보를 응급의료기관에서 확인할 수 있도록 하고, 사후적으로 이를 거부할 수 있는 권리, 즉 사후거부권(opt out)을 법제화할 필요가 있다. 규범적으로 사후거부권(opt out)이 도입되어 응급환자의 의료정보를 법률에 근거하여 동의 없이 활용할 수 있다고 하더라도 의료정보가 실질적으로 응급의료 현장에서 활용될 수 있는 구조가 갖춰져야 한다. 이를 위해서는 다음과 같은 조건을 충족해야 한다. 첫째, 의료정보는 개인별로 구별할 수 있고 또한 구체적인 의료서비스 내용을 확인할 수 있어야 한다. 둘째, 구체적으로 확인할 수 있는 의료서비스의 내용은 시계열적으로 연속성을 갖춰서 과거부터 현재까지의 전체적인 의료정보를 포함해야 한다. 셋째, 이를 위해서는 여러 의료기관에 분산되어 있는 정보주체의 의료정보가 연계성을 갖고 유기적으로 제공될 수 있어야 한다. 응급환자에 대한 의료정보가 체계적으로 활용되기 위해서는 「응급의료에 관한 법률」에 근거하여 설치된 국가응급진료전산망을 통해 응급환자의 의료정보가 연속성과 연계성 있게 제공되고 응급의료기관의 의료인들이 이 정보에 접근 가능해야 한다. 또한 응급상황에서 제공되는 의료정보가 연계성을 갖기 위해서는 의료기관이 운영하는 의료정보 시스템이 의료기관의 규모에 관계없이 상호 연계될 수 있도록 일정한 수준을 유지해야 한다. 구조적인 측면에서의 개선뿐만 아니라 내용적으로도 의료정보를 통해 제공되는 진단, 처치, 수술, 검사 등의 정보가 의료인이라면 누구나 이해하고 해석할 수 있어야 한다. 이러한 이유에서 의료용어와 시스템의 표준화는 응급환자의 의료정보를 활용하는데 있어서 중요한 전제조건이 된다. 국가는 국민의 신체나 생명에 중대한 위해가 발생한 응급상황에서 적극적으로 의료서비스를 제공할 의무가 있다. 이를 위해 국가는 의료정보를 안전하게 관리하면서도 또한 적극적으로 활용할 의무가 있을 뿐만 아니라 구체적으로 활용할 수 있는 여건을 조성해야 할 책임이 있다. 이것이 정보주체의 생명보호라는 중요한 법익을 지키는 행위가 된다는 점에서 현재의 응급의료정보 활용을 위한 법률체계와 환경을 개선할 필요가 있다. Medical information is personal and sensitive information. Medical information is important data for providing appropriate emergency medical services to emergency patients. The state has an obligation to protect the lives of emergency patients by increasing their chances of survival. Therefore, personal medical information must be actively utilized in emergency situations. However, medical information is subject to the right to self-determination of personal information. Therefore, in order to use medical information, the consent of the information subject or legal basis is required. It is no different in emergency situations. However, under the current Personal Information Protection Act or the Emergency Medical Services Act, it is not clear whether medical information of emergency patients can be used without consent. Therefore, it is necessary to specify in law the right to preferentially use medical information of emergency patients in emergency situations without prior consent of the information subject and to refuse it after the fact. Even if medical information can be used without consent based on the Right to object(Opt-out), medical information must actually be able to be used in emergency medical settings. Therefore, first, medical information must be differentiated for each individual and allow confirmation of specific medical service contents. Second, medical information must include overall medical information from the past to the present. Third, the medical information of information subjects dispersed across multiple medical institutions must be linked and provided organically. From this perspective, NEDIS, National Emergency Data Information System established based on the Act on Emergency Medical Services must be established as a system in which medical information of information subjects is provided in continuity and connectivity and is accessible to medical personnel at emergency medical institutions. Additionally, structurally, medical information systems must be able to be interconnected regardless of the size of the medical institution. In terms of content, any medical professional should be able to understand and interpret terms such as diagnosis, treatment, surgery, and examination provided in medical information. Therefore, standardization of systems and terminology is an important prerequisite for utilizing medical information of emergency patients. The state must actively provide medical services in emergency situations. To this end, the country must create specific conditions so that medical information can be managed safely and actively utilized. Therefore, there is a need to improve the legal system and environment for utilizing emergency medical information.