Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
national_health_data_privacy_board [2016/03/17 07:12] wikiadmin [References] |
national_health_data_privacy_board [2016/07/06 00:23] (current) wikiadmin [Rationale] |
||
|---|---|---|---|
| Line 3: | Line 3: | ||
| ###Rationale | ###Rationale | ||
| - | The National Health Privacy Board is a broad sectoral response to health information privacy needs. It will support the health sector in complying with issuances and administrative orders relating to health information privacy and further the development of policy and practice for health data protection. | + | The Health Privacy Board is a broad sectoral response to health information privacy needs. It will support the health sector in complying with laws, issuance and administrative orders relating to health information privacy and further the development of policy and practice for health data protection. |
| ###Composition | ###Composition | ||
| - | The National Health Privacy Board shall be composed of the Chairperson who shall be assisted by two Board Members, one to be responsible for Training and Capacity Building and one to be responsible for Compliance and Planning. | + | The Health Privacy Board shall be composed of the Chairperson who shall be assisted by two Board Members, one to be responsible for Training and Capacity Building and one to be responsible for Compliance and Planning. \\ |
| - | ###General Roles and Functions | + | **Appointment.** Appointment of full-time Board Members with salary grade not lower than 26 shall be done by the Steering Committee of PHIE. They shall be provided with office and administrative staff.\\ |
| - | 1. The Board shall assist in the implementation of the Privacy Guidelines and related issuances through Training and Capacity Building, and through Compliance Monitoring and Planning. It shall coordinate with the licensing authority of the health institution or other accreditation bodies, when necessary, in order to perform its function. | + | ##Competencies and Qualifications. |
| + | Members of the Board shall have the following competencies and qualifications:\\ | ||
| + | * Background in law, education, and clinical or public heath, a bachelor's degree in management, information systems, human resources, health administration or other relevant fields.\\ | ||
| + | * Minimum 5 years experience in health care.\\ | ||
| + | * Demonstrates mastery of regulatory development and compliance, including standards, laws and regulations concerning information security and privacy.\\ | ||
| + | * Familiar with business functions and operations of large institutions (preferably health-related).\\ | ||
| + | * Strong organizational and problem-solving skills.\\ | ||
| + | * Work effectively with teams and stakeholders.\\ | ||
| + | * Have the ability to communicate with clarity both orally and in writing.\\ | ||
| - | 2. The Board shall accept complaints, inquiries and requests for assistance from the health sector on matters related to the Privacy Guidelines and related issuances. | + | ###General Roles and Functions |
| - | a. Complaints. It shall promulgate rules and procedures for receiving and processing complaints. It shall mediate between parties to reach a compromise settlement, without prejudice to reporting before the NPC or licensing and regulatory authorities matters contrary to law, in which case it shall make its recommendation after proper evaluation. | + | |
| - | b. Inquiries and Requests for Assistance. It shall assist persons or institutions on the interpretation of privacy regulations. It shall elevate to the Privacy Experts Group issues which in its discretion requires advisory assistance. | + | |
| - | 3. It shall provide the PEG a report of its activities, including case reports of issues brought before it that are of importance or significant impact. | + | 1. The Board shall assist in the implementation of the Privacy Guidelines and related issuance through Training and Capacity Building, and through Compliance Monitoring and Planning. \\ |
| - | + | 2. It shall coordinate with the licensing authority of the health institution or other accreditation bodies, when necessary, in order to perform its function. \\ | |
| - | 4. It shall make recommendations on change in policy or further policy development. It shall coordinate with appropriate agencies to incorporate emerging technologies and new regulations in existing policies. | + | 3. The Board shall accept complaints, inquiries and requests for assistance from the health sector on matters related to the Privacy Guidelines and related issuance. \\ |
| + | a. Complaints. It shall promulgate rules and procedures for receiving and processing complaints. It shall mediate between parties to reach a compromise settlement, without prejudice to reporting before the NPC or licensing and regulatory authorities matters contrary to law, in which case it shall make its recommendation after proper evaluation. \\ | ||
| + | b. Inquiries and Requests for Assistance. It shall assist persons or institutions on the interpretation of privacy regulations. It shall elevate to the Privacy Experts Group issues which in its discretion requires advisory assistance.\\ | ||
| + | \\ | ||
