#General Guidelines and Penalty Clause ##General Guidelines * Since there are different classifications of health facilities, an algorithm should be made to standardize the process.\\ * The HIE policy should be consistent and transparent during deployment.\\ * DOH shall develop a monitoring and evaluation mechanism and perform random visits and monitoring on the implementation of the PHIE program for check and balance purposes.\\ * Each health facility shall have its respective policy on role-based access control.\\ * Provisions of data like patient records shall be consistent with the guidelines of the hospital health information management manual issued by the DOH. \\ * The health facility shall implement capacity building activities in the security aspect of PHIE.\\ * Appointment of a Chief Privacy Officer shall be a requirement in the licensing of hospitals.\\ * Compliance to required PHIE security measures shall be included as an item in the checklist for PhilHealth Accreditation or renewal of license to operate.\\ * Information, education and communication materials on data privacy and security shall be provided to the patient.\\ * A reporting policy on violations shall be made.\\ **OTHER REFERENCES**\\ * Revised disposal schedule of disposing records DOH no. 70 series 1986.\\ * Private hospitals-interim guidelines on disposal on Health/Medical records affected by Typhoon Ondoy issued on Nov. 19, 2009.\\ **OTHERS** * Involve the National Archives of the Philippines in the drafting of policy guidelines on filing, storage, and disposal of electronic medical records.\\ * Management of patient's complaints and its corresponding sanctions as prescribed by the civil service code shall be implemented.\\ * A protocol for disaster response shall be developed.\\ * Diagnoses that need to be reported and the exclusions shall be identified.\\ ##PENALTY CAUSE * Information breach is the unauthorized disclosure of information and can be in the context of the patient and/or the institutions. An escalation process on incidents of breach of information shall be developed.\\ * There shall be real-time reporting of the name of the authorized user/s who violated the privacy law.\\ * The health facility shall create internal policies on disciplinary action, escalation of issues and concerns, among others.\\ * Violations shall include unauthorized processing, improper disposal, unauthorized access, negligence.\\ **OTHERS**\\ * Define the term incident for incident reporting.\\ ---- ##See Also * [[consolidated_workshop_outputs|Consolidated Workshop Outputs]]