PHIE Privacy Guidelines

Post on 13-Apr-2017

267 views 0 download

Preview:

Click to see full reader
Report this document
SHARE

transcript

1

2

Health Data Privacy Guidelines

Ivy D. Patdu, MD, JD

Member, National Health Data Privacy Experts Group

PHIE

• Philippine Health Information Exchange – provides the infrastructure for sharing of health information among participating health care providers

PHIE

HEALTH POLICY

PATIENT CARE

HEALTH EDUCATION

PROGRAM IMPLEMENT

ATION

• Provide data for health policy and program implementation

• Improve patient care through coordination of treatment and care

• Allow access to health information

Right to health

Right to Privacy

Privacy Guidelines for the Implementation

of the PHIE

Declaration of Principles

• Primacy of human rights.• Vital role of communication and information

technology in nation-building. • Improvement of health information systems for

public health. • Achievement of better health outcomes. • Protection of Health Information Privacy.

Data Privacy Act Of 2012(Republic Act No. 10173)

Processing of Health Information

• Processing - refers to any operation performed upon personal information including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data

Sensitive Personal Information

• About an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings;

• The duty to protect sensitive health information remains even if there is no IRR for Republic Act 10173.

• Even if there is no IRR, hospitals and other healthcare providers should protect the privacy of a patient’s personal health information

\

General Guideline

• The implementation of the Philippine Health Information Exchange shall promote public health and support the improvement of the health care delivery system to benefit patients while safeguarding the right to privacy of every individual.

Data Protection

• Sec. 3. The right to privacy of health information shall be protected. The processing of health information shall be in accordance with law, and shall adhere to the principles of transparency, legitimate purpose and proportionality:

Transparency

• Patients shall have a right to adequate information on matters relating to the processing of their health information, including the nature, purpose and intended use of processing.

Legitimate Purpose

• Processing of health information shall be in accordance with a declared and specified purpose, which must not be contrary to law, morals or public policy

Proportionality

• The processing of health information shall be adequate, relevant and not excessive in relation to a declared and specified purpose.

Transparency

• The processing of health information shall be conducted in a manner where an individual is given adequate and relevant knowledge about the nature, purpose, extent and intended use of processing of information, and provided with the right to consent, limit or object to the processing.

Important Points

A. Collecting and Processing B. AccessC. Use and DisclosureD. Data Security

Collecting and Processing

• When is processing of health information allowed?

(1) For medical care and treatment(2) For cases allowed by law or rules(3) If PATIENT CONSENTS

Consent

b. Guidelines for Consent• The consent process shall be integrated in

PHIE policies and shall aim to alert patients and healthcare professionals on privacy rules and processes for mutual recognition of certain duties, responsibilities, and rights. It shall be complemented by other mechanisms and processes meant to enhance patient autonomy and privacy.

Consent

• The consent of the patient for participation in the PHIE shall be obtained prior to processing of health information and prior to sharing with other PHCP.

Rights of Patient Participating in PHIE

Right to be informed:• Information to be included in the Shared

Health Record • Existence of security measures for the

protection of health information against unauthorized access, accidental or unlawful alteration, disclosure and destruction and any other unlawful processing.

• Participation in the PHIE requires patient consent, which may revoked or reinstated at the option of the patient

• Refusal by a patient to give consent to participate in the PHIE shall not be a ground to withhold medical treatment or assistance, or any benefits under existing national or social health insurance.

Limitation of Access

• Patient Consent to access the Shared Health Record. • When necessary to protect the patient’s life or

health, and Patient is physically or legally incapable of giving consent,

• If the deceased made pre-arrangements for access for purpose of organ and other tissue donation.

• Upon request of the patient, for the patient’s own treatment, payment transactions, other health insurance prerequisites

Limitation of Use and Disclosure

• Sec. 15. The Department of Health may order the use and disclosure of personal health information, to the extent permitted by law, but only in case of a serious health and safety threat to the public, which can reasonably be addressed only if the personal health information is used.

Limitation of Use and Disclosure

• Sec. 16. Any other disclosure of health information to a third party , including requests from a branch, agency or instrumentality of the government, shall not be allowed except if pursuant to the lawful order of the court, or to protect public order and safety as may be prescribed by law, or in cases of emergency to protect life and health of patient  when patient is unable to physically or legally give consent to the processing.

