TÜRKIYE Law and Practice Contributed by: Bora Yazıcıoğlu, Kübra İslamoğlu Bayer, Aslı Rabia Savaş and Yağmur Yaren Özdabakoğlu, YAZICIOGLU Legal
6.3 Cybersecurity in the Healthcare Sector The Directive on the Information Security Policies of the Ministry of Health ( “MoH InfoSec Directive” ) and the Guideline for Information Security Policies ( “MoH InfoSec Guideline” ) The MoH InfoSec Directive and MoH InfoSec Guideline were published by Health Information Systems General Directorate (HISGD) under the Ministry of Health, which was established to regulate information systems and communica - tion technologies that are used in the healthcare sector. MoH InfoSec Directive establishes the Informa - tion Security Management Commission and sub-commissions that are responsible for infor - mation security and cyber incident management across all central and provincial organisations of the Ministry of Health. It also establishes the sectoral CERT for the healthcare sector and requires the appointment of an information security officer. Moreover, the MoH InfoSec Directive tasks HISGD with the management of information security breaches and auditing information security. For details of the certification obligation for ser - vice providers of health information systems, see 5.1 Key Cybersecurity Certification Legislation . The By-Law on Personal Health Data In addition to the provisions under the DP Law pertaining to special categories of personal data, the By-Law on Personal Health Data provides the specific procedure to be followed by health - care providers while processing health data. It covers accessing, securing, rectifying, destroy - ing, and transferring health data. It emphasises
The DTO’s Report on Chatbot Applications and the Case of ChatGPT The report provides information on security risks and methods to reduce them. These methods include: • authentication and authorisation; • end-to-end encryption; • self-deleting messages; • configuration of user control and access rights; and • proper storage of chat history. Recommendations by the DPA The DPA’s informational document on chatbots highlights: • the importance of transparency in AI chatbot applications; • the potential risks, such as over-sharing of personal data by the data subjects and cyber incidents; and • the need for special protection for minors. The following measures are suggested to be taken while developing a chatbot application: • complying with internationally recognised standards, having certificates, and ensuring privacy by default at every stage in the devel - opment process thereof; and • in data communication, preferring secure methods for transmitting inputs such as text, voice, speech and images to the hosting envi - ronments. Finally, the DPA’s “Recommendations on Data Protection in the Context of Artificial Intelli - gence” consists of data protection-related rec - ommendations for developers, producers, ser - vice providers, and decision-makers vis-à-vis AI systems.
316 CHAMBERS.COM
Powered by FlippingBook