Data privacy in healthcare: Global challenges and solutions

Abstract

Purpose: This study explores global frameworks for healthcare data privacy, focusing on the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Protection of Personal Information Act (POPIA). It examines the challenges of regional regulatory disparities, systemic vulnerabilities identified through major health data breach case studies, and the potential of advanced technologies to enhance privacy protections.

Methods: A qualitative research approach was adopted, incorporating corpus construction and comparative analysis of legal and technical frameworks. The study also utilized case studies of significant health data breaches to identify vulnerabilities and evaluate the role of emerging technologies, such as artificial intelligence (AI) and machine learning (ML), in mitigating risks and enhancing regulatory compliance.

Results: Findings indicate that GDPR, CCPA, and POPIA set high standards for data protection but reveal significant variability in enforcement and technological adoption across regions. Challenges include inconsistent definitions of sensitive data, semantic discrepancies, a lack of standardized protocols, and limited information technology infrastructure in certain jurisdictions. Advanced technologies like AI and ML promise to address these gaps by improving data harmonization and security.

Conclusions: Addressing healthcare data privacy challenges requires harmonized global regulations, advanced technological tools, and international collaboration. Strengthening frameworks, enhancing information technology infrastructure, and employing semantic models and ontologies are essential for protecting sensitive data, ensuring compliance, and fostering public trust in digital healthcare systems.

Keywords: California Consumer Privacy Act (CCPA); Data privacy; General Data Protection Regulation (GDPR); Protection of Personal Information Act (POPIA); data security; healthcare.

Figure 1.

Coding process for deriving theme. This diagram illustrates the coding process: starting with the compilation of a comprehensive table of studies, the three authors independently coded the data to identify recurring patterns. Discrepancies were resolved through consensus-based discussions, leading to the grouping of codes into thematic categories and ultimately deriving four main themes (2025).

Figure 2.

Thematic framework for global healthcare data privacy. This diagram illustrates the four main thematic areas derived from our review: (1) regional variability in data privacy challenges, (2) technological vulnerabilities and systemic weaknesses, (3) best practices and proactive responses, and (4) innovative solutions and advanced technologies.

Figure 3.

Key considerations to inform policy. Adopted from Health Information and Quality Authority, 2022.