Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
introduction [2016/07/05 13:49]
wikiadmin [About this Document]
introduction [2016/07/25 15:27] (current)
jillian_nadette_de_leon
Line 8: Line 8:
  
 ##About this Document ##About this Document
- This shall be known and cited as the **Privacy Code** of the Joint Administrative Order No. 2016-0002 ​("​Privacy Guidelines for the Implementation of the Philippine Health Information Exchange"​). The **Privacy Code** is hereby promulgated to prescribe the rules, ​procedures and regulations protecting ​the privacy of the patients, in accordance with the Data Privacy Act of 2012 and its Implementing Rules and Regulations (IRR).+ This shall be known and cited as the **Health ​Privacy Code** of the Joint Administrative Order No. 2016-0002 ​otherwise known as "​Privacy Guidelines for the Implementation of the Philippine Health Information Exchange"​. The **Health ​Privacy Code** is hereby promulgated to prescribe the procedures and guidelines to ensure that the privacy of the patient is well protected.\\
  
 ##​Definitions ##​Definitions
   * //Access//- Refers to the instruction,​ communication with, storing data in, retrieving data from, or otherwise making use of any resources of a computer system or communication network.\\   * //Access//- Refers to the instruction,​ communication with, storing data in, retrieving data from, or otherwise making use of any resources of a computer system or communication network.\\
 +  * //​Addressable//​- Flexible specifications allowing the health care facility or health care provider to do one of the following actions:\\
 +a.) Implement the addressable implementation specification;​\\
 +b.) Implement one or more alternative security measures to accomplish the same purpose;\\
 +c.) Not implement either an addressable implementation specification or an alternative.\\
   *// Alteration//​- Refers to the modification or change, in form or substance, of an existing computer data or program.\\   *// Alteration//​- Refers to the modification or change, in form or substance, of an existing computer data or program.\\
   * //​Authentication//​- The process of verifying that an individual, entity or software program accessing the PHIE is the authorized user the person, entity or program claims to be.\\   * //​Authentication//​- The process of verifying that an individual, entity or software program accessing the PHIE is the authorized user the person, entity or program claims to be.\\
   * //​Authorization//​- The process of determining whether a user has the right to access the PHIE and establishing the privileges associated with such access.\\   * //​Authorization//​- The process of determining whether a user has the right to access the PHIE and establishing the privileges associated with such access.\\
- *// Breach//​- ​A security incident that leads to unlawful ​or unauthorized processing of personalsensitive ​or privileged ​information, or that otherwise compromises ​the availability,​ integrity and confidentiality ​of personal data processed under the control of a personal information controller.\\+ *// Breach//​- ​The unauthorized ​or impermissible acquisition,​ access, use, or disclosure of information ​and can be in the context ​of the patient and/or institutions.\\
   * //Cache//- a special high-speed storage mechanism which can either be a reserved section of main memory or an independent high-speed storage device.\\   * //Cache//- a special high-speed storage mechanism which can either be a reserved section of main memory or an independent high-speed storage device.\\
   * //​Caching//​- the process of storing data in a cache.\\   * //​Caching//​- the process of storing data in a cache.\\
Line 25: Line 29:
   * //​De-identification//​- Removal of identifiers to protect against inappropriate disclosure of personal information.\\   * //​De-identification//​- Removal of identifiers to protect against inappropriate disclosure of personal information.\\
   * //Digital Signature//​- a specific type of electronic signature based on public-key cryptography,​ used within a framework known as public-key infrastructure.\\   * //Digital Signature//​- a specific type of electronic signature based on public-key cryptography,​ used within a framework known as public-key infrastructure.\\
 +  * //​Discharge//​- The release of a patient from a provider'​s care, usually referring to the date at which a patient checks out of a health facility or hospital.\\
   * //​Electronic Medical Record//- A medical or health record which is received, recorded, transmitted,​ stored, processed, retrieved or produced electronically through computers or other electronic device.\\   * //​Electronic Medical Record//- A medical or health record which is received, recorded, transmitted,​ stored, processed, retrieved or produced electronically through computers or other electronic device.\\
   * //​Electronic Signature//​- refers to any representation in electronic form that can be used to express intent, including a printed name at the bottom of an e-mail, a digitized copy of a handwritten signature, a biometric mark, a sound, or digital structure.\\   * //​Electronic Signature//​- refers to any representation in electronic form that can be used to express intent, including a printed name at the bottom of an e-mail, a digitized copy of a handwritten signature, a biometric mark, a sound, or digital structure.\\
Line 42: Line 47:
   * //​Issuances//​- Refer to official write-up or documentation of statements, notices, announcements,​ and communications.\\   * //​Issuances//​- Refer to official write-up or documentation of statements, notices, announcements,​ and communications.\\
   * //​Interception//​- Refers to listening to, recording, monitoring or surveillance of the content of communications,​ including procuring of the content of data, either directly, through access and use of a computer system or indirectly, through the use of electronic eavesdropping or tapping devices, at the same time that the communication is occurring.\\   * //​Interception//​- Refers to listening to, recording, monitoring or surveillance of the content of communications,​ including procuring of the content of data, either directly, through access and use of a computer system or indirectly, through the use of electronic eavesdropping or tapping devices, at the same time that the communication is occurring.\\
 +  * //​Interpersonal Violence//- Violence that occurs between family members, intimate partners, friends, acquaintances and strangers, and includes child maltreatment,​ youth violence, sexual violence and elder abuse.\\
   * //Medical Privacy or Health Privacy//- Right to the protection of the confidential nature of personal health information,​ which includes communications between health care provider and patient, and personal data and information about a patient'​s condition as contained in medical records.\\   * //Medical Privacy or Health Privacy//- Right to the protection of the confidential nature of personal health information,​ which includes communications between health care provider and patient, and personal data and information about a patient'​s condition as contained in medical records.\\
