보건의료데이터의 안전한 활용을 위한 법제도 연구 -핀란드의 「보건⋅복지데이터의 이차 이용에 관한 법률」 입법사례를 중심으로-

Finland, a country with a vast amounts of high-quality health care data has recently made great efforts to stand out as a global health R&D hub within the international trend of pursuing data-based innovation. The Finnish government has established various strategies to create a health ecosystem, especially a reliable health data ecosystem, and is systematically carrying out implementation plans such as improving the legal system and promoting large projects. In particular, Finland aims to become a leader in the secondary use of health data within the EU. Accordingly, the Finnish government attempted to overcome the situation in which the secondary use of sensitive personal data such as health data is restricted by the EU GDPR in consideration of the rapid growth of the data economy and abundantly available health data at home. The Act on the Secondary Use of Health and Social Data (hereinafter the ‘Act’) enacted on May 1, 2019 represents such effort. The purpose of this Act is to encourage and promote the use of health and social data for socially valuable purposes. The goal is to improve the efficiency, integration, and speed of data access and utilization by processing the data permit applications and the data requests as well as related data access for users in need of data within a single agency as an one-stop shop covering all processes. Finland has devised a new data management and access system for this. This is why there is growing interest in the Act: the system has been designed to maintain a very high level of security system while complying with the requirements of the GDPR. In principle, access to health and social data is only possible remotely via the secure hosting service in the secure operating environment under the Act. By enacting the Act, Finland has clarified the legal basis for enabling extensive secondary use of health data under the GDPR. It also laid the foundation for easing the tension between the protection of the rights of data subjects and a pursuit for economic growth. Korea faces a similar conflict situation and a data management environment that Finland has agonized for a long time. Also similarly, various measures are actively sought by the government to solve this issue. This study aims to contribute to such efforts. Therefore this paper has looked for practical implications by thoroughly examining the contents of the Act that Finland takes pride as the solution to providing values to all stakeholders. This paper first examined the structure and the main contents of the Act in detail (II), then evaluated the significance and limitations of the Act (III), and lastly, attempted to draw the implications for our issues (IV).