#Privacy Interests in EMRs

Rationale
  * No EMRs, no electronic health record to share, no potential for privacy breach of electronic health records. While paper-based patient information may also be shared illegitimately, electronic records magnify the ease and reach of unauthorized sharing or privacy breach.
  * greater potential for privacy breach, greater need for accountability
  * privacy and data security are intertwined 

###Privacy By Default and Design
  * Access Roles (encoders, managers, supervisors, doctors, nurses, PhilHealth, other PHIE operators): Data Warehouse vs Shared Patient Records
  * Encryption (data at rest, transmission, sharing, backup)
  * Masking, Hiding, Password (identify data fields to be hidden, masked fully or partially to whom?)
  * Audit Trail (access to logs; authority to copy, download, delete logs)
  * Use Cases for Data Dumps

  * Privacy Breach (definition, monitoring, reporting)
  * Authority, Accountability (who does what?: breach monitoring & reporting; data field masking, data download, data backup)
  * Roles of data custodian, processessor, encoders
  * privacy provisions in employment contracts of EMR operators

  * Privacy Policy Statement (institution's website)
  * data retention and processing policies
\\
\\