**This is an old revision of the document!**
Privacy Set of Rules (SOR)
This is the wiki for the development of the Privacy Set of Rules (SOR) that will be the basis for the Implementing Rules and Regulations (IRR) of the Privacy Guidelines AO. Healthcare facilities will also evolve their own Privacy Protocols (PP) based on this SOR.
The initial rules were consolidated outputs from privacy workshops in Bacolod, Davao, Palawan, Metro Manila (including subsequent discussions via the PEG Mailing List).
Stakeholders may help revise this document.
For questions and concerns that cut across sections, please use the Discussion area below to raise them.
—-
##Collection and Processing of Health Information
####Consent
See Consent Rules
###Point of Collection
See Point of Collection
####Identification of Patient
See Identification of Patient
####Data to be Collected
See Data to be Collected
####Information to be Shared
See Information to be Shared
####Filing / Storage
See Filing / Storage
—-
##Access of Health Information
See Access of Health Information
—-
##Use and Disclosure of Health Information
See Use and Disclosure of Health Information
—-
##Data Security
####Administrative Security
See Administrative Security
####Physical Security
See Physical Security
####Technical Safeguards
See Technical Safeguards
####Use of Social Media
This subsection is deemed necessary for purposes of emphasis.
See Use of Social Media
—-
## The Privacy Team of the Health Facility
This section has been identified in the discussions as a gap that deserves separate treatment.
See Privacy Team
—
-
##Compliance, Incident Reporting and Response
This section has been identified as one of the gaps left unaddressed in one place in any of the workshops.
See Compliance, Incident Reporting and Response
\
###National Health Data Privacy Board
New section; not originally from the workshops.
* See National Health Data Privacy Board
—-
## General Guidelines and Penalty Clause
See General Guidelines and Penalty Clause
—-
##References
* Consolidated Output from Bacolod Workshop
* Consolidated Output from Davao Workshop
* Consolidated Output from Palawan Workshop
* Consolidated Output from Angeles Workshop
—-
##See Also
* Privacy Guidelines
* Privacy Act of 2012
* Privacy Workshops
* PEG To Dos and Suggestions
—-
Discussion
The proposal for a MOA between PHIE and participating health care institution can be an option to support the IRR of Privacy Act. But what is the legal personality behind PHIE? Will the NPC and/or DOH and/or DOST be part of this MOA? Another option is through the LGU. eHATID LGU partners have started issuing local resolutions on ehealth operational issues, copies of which are being sent to DOH KMITS and DOST PCHRD.
Please see how you can “distribute” the concerns under “General Guidelines and Penalty Clause” section. The section looks weak.
May I know if there is a consolidated output from the Palawan workshop? Thank you
there was a question from the Davao workshop whether there should be a MOA between PHIE and a participating health care institution.