Data privacy and protection in AI-driven healthcare
DOI:
https://doi.org/10.7196/SAMJ.2025.v115i5b.3666Keywords:
governance, artificial intelligence, healthcare, data breaches, privacyAbstract
The concept of keeping health data private is constantly being tested, as what constitutes health data has grown significantly, now including massive amounts of personal information from a variety of sources, such as genomic data, radiological images, medical records, and non- health data converted into health data. These numerous sources of data, collectively termed ‘biomedical big data’ (BD), comprise a health data ecosystem that has altered the landscape of health research. BD, which is often referred to as the ‘new oil’, provides a natural blueprint for artificial intelligence (AI) to thrive and to generate and advance knowledge exponentially. However, while the need for data grows, data breaches are on the rise, specifically in the healthcare sector. The rise in local data breaches underscores the urgent need to translate paper into practice by strengthening systems and enforcing the ethico-legal framework governing the processing of data in SA, including ways in which to efficiently handle its misuse. This involves ensuring the adoption of ethically sound practices, adaptable infrastructure, and robust governance that is specific to the SA context.
References
1. Alder S. Healthcare data breach statistics. HIPAA J. 2024. https://www.hipaajournal.com/healthcare- data-breach-statistics/ (accessed 11 September 2024).
2. Check Point Research. Average weekly global cyber-attacks peak with the highest number in 2 years, marking an 8% growth year over year. 2023. https://blog.checkpoint.com/2023/07/10/average-weekly- global-cyber-attacks-peak-with-the-highest-number-in-2-years-marking-an-8-growth-year-over- year/ (accessed 11 September 2024).
3. Majola G. Cyber-attacks target agriculture, govt services in Africa: Mimecast report. IOL. 26 August 2024. https://www.iol.co.za/business-report/economy/cyber-attacks-target-agriculture-govt-services- in-africa-mimecast-report-ec563d33-0fc3-4d86-acac-ece37b4d32cc (accessed 11 September 2024).
4. Brederode W. All systems down as cyber-attack hits govt’s national health lab. News24. 2024. https:// www.news24.com/fin24/companies/all-systems-down-as-cyber-attack-hits-govts-national-health- lab-20240412 (accessed 11 September 2024).
5. Illidge M. South African mining giant hacked. MyBroadband. 9 February 2024. https://mybroadband. co.za/news/security/482123-south-african-mining-giant-hacked.html (accessed 9 February 2024).
6. Illidge M. ‘BlackSuit’ behind attack on critical South African healthcare service. MyBroadband. 2024.
https://mybroadband.co.za/news/security/488456-blacksuit-behind-attack-on-critical-south-african-
healthcare-service.html (accessed 11 September 2024).
7. Francke RL. All operations restored at NHLS, following cyber attack. IOL. 2024. https://www.iol.
co.za/news/south-africa/all-operations-restored-at-nhls-following-cyber-attack-20240315 (accessed
11 September 2024).
8. PalmerK.Taylor&FrancisAIdealsets‘worryingprecedent’foracademicpublishing.InsideHigher
Ed. 2024. https://www.insidehighered.com/news/2024/08/10/taylor-francis-ai-deal-sets-worrying-
precedent-academic-publishing (accessed 11 September 2024).
9. Vayena E, Blasimme A. Biomedical big data: new models of control over access, use, and governance.
Bioethical Inquiry 2017;14:501-513.
10. Naidoo S, Bottomley D, Naidoo M, Donnelly D, Thaldar DW. Artificial intelligence in healthcare: Proposals for policy development in South Africa. S Afr J Bioeth Law 2022;15(1):11-16. https://doi. org/10.7196/SAJBL.2022.v15i1.797
11. World Health Organization. Ethics and governance for artificial intelligence in health. Geneva: WHO; 2021.
12. Zhang Q, Gao J, Wu JT, Cao Z, Zeng D. Data science approaches to confronting the COVID-19 pandemic: A narrative review. Phil Trans R Soc A 2021;380:20210127.
13. Van Noorden R, Perkel JM. AI and science: What 1,600 researchers think. Nature. 2023. https://www. nature.com/articles/d41586-023-02740-6 (accessed 11 September 2024).
14. Klang E, Tessler I, Freeman R, Sorin V, Nadkarni GN. If machines exceed us: Health care at an inflection point. NEJM AI 2024;1(10). https://doi.org/10.1056/AIp2400559
15. Msomi v S (39/2018) [2019] ZAECGHC 80; 2020 (1) SACR 197 (ECG) (3 September 2019) at para 34. 16. Snail ka Mtuze S. The convergence of legislation on cybercrime and data protection in South Africa: A practical approach to the Cybercrimes Act 19 of 2020 and the Protection of Personal Information
Act 4 of 2013. Obiter 2022;43(3):539.
17. Habl CA, Hummer M, Maier G. Data is the new oil: How COVID-19 boosted information transparency
in Austria. Eur J Public Health 2021;31(Suppl 3).
18. DepartmentofCommunicationsandDigitalTechnologies.NationalDataandCloudPolicy.SouthAfrica:
Government Gazette No. 5074; 2024. https://www.gov.za/documents/electronic-communications-act-
national-data-and-cloud-policy-5074-2024-05-20 (accessed 11 September 2024).
19. Health Professions Council of South Africa. Guidelines on confidentiality: Protecting and providing information. Booklet 5. 2021. Pretoria: HPCSA; 2021. https://www.hpcsa.co.za/Uploads/Professional_ Practice/Booklet_5_Confidentiality_Protecting_and_Providing_Information_vDec_2021.pdf
(accessed 11 September 2024).
20. National Health Research Ethics Council. South African ethics in health research: principles, processes
and structures. 3rd ed. Pretoria: National Department of Health; 2024.
21. Thaldar D, Botes M, Swales L, Esselaar P. Enhancing data governance in collaborative research:
Introducing SA DTA 1.1. S Afr J Bioeth Law 2024;17(2):e2300. https://doi.org/10.7196/SAJBL.2024.
v17i2.2300
22. Department of Communications and Digital Technologies. South Africa National Artificial Intelligence Policy Framework. 2024 https://policyvault.africa/south-africa-national-artificial-intelligence-ai-policy- framework-2024 (accessed 11 September 2024).
23. Mahomed S, Labuschaigne M. The evolving role of health research ethics committees in the era of open data. S Afr J Bioeth Law 2022;15(3):80-83.
Downloads
Published
Issue
Section
License
Copyright (c) 2025 S Mahomed
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
Licensing Information
The SAMJ is published under an Attribution-Non Commercial International Creative Commons Attribution (CC-BY-NC 4.0) License. Under this license, authors agree to make articles available to users, without permission or fees, for any lawful, non-commercial purpose. Users may read, copy, or re-use published content as long as the author and original place of publication are properly cited.
Exceptions to this license model is allowed for UKRI and research funded by organisations requiring that research be published open-access without embargo, under a CC-BY licence. As per the journals archiving policy, authors are permitted to self-archive the author-accepted manuscript (AAM) in a repository.
Publishing Rights
Authors grant the Publisher the exclusive right to publish, display, reproduce and/or distribute the Work in print and electronic format and in any medium known or hereafter developed, including for commercial use. The Author also agrees that the Publisher may retain in print or electronic format more than one copy of the Work for the purpose of preservation, security and back-up.
