Modul 7

Ethics, Legal and Social Issues

of Digital Public Health

Anis Fuad
Departemen Biostatistik, Epidemiologi dan Kesehatan
Populasi, FK-KMK UGM
Email: [email protected]
X; @4n15fuad
 Aspek etika DiPH

Aspek legal DiPH

Tujuan
pembelajaran
Isu sosial dalam penerapan DiPH

Use case

Refleksi

2
 Digital Public Health
adoption of digital tools to achieve public health
goals, such as preventing disease, empowering
citizens, promoting value-based healthcare, or
achieving UHC
Digitisasi
Digitalisasi
Transformasi digital

Objective
to improve the health of populations from the
individual to the population level by using
information and communications technologies (ICT)

Approach
Evidence-based, needs-based, inclusive,
participatory, equity, data for surveillance
Wong, Brian Li Han, et al. "The dawn of digital public health in Europe: Implications for public
health policy and practice." The Lancet Regional Health-Europe 14 (2022): 100316.
 Digital innovation to improve population health

Organizational
Digital innovation Individual behavior
behavior

-Accept, reject, use

-Adaptation
-ethics, legal, social issues
-Intended & unintended consequences
 • Reducing the Skills of
Physicians
• Focus on Text and the
Demise of Context
• Intrinsic Uncertainty
in Medicine
• The Need to Open the
Machine Learning
Cabitza, Federico, Raffaele Rasoini, and Gian Franco Gensini. Black Box
"Unintended consequences of machine learning in
medicine." Jama 318.6 (2017): 517-518.
6
 Aspek etika DiPH

Aspek legal DiPH

Tujuan
pembelajaran
Isu sosial dalam penerapan DiPH

Use case

Refleksi

7
 Kerangka Etik dalam Informatika Kesehatan

Samuel, Hamman W., Osmar R. Zaïane, and Dick Sobsey. "Towards a definition of health Informatics
Ethics." Proceedings of the 1st ACM International Health Informatics Symposium. 2010.
Samuel, Hamman W., Osmar R. Zaïane, and Dick Sobsey. "Towards a definition of health Informatics
Ethics." Proceedings of the 1st ACM International Health Informatics Symposium. 2010.
 1. Principle of Autonomy (otonomi)
• All persons have a fundamental right to self-determination.

2. Principle of Equality and Justice (kesetaraan dan keadilan)

• All persons are equal as persons and have a right to be treated accordingly.

3. Principle of Beneficence (menghargai martabat manusia)

• All persons have a duty to advance the good of others where the nature of this

General good is in keeping with the fundamental and ethically defensible values of the
affected party.

4. Principle of Non-Malfeasance (tidak merugikan orang lain)

Ethics • All persons have a duty to prevent harm to other persons insofar as it lies within
their power to do so without undue harm to themselves.

5. Principle of Impossibility (ketidakmungkinan)

• All rights and duties hold subject to the condition that it is possible to meet them
under the circumstances that obtain.

6. Principle of Integrity (integritas)

• Whoever has an obligation has a duty to fulfil that obligation to the best of their
ability.
Samuel, Hamman W., Osmar R. Zaïane, and Dick Sobsey. "Towards a definition of health Informatics
Ethics." Proceedings of the 1st ACM International Health Informatics Symposium. 2010.
 Informatics Ethics
1. Principle of Information-Privacy and All persons and group of persons have a fundamental right to privacy, and
hence to control over the collection, storage, access, use, communication,
Disposition (privasi dan disposisi) manipulation, linkage and disposition of data about themselves.

The collection, storage, access, use, communication, manipulation, linkage and

2. Principle of Openness (keterbukaan) disposition of personal data must be disclosed in an appropriate and timely
fashion to the subject or subjects of those data.

Data that have been legitimately collected about persons or groups of persons
should be protected by all reasonable and appropriate measures against loss
3. Principle of Security (keamanan) degradation, unauthorized destruction, access, use, manipulation, linkage,
modification or communication.

The subjects of electronic health records have the right of access to those
4. Principle of Access (akses) records and the right to correct them with respect to its accurateness,
completeness and relevance

Samuel, Hamman W., Osmar R. Zaïane, and Dick Sobsey. "Towards a definition of health Informatics
Ethics." Proceedings of the 1st ACM International Health Informatics Symposium. 2010.
 Informatics Ethics

5. Principle of Legitimate • The fundamental right of privacy and of control over the collection, storage, access, use,
manipulation, linkage, communication and disposition of personal data is conditioned only by
Infringement (Pelanggaran the legitimate, appropriate and relevant data-needs of a free, responsible and democratic
yang sah/dibolehkan) society, and by the equal and competing rights of others.

