Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
|
compliance_incident_reporting_response [2016/05/09 08:57] wikiadmin [In case of Breach] |
compliance_incident_reporting_response [2016/07/06 15:05] jillian_nadette_de_leon |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ##Compliance | ##Compliance | ||
| + | |||
| + | **Enforcement of the Privacy Code.** Health care facilities involved in the PHIE shall: \\ | ||
| + | a.) Register their data processing systems involved in the PHIE process to the health privacy board, including the data processing systems of contractors, employees and third parties entering into contracts with them that involve accessing or requiring sensitive personal health information from one thousand (1,000) or more individuals;\\ | ||
| + | b.) Notify the board of automatic processing operations being carried out by the health facility, its contractors and third parties;\\ | ||
| + | c.) Submit a copy of their privacy policy as well as a list of personnel having direct access to health information to the health privacy board;\\ | ||
| + | d.) Submit an annual report on documented security incidents to the health privacy board;\\ | ||
| + | e.) Comply with other requirements that may be provided in other issuance issued by the National Privacy Commission or the Health Privacy Board.\\ | ||
| Line 123: | Line 130: | ||
| ##See Also | ##See Also | ||
| * {{::complaint_process.docx|Notes on Complaint Process}} | * {{::complaint_process.docx|Notes on Complaint Process}} | ||
| - | * [[consolidated_workshop_outputs|Consolidated Workshop Outputs]] | + | * [[consolidated_workshop_outputs|Privacy Set of Rules (SOR)]] |
| + | |||
| + | |||