| + | 4. It shall provide the PEG a report of its activities, including case reports of issues brought before it that are of importance or significant impact.\\ | ||
| + | \\ | ||
| + | 5. It shall make recommendations on change in policy or further policy development. It shall coordinate with appropriate agencies to incorporate emerging technologies and new regulations in existing policies.\\ | ||
| + | \\ | ||
| - | + | ###Board Member for Training and Capacity Building | |
| - | ###Training and Capacity Building | + | |
| The Training and Capacity Building functions of the Board shall be spearheaded by the Board Member for Training and Capacity Building. He or she shall:\\ | The Training and Capacity Building functions of the Board shall be spearheaded by the Board Member for Training and Capacity Building. He or she shall:\\ | ||
| Line 29: | Line 41: | ||
| 2. Develop and implement training modules for capacity building. | 2. Develop and implement training modules for capacity building. | ||
| - | 3. Develop and implement programs to inform and educate the public of health information privacy and to promote a privacy culture in the health sector, including powerpoint presentations and articles that may be used by health information privacy advocates. | + | 3. Develop and implement programs to inform and educate the public of health information privacy and to promote a privacy culture in the health sector, including but not limited to IEC materials that may be used by health information privacy advocates. |
| 4. Conduct training workshops and accommodate requests for public information on the implementation of the privacy guidelines. | 4. Conduct training workshops and accommodate requests for public information on the implementation of the privacy guidelines. | ||
| Line 36: | Line 48: | ||
| \\ | \\ | ||
| - | See Also [[privacy_training_team|Privacy Training Team of the National Health Privacy Board]]\\ | + | See Also [[privacy_training_team|Privacy Training Team of the Health Privacy Board]]\\ |
| \\ | \\ | ||
| Line 44: | Line 56: | ||
| - | ###Privacy Compliance and Planning | + | ###Board Member for Privacy Compliance and Planning |
| - | **Roles and Functions:** | + | The Privacy Compliance and Planning functions of the Board shall be spearheaded by the Board Member for Privacy Compliance and Planning. He or she shall:\ |
| - | + | 1. Oversee the monitoring of privacy compliance in health facilities. It shall develop procedures for assessment or privacy practices in health facilities, in accordance with standards for organizational, physical and technical security measures in the Privacy Guidelines and related issuance. It shall also coordinate with licensing and accreditation bodies to advocate inclusion of privacy standards in their evaluation of health facilities, in view of the requirement of existing laws. | |
| - | 1. Oversee the monitoring of privacy compliance in health facilities. It shall develop procedures for assessment or privacy practices in health facilities, in accordance with standards for organizational, physical and technical security measures in the Privacy Guidelines and related issuances. It shall also coordinate with licensing and accreditation bodies to advocate inclusion of privacy standards in their evaluation of health facilities, in view of the requirement of existing laws. | + | |
| 2. Review privacy codes voluntarily adhered to by personal information controllers and processors in the health sector and make recommendations to meet standards for the protection of personal health information. | 2. Review privacy codes voluntarily adhered to by personal information controllers and processors in the health sector and make recommendations to meet standards for the protection of personal health information. | ||
| 3. Identify gaps in current standards for organizational, physical and technical security measures for protection of personal health information and make recommendations for its improvement. | 3. Identify gaps in current standards for organizational, physical and technical security measures for protection of personal health information and make recommendations for its improvement. | ||
| Line 58: | Line 69: | ||
| - | ##Competencies/Qualifications: | ||
| - | * Law, clinical/ public heath, and education background. | ||
| ###Job Order | ###Job Order | ||
| Line 65: | Line 74: | ||
| * Suggested salary: 60k x 1.2 x 6 months\\ | * Suggested salary: 60k x 1.2 x 6 months\\ | ||
| * Budget for the compensation of the Compliance and Planning officer will be from DOST (as suggested), provided that we add a research component to it. Funding for writeshops and protocol template development will likely come from DOH and partners.\\ | * Budget for the compensation of the Compliance and Planning officer will be from DOST (as suggested), provided that we add a research component to it. Funding for writeshops and protocol template development will likely come from DOH and partners.\\ | ||
| - | |||
| - | |||
| - | ###Regulation | ||
| - | |||
| - | ###Composition: | ||
| - | |||
| - | 1. Should comprise of representatives from DOH and PhilHealth or include representatives from the health industry like PHA, PMA and PNA. The Office will either be in DOH or PhilHealth.???\\ | ||