Introduction to Data Privacy

HIPAA (Health Insurance Portability and Accountability Act)

 First enacted in 1996
 Objective: To protect the confidentiality of patient’s healthcare information without
handicapping the flow of information required for treatment.

DPA Act of 2012 (Data Privacy Act of 2012)

 Republic Act No. 10173
 August 15, 2012
 Purpose: The law aims to protect personal data in both the private and government sectors. It
also ensures that the Philippines complies with international data protection standards.

Key features

 The law:
 Regulates the collection, use, storage, and other processing of personal data
 Establishes principles and guidelines for processing personal information
 Affirms that individuals own their personal information
 Requires businesses and organizations to obtain consent from data subjects before collecting,
processing, or disclosing their personal data
 Grants data subjects rights such as accessing, correcting, and erasing their information
 Imposes penalties for violations, including imprisonment and fines

Enforcement
 The law became enforceable on September 8, 2012. The National Privacy Commission (NPC) was
established in 2016 to regulate the law.

Penalties for violations include:

 Imprisonment from one to three years and a fine of at least 500,000 pesos but no more than
2,000,000 pesos
 Imprisonment from three to six years and a fine of at least 1,000,000 pesos but no more than
5,000,000 pesos

18 Identifiers Utilized to identify, contact, and locate a person.

1. Name (full name, last name, or initials)
2. Geographical identifiers
3. Dates directly related to an individual
4. Phone numbers
5. Fax numbers
6. Email addresses
7. Social security numbers
8. Medical records numbers
9. Health insurance beneficiary number
10. Accoount numbers
11. Certificate/license numbers
12. Vehicle Identifiers
13. Device identifiers and serial numbers
14. Web Uniform Resource Locators (URL)
15. Internet Protocol (IP) address
16. Biometric identifiers
17. Full face photographic images
18. Any other unique identifying number, characteristic or code except the unique code assigned by
the investigator to code the data.
Privacy
 The state of being free from intrusion of disturbance in one’s private life or affairs.
 Privacy of information and its protection against unauthorized disclosure.
 Individual’s right to be liberated from unwanted external intrusions.
 It provides a secure environment for patients where they receive medical care and provide and
accurate information, and which reinforces confidence in healthcare and emphasizes the
importance of respect for patient autonomy.

Relevant laws
 Bill of Rights of the Philippine Constitution 1987
 Section 3 (1): The privacy of communication and correspondence shall be inviolable except
upon lawful order of the court, or when public safety or order requires otherwise, as
prescribed by.
 Civil Code of the Philippines (Republic Act 386)
 Emphasizes that every person must respect the dignity, personality, privacy and peace of
mind of another, and it makes any person who abuses the rights of another liable for
damages, including healthcare professionals.
 Magna Carta of Patient’s Rights and Obligations (Senate Bill No. 812 of the Philippines)
 13 rights of a patient
 Patient’s rights is waived for the following cases:
 When his or her mental or physical condition is in controversy and the appropriate
court, in its discretion, orders him or her to submit to a physical or mental
examination by a physician.
 When the public health and safety so demand
 When the patient waives this right in writing.

Responsibilities of Public Health Nurses in Data Privacy

RA 10173 (Data Privacy Act of 2012)

Nurses and Healthcare professionals must adhere to the following:

1. Must be knowledgeable and uphold the rights of data subject. Data subjects 6 rights: Right to be
informed, right to object, right to access, right to rectification, right to erasure or blocking, right
to damages. (Sec. 34)
2. Must adhere to appropriate organizational, physical, and technical security measures for the
protection of personal data. (Sec. 25)
3. Must remember that patients decide what information is shared about them and when. Nurses
must always confer first with the patient or his or her legally authorized representative when
disclosing personal health information to others and secure his or her consent first before
discussing any personal health information.
 Principle of transparency
 Principle of Legitimate purpose
 Principle of Proportionality
4. Must always protect all forms of patient information, whether in the workplace or not.
5. Must never assume that health professionals have the right to look at any type of health
information.
6. Must hold all healthcare professionals accountable in maintaining patient privacy.
7. Must be a data privacy advocate.