6. Principle of the Least • Any infringement of the privacy rights of a person or group of persons, and of their right of
Intrusive Alternative control over data about them, may only occur in the least intrusive fashion and with a minimum
of interference with the rights of the affected parties.
(Pelanggaran paling minimal)

• Any infringement of the privacy rights of a person or group of persons, and of the right to control
7. Principle of Accountability over data about them, must be justified to the latter in good time and in an appropriate fashion.
These general principles of informatic ethics, when applied to the types of relationships into
(akuntabilitas) which HIPs enter in their professional capacity and to the types of situations they encounter
when thus engaged, give rise to more specific ethical duties.

Samuel, Hamman W., Osmar R. Zaïane, and Dick Sobsey. "Towards a definition of health Informatics
Ethics." Proceedings of the 1st ACM International Health Informatics Symposium. 2010.
 1. Public
• Activities are done with the best interest of the society in mind

2. Client and employer

• Activities are done in the best interests of clients and employers

3. Product
• Software products should meet expected professional standards

4. Judgement

Software
• Integrity and independence is kept in making decision about software development

5. Management
• Managers and leaders should subscribe to ethical approach in software development.

6. Profession
• The reputation of the software engineering profession should be advanced.

7. Colleagues
• Colleagues are to be supported and treated fairly

8. Self
• Re-training and improvement is to be pursued by the software developer

Samuel, Hamman W., Osmar R. Zaïane, and Dick Sobsey. "Towards a definition of health Informatics
Ethics." Proceedings of the 1st ACM International Health Informatics Symposium. 2010.
 People (patient, consumer, client)
Healthcare professionals
Stakeholder
of Digital Institutions and employers
Public
Health Society
Ethics Self
Profession
Samuel, Hamman W., Osmar R. Zaïane, and Dick Sobsey. "Towards a definition of health Informatics
14
Ethics." Proceedings of the 1st ACM International Health Informatics Symposium. 2010.
 Aspek etika DiPH

Aspek legal DiPH

Tujuan
pembelajaran
Isu sosial dalam penerapan DiPH

Use case

Refleksi

15
Arjoon, Surendra. "Corporate governance: An ethical perspective." Journal of business ethics 61.4
(2005): 343-352.
Rekam medis dalam UU 17/2023 adalah RME

17
 Aspek etika DiPH

Aspek legal DiPH

Tujuan
pembelajaran
Isu sosial dalam penerapan DiPH

Use case

Refleksi

19
Harrison, Michael I., Ross Koppel, and Shirly Bar-Lev. "Unintended consequences of information technologies in health
care—an interactive sociotechnical analysis." Journal of the American medical informatics Association 14.5 (2007):
542-549. 20
Harrison, Michael I., Ross Koppel, and Shirly Bar-Lev. "Unintended consequences of information technologies in health
care—an interactive sociotechnical analysis." Journal of the American medical informatics Association 14.5 (2007):
542-549. 21
22
Harrison, Michael I., Ross Koppel, and Shirly Bar-Lev. "Unintended consequences of information technologies in health
care—an interactive sociotechnical analysis." Journal of the American medical informatics Association 14.5 (2007):
542-549. 23
 Aspek etika DiPH

Aspek legal DiPH

Tujuan
pembelajaran
Isu sosial dalam penerapan DiPH

Use case

Refleksi

24
 Titik kerentanan keamanan siber

Kim, Dong-won, Jin-young Choi, and Keun-hee Han. "Risk management-based security evaluation
model for telemedicine systems." BMC Medical Informatics and Decision Making 20.1 (2020): 1-14.
 Kategori ancaman keamanan dalam
telemedicine

Das, S., and A. Mukhopadhyay. "Security and privacy challenges in telemedicine." CSI Commun 35
(2011): 20-2.
 Komponen keamanan

Das, S., and A. Mukhopadhyay. "Security and privacy challenges in telemedicine." CSI Commun 35 (2011): 20-2.
 Ancaman keamanan siber

Ancaman yang terus berkembang

Dampak Potensial: kerugian finansial bagi penyedia layanan kesehatan, tanggung jawab
hukum, kerusakan reputasi, dan bahaya pribadi bagi pasien.

