This is the wiki for the development of the Privacy Set of Rules (SOR) that will be the basis for the Implementing Rules and Regulations (IRR) of the Privacy Guidelines AO. Healthcare facilities will also evolve their own Privacy Protocols (PP) based on this SOR.

The initial rules were consolidated outputs from privacy workshops in Bacolod, Davao, Palawan, Metro Manila (including subsequent discussions via the PEG Mailing List).

Stakeholders may help revise this document.

For questions and concerns that cut across sections, please use the Discussion area below to raise them.

See Introduction

See Consent Rules

See Point of Collection

See Identification of Patient

See Data to be Collected

See Information to be Shared

See Filing / Storage

See Access of Health Information

See Use and Disclosure of Health Information

See Administrative Security

See Physical Security

See Technical Safeguards

This subsection is deemed necessary for purposes of emphasis.

• See Use of Social Media

####Cloud Computing

• See Cloud Computing

This section has been identified as one of the gaps left unaddressed in one place in any of the workshops. See Compliance, Incident Reporting and Response

• See Human Resources

• See Health Research

• See Patient Registries

• See Publication and Public Communication

This section has been identified in the discussions as a gap that deserves separate treatment. See Privacy Team

New section; not originally from the workshops.

• See Health Data Privacy Board

See General Guidelines and Penalty Clause
This subsection will be archived soon. The provisions here will the incorporated into other “live” subsections.

• Consolidated Output from Bacolod Workshop
• Consolidated Output from Davao Workshop
• Consolidated Output from Palawan Workshop
• Consolidated Output from Angeles Workshop

• Privacy Guidelines
• Privacy Act of 2012, pdf
• Privacy Workshops
• PEG To Dos and Suggestions