Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
general_guidelines_and_penalty_clause [2015/12/31 00:33]
jillian_nadette_de_leon
general_guidelines_and_penalty_clause [2016/01/24 21:16] (current)
jillian_nadette_de_leon
Line 1: Line 1:
 #General Guidelines and Penalty Clause #General Guidelines and Penalty Clause
 +
 ##General Guidelines ##General Guidelines
 +  * Since there are different classifications of health facilities, an algorithm should be made to standardize the process.\\
 +  * The HIE policy should be consistent and transparent during deployment.\\
 +  * DOH shall develop a monitoring and evaluation mechanism and perform random visits and monitoring on the implementation of the PHIE program for check and balance purposes.\\
 +  * Each health facility shall have its respective policy on role-based access control.\\
 +  * Provisions of data like patient records shall be consistent with the guidelines of the hospital health information management manual issued by the DOH. \\
 +  * The health facility shall implement capacity building activities in the security aspect of PHIE.\\
 +  * Appointment of a Chief Privacy Officer shall be a requirement in the licensing of hospitals.\\
 +  * Compliance to required PHIE security measures shall be included as an item in the checklist for PhilHealth Accreditation or renewal of license to operate.\\
 +  * Information,​ education and communication materials on data privacy and security shall be provided to the patient.\\
 +  * A reporting policy on violations shall be made.\\
  
-1. Revised disposal schedule of disposing records DOH no. 70 series 1986 +**OTHER REFERENCES**\\ 
-2Backing up of electronic records, digital storage, archives, +  * Revised disposal schedule of disposing records DOH no. 70 series 1986.\\ 
-3. Private hospitals - Interim ​guidelines on disposal on Health/​Medical records affected by +  ​* ​Private hospitals-interim ​guidelines on disposal on Health/​Medical records affected by Typhoon Ondoy issued on Nov. 19, 2009.\\
-Typhoon Ondoy issued on Nov 14, 2009 +
-4. Retention of medical records for both government and private health care facilities +
-5. Develop a monitoring and evaluation mechanism.\\ +
-6. Each facility should have its respective policy regarding role-based access control.\\ +
-7. Provision of data like patient records shall be consistent with the guidelines of hospital health information management manual issued by he DOH.\\ +
-8. There should be an algorithm to standardize the process depending on the classification of health facilities.\\ +
-9. Involve the National Archives of the Philippines in the drafting of policy guidelines on the filing, storage and disposal of electronic medical records.\\ +
-10. Consistent and transparent deployment of HIE Policy, eradicating different interpretation on the field. \\ +
-11. Management of patient'​s complaints and its corresponding sanctions as prescribed by the civil service code shall be implemented.\\ +
-12. Capacity building in the security aspect of PHIE shall be implemented among health facilities.\\ +
-12. Include chief privacy officer as a requirement in the licensing of hospitals.\\ +
-13. Ascertain the authority of persons entering or encoding the data, ensure no unauthorized editing of data happens, document the entire process of editing data (request for editing, reason for editing, who did the editing, the process followed in editing, closing the process of editing)\\ +
-14. Protocol for disaster response should be made.\\ +
-15. Government-related policies:​\\ +
-  * include compliance to required PHIE security measures as item in the checklist ​ for PhilHealth Accreditation of the hospital or renewal of license to operate.\\ +
-  * Perform random visits and monitoring of DOH on the implementation of the PHIE program for check and balance purposes.\\ +
-  * Identify the diagnosis that needs to be reported and specify exclusions.\\ +
-16. Patient-related policies: \\ +
-  * There should be a waiver from liability in the event of hacking from the patient.\\ +
-  * There should be participation in reporting policy violations (e.g Hotline)\\ +
-  * Provide information,​ education and communication (IEC) materials on data privacy and security to the patient. +
- +
- +
- +
- +
- +
- +
- +
-##Penalty Clause +
-1. Contracts, consultants should be considered, performance matrix,\\ +
-2. Internal processes; incident reporting, investigation process\\ +
-3. Unauthorized processing, authorized processing Philhealth, improper disposal, unauthorized +
-access Reportorial,​ data subject transparency,​ negligence,​\\ +
-4. Freedom information vs data privacy and data protection.\\ +
-5. There should be an escalation process regarding incidents of breach of information/​data.\\ +
-5a. Recommended definition: Information breach is the unauthorized disclosure of information.\\ +
-5b. Information breach can be in the context of patient and institution.\\ +
-5c. Sample breach can include: \\ +
-  * Capturing and posting of an image of a person despite being not identified (e.g. part of a body).\\ +
-  * Capturing and posting of an image of equipment, specimen, etc.\\ +
-6. Real-time reporting of the name of the authorized users who violated the privacy law.\\ +
-7. Internal policies on disciplinary action, escalation of issues and concerns, among others shall be crafted by the health facility.\\ +
-8. Define the term incident for the purpose of incident reporting.\\ +
  
 +**OTHERS**
 +  * Involve the National Archives of the Philippines in the drafting of policy guidelines on filing, storage, and disposal of electronic medical records.\\
 +  * Management of patient'​s complaints and its corresponding sanctions as prescribed by the civil service code shall be implemented.\\
 +  * A protocol for disaster response shall be developed.\\
 +  * Diagnoses that need to be reported and the exclusions shall be identified.\\
  
 +##PENALTY CAUSE
 +  * Information breach is the unauthorized disclosure of information and can be in the context of the patient and/or the institutions. An escalation process on incidents of breach of information shall be developed.\\
 +  * There shall be real-time reporting of the name of the authorized user/s who violated the privacy law.\\
 +  * The health facility shall create internal policies on disciplinary action, escalation of issues and concerns, among others.\\
 +  * Violations shall include unauthorized processing, improper disposal, unauthorized access, negligence.\\
  
 +**OTHERS**\\
 +  * Define the term incident for incident reporting.\\ ​