Jenis Ancaman: serangan ransomware, skema phishing, ancaman dari dalam, dan perangkat
yang tidak terjamin.

Contoh Nyata sudah ada dengan berbagai derajat kerusakan

Tantangan dalam keamanan siber: taktik yang terus berkembang, kompleksitas dalam
mengamankan lingkungan TI kesehatan yang beragam.

28
Di Indonesia, tindakan peretasan ini pernah terjadi
pada Juni 2020 berupa peretasan data pasien Covid-19.
Akun bernama Database Shopping pada situs Raid
Forums mengklaim bahwa ia memiliki basis data berisi
sekitar 230.000 data orang terkait Covid-19 di
Indonesia. Basis data tersebut berisi informasi yang
cukup lengkap: dari nama, nomor telepon, alamat, hasil
tes PCR, hingga lokasi rumah sakit tempat dirawat.
2
9
2020 HIMSS Cybersecurity Survey
 Keamanan Informasi
sebagian besar
organisasi kesehatan
(69%) mengkhawatirkan
a. Pengelolaan risiko keamanan informasi,
• Meliputi kesiapan penerapan
pengelolaan risiko keamanan informasi
sebagai dasar penerapan strategi
keamanan informasi.
b. Kerangka kerja keamanan informasi,
• Meliputi kerangka kerja (kebijakan dan
prosedur) pengelolaan keamanan
informasi dan strategi penerapannya.
c. Tata kelola keamanan informasi.
• Komitmen pucuk pimpinan, kesiapan
bentuk tata kelola keamanan informasi
beserta instansi/perusahaan/fungsi, serta
tugas dan tanggung jawab pengelola
keamanan informasi.

Buku Putih Keamanan Siber Sektor Kesehatan, BSSN

 Perekam Medis
Dokter Perawat dan Informasi
Kesehatan

Siapa sajakah
Ahli
pengguna Petugas Farmasi Ahli Radiologi .
Laboratorium
aplikasi
SIMRS/RME di
rumah sakit Petugas Manajemen
Anda? Pasien
Keuangan Rumah Sakit

Tenaga Tenaga
Kesehatan Teknologi
lainnya Informasi

33
34
Ps 4
(1)Data Pribadi terdiri atas:
a. Data Pribadi yang bersifat spesifik; dan
b. Data Pribadi yang bersifat umum

(2) Data Pribadi yang bersifat spesifik

sebagaimana dimaksud pada ayat (1) huruf
a meliputi:
c. data dan informasi kesehatan;
d. data biometrik;
e. data genetika;
f. catatan kejahatan;
g. data anak;
h. data keuangan pribadi; dan/atau
i. data lainnya sesuai dengan ketentuan
peraturan perundang- undangan.
36
Slide Kominfo dipresentasikan oleh Hendri Sasmita Yudha
https://nltimes.nl/2019/07/16/hague-hospital-fined-eu460000-protecting-patients-privacy
https://www.gdprregister.eu/news/hospital-receives-gdpr-fine/
Implikasi UU PDP
Pejabat/Petugas Pelindungan Data Pribadi (Data Protection Officer)

• Pengendali Data Pribadi dan Prosesor Data Pribadi wajib menunjuk pejabat
atau petugas yang melaksanakan fungsi Pelindungan Data Pribadi dengan
tugas paling sedikit (ps 53):
a. menginformasikan dan memberikan saran kepada Pengendali Data Pribadi atau Prosesor Data Pribadi
agar mematuhi ketentuan dalam Undang-Undang ini;
b. memantau dan memastikan kepatuhan terhadap Undang-Undang ini dan kebijakan Pengendali Data
Pribadi atau Prosesor Data Pribadi;
c. memberikan saran mengenai penilaian dampak Pelindungan Data Pribadi dan memantau kinerja
Pengendali Data Pribadi dan Prosesor Data Pribadi; dan
d. berkoordinasi dan bertindak sebagai narahubung untuk isu yang berkaitan dengan pemrosesan Data
Pribadi.
• Ketentuan lebih lanjut mengenai pejabat atau petugas yang melaksanakan
fungsi Pelindungan Data Pribadi diatur dalam Peraturan Pemerintah (ps 54).
 Apa yang terjadi di organisasi kesehatan di Eropa
setelah diundangkannya GDPR?