Penalties for Different Violatioin in Data Privacy According to the DPA of 2012
Section Type of Violation Type of Information Penalty
Sec. 52 Unauthorized Personal information  Imprisonment of
processing of personal 1-3 yeras
 information and  Fine of Php 500,
sensitive personal 000 to Php 2, 000,
information 000

Sensitive information  Imprisonment of

3-6 years
 Fine of Php 500,
000 to Php 4, 000,
000
Sec. 53 Accessing personal Personal information  Imprisonment of
information and 1-3 yeras
sensitive personal  Fine of Php 500,
information due to 000 to Php 2, 000,
negligence 000

Sensitive information  Imprisonment of

3-6 years
 Fine of Php 500,
000 to Php 4, 000,
000
Sec. 54 Impropar disposal of Personal information  imprisonment of
personal information 6 months-2 years
and sensitive personal  Fine of Php 10,
information 000 to Php 500,
000

 Imprisonment of
Sensitive information 1-3 years
 Fine of Php 100,
000 to Php 1, 000,
000
Sec. 55 Processing of personal Personal information  Imprisonment of
information for 1 year to 6
unauthorized purposes months to 5 years
 Fine of Php 500,
000 to Php 1, 000,
000

 Imprisonment of
Sensitive information 2-7 years
 Fine of Php 500,
000 to Php 2, 000,
000
Sec. 56 Unauthorized access or Personal information  Imprisonment of
intentional breach or 1-3 years
Sensitive information  Fine of Php 500,
000 to Php 2, 000,
000
Sec. 57 Concealment of Personal information  Imprisonment of
security breaches or 1 year to 6
involving sensitive Sensitive information months to 5 years
personal information  Fine of Php 500,
000 to Php 1, 000,
000
Sec. 58 Malicious disclosure Personal information  Imprisonment of
or 1 year to 6
 Sensitive information months to 5 years
Fine of Php 500, 000 to
Php 1, 000, 000
Sec. 59 Unauthorized Personal information  Imprisonment of
disclosure 1-3 years
 Fine of Php 100,
000 to Php 1, 000,
000

Sensitive information  Imprisonment of

3-5 years
 Fine of Php 500,
000 to Php 2, 000,
000
Sec. 60 Combination or series Personal information  Imprisonment of
of acts or 3-6 years
Sensitive information  Fine of Php 1,
000, 000 to Php 5,
000, 000

Data Privacy Standards and Policies

1. Disclosure of patient or personal health information is consented by the patient or his or her
legally authorized representative, either verbally or in writing, while adhering to the principles of
transparency, legitimate purpose and proportionality.
2. Nurses must never assume and decide without permission from the patient or his or her legally
authorized representative, even if the nurse is thinking of the patient’s well-being.
3. The patient’s health information is a privileged information shared to healthcare professionals
directly involved in patient care.
4. Nurses must confirm the identity of an individual asking for personal health information about a
patient. Nurses must first confirm the person’s identity, purpose, and authorization to access the
patient’s consent.
5. Discussions about a patient and his or her personal health information must be limited or kept
within the workplace area and should not be done in public domain.
6. Nurses must not send any patient-related information electronically unless it is needed for care.
Once the necessary medical treatment or plan of care has been initiated, the communication
must be deleted within 24 hours.
7. Photos of a patient or a specific body part of the patient require a special and separate consent
stipulating the purpose of such image.
8. Blanket consents, defined as approval to the collection and processing of information without
restriction and purpose and specified purpose are prohibited and must be avoided.
9. Any document about a patient a collected for research-related purposes must be properly stored
and disposed.
10. Nurses must protect all software and hardware which may provide a patient’s health
information from unauthorized access.
11. Nurses must notify the data privacy committee and officers within 72 hrs of a data breach or
whenever a data breach is suspected.
e-Health in the Community Setting

e-Health
 is the use of ICt for health (WHO 2012).
 cost-effective way of using ICT in health care services, health surveillance, health literature,
health education, and research.

Advantages and Disadvantages of eHealth

Disadvantages
 Continuity and interoperability of care stops in the unlikely event that a record gets misplaced.
 Illegible handwriting poses misinterpretation of data.
 Patient’s privacy is compromised.
 Data are difficult to aggregate.
 Actual time for patient care gets limited.