   * //Medical Record or Health Record//- Primary repository of information concerning patient health care; a compilation of pertinent facts of a patient'​s life history including past and present illnesses and treatments entered by health professional contributing to the patient'​s care.\\   * //Medical Record or Health Record//- Primary repository of information concerning patient health care; a compilation of pertinent facts of a patient'​s life history including past and present illnesses and treatments entered by health professional contributing to the patient'​s care.\\
Line 53: Line 59:
 (a) A person or organization who performs such functions as instructed by another person or organization;​ and (a) A person or organization who performs such functions as instructed by another person or organization;​ and
 (b) An individual who collects, holds, processes or uses personal information in connection with the individual'​s personal, family or household affairs.\\ (b) An individual who collects, holds, processes or uses personal information in connection with the individual'​s personal, family or household affairs.\\
-  * //Principle of Legitimate Purpose//- Principle that refers to processing of information in accordance with a declared and specified purpose, which must not be contrary to law, morals or public policy.\\ 
-  * //Principle of Proportionality//​- Principle that refers to processing of information that is adequate, relevant and not excessive in relation to a declared and specified purpose.\\ 
-  * //Principle of Transparency//​- Principle that refers to processing of information conducted in a manner where an individual is given adequate and relevant knowledge about the nature, purpose, extent and intended use of processing of information,​ and provided with the right to consent, limit or object to the processing.\\ 
   * //​Privacy//​- The right of a person to be free from intrusion or disturbance in one's personal and intimate life or affairs. It includes informational privacy, which refers to the right of an individual not to have his or her private information disclosed including the ability to control what information is disclosed, with whom, and for what purpose.\\   * //​Privacy//​- The right of a person to be free from intrusion or disturbance in one's personal and intimate life or affairs. It includes informational privacy, which refers to the right of an individual not to have his or her private information disclosed including the ability to control what information is disclosed, with whom, and for what purpose.\\
 +  * //Privilege Communication//​- Conversation or working relationship which takes place between two parties within the context of a protective relationship such as between healthcare provider and a patient. ​
   * //​Processing//​- Any operation performed upon personal information including, but not limited to, the collection, recording, organization,​ storage, updating or modification,​ retrieval, consultation,​ use, consolidation,​ blocking, erasure or destruction of data.\\   * //​Processing//​- Any operation performed upon personal information including, but not limited to, the collection, recording, organization,​ storage, updating or modification,​ retrieval, consultation,​ use, consolidation,​ blocking, erasure or destruction of data.\\
 +  * //​Publication//​- The act or process of producing a book, magazine, etc., and making it available to the public. (Merriam-Webster,​ 2016).\\
   * //Public Health//- All organized measures to prevent disease, promote health, and prolong life among the population as a whole. Its activities aim to provide conditions in which people can be healthy and focus on entire populations,​ not on individual patients or diseases.\\   * //Public Health//- All organized measures to prevent disease, promote health, and prolong life among the population as a whole. Its activities aim to provide conditions in which people can be healthy and focus on entire populations,​ not on individual patients or diseases.\\
   * //Public Health Emergency//​- an occurrence or imminent threat of an illness or health condition, caused by bio terrorism, epidemic or pandemic disease, or a novel and highly fatal infectious agent or biological toxin, that poses a substantial risk of a significant number of human facilities or incidents or permanent or long-term disability.\\   * //Public Health Emergency//​- an occurrence or imminent threat of an illness or health condition, caused by bio terrorism, epidemic or pandemic disease, or a novel and highly fatal infectious agent or biological toxin, that poses a substantial risk of a significant number of human facilities or incidents or permanent or long-term disability.\\
Line 67: Line 72:
 (d) Specifically established by an executive order or an act of Congress to be kept classified.\\ (d) Specifically established by an executive order or an act of Congress to be kept classified.\\
   * //​Sharing//​- The process that allows the PHCP to access the patient'​s health information from the system.\\   * //​Sharing//​- The process that allows the PHCP to access the patient'​s health information from the system.\\
 +  * //Shared Health Record//- An operational,​ real-time transactional data source that serves as a means of allowing different services to share health data stored in a centralized data repository. It contains a subset of normalized data for a patient from various systems such as Electronic Medical Record (EMR).\\
   * //Social Media//- Electronic communication,​ websites or applications through which users connect, interact, or share information or other content with other individuals,​ collectively part of an online community. This includes Facebook, Twitter, Google+, Instagram, LinkedIn, Pinterest, Blogs, Social Networking Sites.\\   * //Social Media//- Electronic communication,​ websites or applications through which users connect, interact, or share information or other content with other individuals,​ collectively part of an online community. This includes Facebook, Twitter, Google+, Instagram, LinkedIn, Pinterest, Blogs, Social Networking Sites.\\
-  * //​Third-party ​Data Processor//Any person ​or entity other than:  +  * //​Third-party// ​Any personentity ​or institution ​other than the patient (data subject), ​health care provider ​or health facility ​(data controller/processor), or any other duly authorized data processor ​or person desiring to have access to patient'​s health information. (i.e. HMOs, Researchers,​ among others).
-(a) the data subject+
-(bthe data controller, or +
-(c) any data processor or other person ​duly authorized ​to process ​data for the data controller or processor.+
 \\ \\
 \\ \\