• Memahami regulasi dan menetapkan siapa yang akan

bertanggung jawab dalam implementasi regulasi PDP
• Melaksanakan analisis kesenjangan, mengukur
kepatuhan thd PDP
• Menetapkan tahapan implementasi, audit dan review
• Meningkatkan kesadaran (awareness) mengenai PDP di
tingkat pimpinan sampai ke staf serta implikasinya ke
dalam pekerjaan dan rutinitas organisasi
• Mengantisipasi perubahan SOP dan cara kerja di
organisasi terkait dengan pengelolaan data pribadi
• Memiliki pedoman tata kelola informasi, merevisinya jika
sudah memiliki kerangka disesuaikan dengan regulasi
PDP

https://www.itgovernance.co.uk/healthcare/gdpr
 Kalau pasien meminta data pribadi di rekam
medisnya dihapus, kira-kira respon bagaimana
ya?
Pasal 8 Pasal 16
• Pemilik Data Pribadi berhak untuk • (1) Hak-hak Pemilik Data Pribadi sebagaimana
dimaksud dalam Pasal 8, Pasal 9, Pasal 10,
mengakhiri pemrosesan, Pasal 11, Pasal 12, dan Pasal 14 tidak berlaku
menghapus, dan/atau untuk:
memusnahkan Data Pribadi a. kepentingan pertahanan dan keamanan
nasional;
miliknya.
b. kepentingan proses penegakan hukum;
Pasal 9 c. kepentingan umum dalam rangka
penyelenggaraan negara;
• Pemilik Data Pribadi berhak d. kepentingan pengawasan sektor jasa keuangan,
menarik kembali persetujuan moneter, sistem pembayaran, dan stabilitas sistem
keuangan; atau
pemrosesan Data Pribadi miliknya e. agregat data yang pemrosesannya ditujukan
yang telah diberikan kepada guna kepentingan statistik dan penelitian ilmiah
Pengendali Data Pribadi. dalam rangka penyelenggaraan negara.
• (2) Pengecualian sebagaimana dimaksud pada
ayat (1) dilaksanakan hanya dalam rangka
pelaksanaan ketentuan Undang-Undang.
https://www.futurelearn.com/info/courses/protecting-health-data/0/steps/39633
44
Topol, E.J. High-performance medicine: the convergence of human and artificial intelligence. Nat Med 25, 44–56 (2019).
https://doi.org/10.1038/s41591-018-0300-7
 No automation Driver assistance Partial automation Conditional High automation Full automation
automation
Topol, E.J. High-performance medicine: the convergence of human and artificial intelligence. Nat Med 25, 44–56 (2019).
https://doi.org/10.1038/s41591-018-0300-7
 By analyzing patient records and medical
documentation, AI models can accurately assign
relevant codes to diagnoses, procedures, and
services, streamlining the coding process and
reducing the burden on human coders.
Automated Code Assignment
Continuous Learning and Adaptation
Error Reduction
Efficiency and Productivity

https://www.emedlogix.com/post/generative-ai-in-health
care-transforming-medical-coding
ChatGPT mengoreksi Clinical Decision Support System
recommendation untuk mengatasi “alert fatigue”

Liu, Siru, et al. "Using AI-generated suggestions from ChatGPT to optimize clinical decision support." Journal of the
American Medical Informatics Association (2023): ocad072.
Challen, Robert, et al. "Artificial intelligence, bias and
clinical safety." BMJ Quality & Safety 28.3 (2019): 231-237.
 Aspek etika DiPH

Aspek legal DiPH

Tujuan
pembelajaran
Isu sosial dalam penerapan DiPH

Use case

Refleksi

52
Inclusive digital public health
 Panduan
• Application of AI in healthcare
• Law, policies and principles
• Key ethical principles of AI in healthcare
• Liability
• Framework of AI governance in healthcare

Kerangka Etik dan Tata Kelola Data Faskes untuk

mendukung peningkatan pelayanan kesehatan
Meningkatkan pelayanan kesehatan dengan inovasi
teknologi Kecerdasan Artifisial guna mempercepat waktu
pelayanan, memperluas jangkauan, dan penurunan biaya
kesehatan untuk seluruh masyarakat Indonesia.

https://ai-innovation.id
https://medicalfuturist.com/5-levels-of-automation-in-medicine/
 From this To this
(ABCD) (ABCDEFGHI)

A: AI, B:Blockchain, C:Cloud E: education, ethics & regulation, F:financing,

D:big Data G:governance, H:humanity,
I:infrastructure & security
Terima Kasih