Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
privacy_team [2016/03/17 07:01]
wikiadmin [Staff]
privacy_team [2016/10/21 13:56] (current)
jillian_nadette_de_leon
Line 5: Line 5:
 # The Privacy Team of a Health Facility # The Privacy Team of a Health Facility
 ##The Privacy Officer ##The Privacy Officer
-In so far as practicable,​ a Privacy Officer (PO) shall be designated at a health facility. The PO's identity shall be made known to any data subject upon request. It is recommended that the PO has to be on the VP level (or equivalent) to have sufficient authority to uphold privacy in the institution.+In so far as practicable,​ a Privacy Officer (PO) shall be designated at a health facility. The PO's identity shall be made known to any data subject upon request. It is recommended that the PO has to be on the VP level (or equivalent) to have sufficient authority to uphold privacy in the institution. ​Expected to have some personnel with specialized privacy roles are regional health units (RHUs) and bigger health facilities. In a facility where plantilla position for a privacy officer could not be immediately secured, a Privacy-Officer-Designate shall be appointed. 
 + 
 +---- 
 +###​Appointment 
 +  * Hospitals with at least 300 authorized bed capacity shall employ a full time privacy officer. Hospitals with less than 300 authorized bed capacity and other health facilities such as infirmaries,​ birthing homes, BHS, OFW clinics, dialysis clinics, ambulatory-surgical clinic, psychiatric facilities, etc. may federate and designate a shared privacy officer.\\ 
 +*The Development Management Officer (DMO) shall be assigned as the Privacy Officer Designate for Rural Health Units. This shall be in addition to their responsibilities as DMO.\\ 
 + 
 +---- 
 + 
 + 
 +###​Qualifications 
 +  * At least a bachelor'​s degree in management, information systems, human resources, health administration,​ or other relevant fields\\ 
 +  * Minimum 5 years experience in health care or data security.\\ 
 +  * Familiar with regulatory development and compliance, including standards, laws and regulations concerning information security and privacy\\ 
 +  * Familiar with business functions and operations of large institutions (preferably health-related)\\ 
 +  * Strong organizational and problem-solving skills 
 +  * Work effectively with teams and stakeholders\\ 
 +  * Has the ability to communicate with clarity both orally and in writing\\
  
 ---- ----
Line 20: Line 37:
   *The PO is the contact person responsible for receiving complaints and providing individuals with further information about matters contained in the health facility'​s Privacy Protocols.\\   *The PO is the contact person responsible for receiving complaints and providing individuals with further information about matters contained in the health facility'​s Privacy Protocols.\\
   *The PO maintains a record of complaints and brief description of how they were resolved.\\   *The PO maintains a record of complaints and brief description of how they were resolved.\\
-  *The PO distributes the health facility'​s privacy protocols to all new patients and post the updated health facility'​s privacy protocols on the intitution's website or on its public bulletin boards.\\ +  *The PO distributes the health facility'​s privacy protocols to all new patients and post the updated health facility'​s privacy protocols on the institution's website or on its public bulletin boards.\\ 
-  *The continually updates the staff'​s knowledge of privacy rule guidelines, developments,​ and new regulations and must train workforce on these requirements. The PO shall update the health facility'​s privacy protocols, acknowledgement forms, authorization,​ consents, and other forms as required and ensures that the workforce adheres to the policies and procedures, including imposing sanctions on workforce members that breach an individual'​s privacy.\\+  *The PO continually updates the staff'​s knowledge of privacy rule guidelines, developments,​ and new regulations and must train workforce on these requirements. The PO shall update the health facility'​s privacy protocols, acknowledgement forms, authorization,​ consents, and other forms as required and ensures that the workforce adheres to the policies and procedures, including imposing sanctions on workforce members that breach an individual'​s privacy.\\
   *The PO effectively communicates technical and legal information to nontechnical and non-legal staff for employee training.\\   *The PO effectively communicates technical and legal information to nontechnical and non-legal staff for employee training.\\
   *The PO and privacy team shall account for devices used in facility and ensure devices containing electronic protected health information are encrypted as required by health facility'​s privacy protocols.\\   *The PO and privacy team shall account for devices used in facility and ensure devices containing electronic protected health information are encrypted as required by health facility'​s privacy protocols.\\
Line 31: Line 48:
   *The PO shall coordinate privacy safeguards with the practice'​s security officer to ensure consistency in development,​ documentation,​ and training for security and privacy requirements.\\   *The PO shall coordinate privacy safeguards with the practice'​s security officer to ensure consistency in development,​ documentation,​ and training for security and privacy requirements.\\
   *The PO shall coordinate and communicate to practice leaders and audits of the National Health Privacy Board or any other governmental or accrediting organization. \\   *The PO shall coordinate and communicate to practice leaders and audits of the National Health Privacy Board or any other governmental or accrediting organization. \\
-  *The PO shall coordinates with the intitution's Risk manager (if any) to address privacy risks.\\+  *The PO shall coordinates with the institution's Risk manager (if any) to address privacy risks.\\
   *The PO reports directly to the hospital director, president, board of directors.\\   *The PO reports directly to the hospital director, president, board of directors.\\
 ---- ----
  
-###​Qualifications +##​Staff ​
-  * At least a bachelor'​s degree in management, information systems, human resources, health administration,​ or other relevant fields\\ +
-  * Minimum 5 years experience in health care\\ +
-  * Familiar with regulatory development and compliance, including standards, laws and regulations concerning information security and privacy\\ +
-  * Familiar with business functions and operations of large institutions (preferably health-related)\\ +
-  * Strong organizational and problem-solving skills +
-  * Work effectively with teams and stakeholders\\ +
-  * Have the ability to communicate with clarity both orally and in writing\\ +
-  * Must undergo data privacy and security training from reputable providers\\ +
- +
----- +
- +
-###​Staff ​+
   * While the PO is responsible for privacy management and compliance, he or she may delegate responsibilities to others within the organization if they are trained and would communicate promptly with the privacy official on these matters.\\   * While the PO is responsible for privacy management and compliance, he or she may delegate responsibilities to others within the organization if they are trained and would communicate promptly with the privacy official on these matters.\\
  
 +\\ 
 +\\ 
 +\\
  
  
Line 57: Line 64:
  
 ##See Also ##See Also
-  * [[consolidated_workshop_outputs|Consolidated Workshop Outputs]] +  * [[consolidated_workshop_outputs|Privacy Set of Rules (SOR)]]
  
 ---- ----
-