Book Creator
 Add this page to your book
Book Creator
 Remove this page from your book  

 Manage book (0 page(s))
 Help

Table of Contents

General Guidelines and Penalty Clause

General Guidelines

  • Since there are different classifications of health facilities, an algorithm should be made to standardize the process.
  • The HIE policy should be consistent and transparent during deployment.
  • DOH shall develop a monitoring and evaluation mechanism and perform random visits and monitoring on the implementation of the PHIE program for check and balance purposes.
  • Each health facility shall have its respective policy on role-based access control.
  • Provisions of data like patient records shall be consistent with the guidelines of the hospital health information management manual issued by the DOH.
  • The health facility shall implement capacity building activities in the security aspect of PHIE.
  • Appointment of a Chief Privacy Officer shall be a requirement in the licensing of hospitals.
  • Compliance to required PHIE security measures shall be included as an item in the checklist for PhilHealth Accreditation or renewal of license to operate.
  • Information, education and communication materials on data privacy and security shall be provided to the patient.
  • A reporting policy on violations shall be made.

OTHER REFERENCES

  • Revised disposal schedule of disposing records DOH no. 70 series 1986.
  • Private hospitals-interim guidelines on disposal on Health/Medical records affected by Typhoon Ondoy issued on Nov. 19, 2009.

OTHERS

  • Involve the National Archives of the Philippines in the drafting of policy guidelines on filing, storage, and disposal of electronic medical records.
  • Management of patient's complaints and its corresponding sanctions as prescribed by the civil service code shall be implemented.
  • A protocol for disaster response shall be developed.
  • Diagnoses that need to be reported and the exclusions shall be identified.

PENALTY CAUSE

  • Information breach is the unauthorized disclosure of information and can be in the context of the patient and/or the institutions. An escalation process on incidents of breach of information shall be developed.
  • There shall be real-time reporting of the name of the authorized user/s who violated the privacy law.
  • The health facility shall create internal policies on disciplinary action, escalation of issues and concerns, among others.
  • Violations shall include unauthorized processing, improper disposal, unauthorized access, negligence.

OTHERS

  • Define the term incident for incident reporting.

See Also