Advantages
 Data are readily mapped, enabling more targeted interventions and feedback.
 Data can be easily retrieved and recovered.
 Redundancy of data is minimized.
 Data for clinical research becomes more available.
 Resources are used efficiently.
 Accuracy
 Accessibility
 Comprehensiveness
 Consistency/Reliability
 Currency
 Definition

e-Health Situation in the Philippines

Factors affecting e-Health in the Country

 Limited health budget

 The emergence of free and open source software
 Decentralized government
 Target users are unfamiliar with the technology
 Surplus of “digital native” registered nurses

Using eHealth in the Community

 Digital disease surveillance systems

 Electronic medical records
 Socio health insurance payment processes
 Health education and interventions

Vision, Components, Strategic Phases

 Philippine eHealth Strategic Framework and Plan (PeHSFP)

 An official document that serves as the roadmap on how the country will use IT to support
health care service delivery.
 eHealth national vision
 By 2020 eHealth will enable widespread access to health care services, health
information, and securely share and exchange patients’ information in support to a
safer, quality health care, more equitable and responsive to health systems for all the
Filipino people by transforming the way information is use to plan, manage, deliver
and monitor health services.
Application of eHealth in Community
 Universal Health Care and ICT
 DOH Administrative Order No. 2010-0036
 Kalusugan Pangkalahatan 3 priority health directions
 Financial risk protection through expansion in NHIP enrolment and benefit
delivery.
 Improved access to quality hospitals and health care facilities.
 Attainment of the health-related MDGs.

 Electronic Medical Records

 Basically comprehensive patient records that are stored and accessed from a computer or
server.
 Example of EMR in the community
 CHITS (Community Health Information Tracking System)
 Advantages:
 Easily retrieve patient data especially on their follow-up visits.
 Track patient progress over time.
 Monitor and improve overall quality of care.
 Disadvantages
 Resistance to change is crucial and full integration of EMRs in the clinical workflow
may take time.
 Double charting
 Interference with face-to-face patient care.
 The perception that EMR is just a simple replacement of paper record.
 Managing data privacy and confidentiality.

 Teledmedicine
 One of the five strategic goals of the DOH’s National eHealth Strategic Framework for 2010-
2016 is to capitalize on ICT.
 To provide better health services to geographically isolated and disadvantaged areas
(GIDA), to support MDG attainment, and to disseminate information to citizens and
providers through telemedicine and mobile health.
 4 elements of of Telemedicine
 Its purpose is to provide clinical support.
 It is intended to overcome geographical barriers, conecting users who are not in the
same physical location.
 It involves the use of various types of ICT.
 Its goal is to improve health outcomes.
 Example of telemedicine program
 BuddyWorks

 eLearning
 Health education, which is essential in health promotion and maintenance.
 Use of electronic tools to aid in teaching.
 Example of eLearning
 DOH Academy

Roles of a Community Health Nurse in eHealth

 Data and records manager
 Change agent
 Educator
 Telepresenter
 Client advocate
 Researcher
1. BuddyWorks 18. Mag-Ina (Maternal and neonatal

2. CHITS (Community Health Information telereferral system)

Tracking System) 19. NaRIS (national rabies information system)

3. eFHSIS 20. PhilHealth eClaims system (eClaims)

4. eIMCI 21. PIDSR (philippine integrated disease

5. NTHC eLearning videos surveillance and response system)

6. RxBox 22. SegWorks Integrated Health Management

7. SEGRHIS (Segworks Rural Health System (SegIHMS)

Information System) 23. ICNDRS (integrated chronic

8. SHINE (Secure Health Information Network noncommunicable disease registry system

Exchange) 24. HIV and AIDS registry

9. SPASMS (Synchronized Patient Alert via 25. ONEISS (online national electronic injury

SMS) surveillance system)

10. SPEED (Surveillance in Post Extreme 26. PRWD (philippine registry persons with

Emergencies and DIsasters) disabilities)

11. WAH (Wireless Access for Health) 27. VAWCRS (violence against women and

12. BizBox children registry system

13. eHealth TABlET for informed Decision

Making of LGUs (eHatid)

14. ESR (Event-based surveillance and

response system)

15. iClinicSys (Integrated clinic information

system)

16. iHomis (integrated hospital operations and

management information system)

17. ITIS (Integrated tuberculosis information

system)