Data Security

• Organizational – Responsible Person, Implementation and Training on Privacy and Security Policy, clause on duty of confidentiality

• Physical – limit physical access, monitor work stations

• Technical – technical and logical security measures

Data Security

• Sec. 25. Guidelines for Technical security measures:

• The PHIE Governance structure, PHCP and personal information controllers shall have in place technical and logical security measures for data protection, including: …

• Technical Security measures such as data encryption, authentication process, and other measures to control and limit access to electronic data and health information

Penalty Clause

• In addition to disciplinary measures or administrative penalties, Persons may be liable for violation of existing law, and penalized according to said laws.

Data Privacy Act

• Unauthorized Processing or Processing for unauthorized purpose

• Improper Disposal (knowingly or through negligence)

• Unauthorize access or intentional breach• Access due to negligence• Concealment of Security Breach• Malicious or Unauthorized Disclosure

• The Privacy Guidelines for the Philippine Health Information Exchange is an effort to implement the Data Privacy Act in the context of Health.

33

ehealthphilippines@gmail.com651-7800 loc. 1948

Top related

Guidelines for public administrations on location privacy · 2017-10-03 · Guidelines for public administrations on location privacy Version 1 2016 ... It aims to provide evidence-based
Documents
Privacy & Security for Patient Portals: 2012 Guidelines · Privacy & Security for Patient Portals 2012 GUIDELINES FOR THE PROTECTION OF HEALTH INFORMATION SPECIAL EDITION Jurisdictional
Documents
GUIDELINES ON PRIVACY BY DESIGN AND PRIVACY IMPACT ASSESSMENT 6 Final... · GUIDELINES ON PRIVACY BY DESIGN AND PRIVACY IMPACT ASSESSMENT ... by Design need to be an integral part
Documents
Privacy Safeguard Guidelines
Documents
PRIVACY AND CONFIDENTIALITY POLICY · PRIVACY AND CONFIDENTIALITY POLICY Mandatory – Quality Area 7 PURPOSE This policy will provide guidelines: for the collection, storage, use,
Documents
Privacy Impact Assessment Guidelines
Documents
• PRIVACY COMMISSIONER ISSUES KEY …...VOLUME 15, NUMBER 9 Cited as (2018), 15 C.P.L.R. AUGUST 2018 • PRIVACY COMMISSIONER ISSUES KEY GUIDELINES FOR CONSENT AND INAPPROPRIATE
Documents
Privacy Screens: The Simple Way to Protect Assets and ... · privacy experts recommend the development and dissemination of formal visual privacy guidelines. When a company’s procedures
Documents
Privacy Guidelines for Strata Corporations and Strata Agents
Documents
Data Privacy Guidelines
Technology
Guidelines for Smart Grid Cyber Security: Vol. 2, Privacy
Documents
Guidelines Library Privacy
Documents
Mobile APP privacy guidelines - global view
Technology
NISTIR 7628 Guidelines to Smart Grid Cyber Security Volume II: Privacy Briefing
Documents
PRIVACY IMPACT ASSESSMENT GUIDELINES - …publications.gov.sk.ca/documents/9/98604-Privacy Impact Assessment... · In order to avoid del ays in project development and implementation,
Documents
Data Privacy Guidelines for Large Utilities data privacy guideline for large...information. Further, the utility cannot disclose private or proprietary information for the purposes
Documents
HIPAA AND MEDICAL PRIVACY: Guidelines for Faculty, Staff ... · HIPAA AND MEDICAL PRIVACY: Guidelines for Faculty, Staff and Students Relating to Protected Health Information Page
Documents
ISPPPI Privacy Protection Guidelines · Privacy Protection Guidelines – Version 1 – December 2018 Page 3 of 40 6.4 Security Breach Preparedness and Response .....17
Documents
OECD Guidelines on the Protection of Privacy and ...
Documents
National Privacy Principles (September 2001) - OAIC · PDF fileoffice of the federal privacy commissioner guidelines to the national privacy principles september 2001
Documents

Copyright © 2018 DOCUMENTS