Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
national_health_data_privacy_board [2016/04/20 21:36]
wikiadmin [Training and Capacity Building]
national_health_data_privacy_board [2016/07/06 00:23] (current)
wikiadmin [Rationale]
Line 3: Line 3:
 ###​Rationale ###​Rationale
  
-The Health Privacy Board is a broad sectoral response to health information privacy needs. It will support the health sector in complying with issuances ​and administrative orders relating to health information privacy and further the development of policy and practice for health data protection. ​+The Health Privacy Board is a broad sectoral response to health information privacy needs. It will support the health sector in complying with laws, issuance ​and administrative orders relating to health information privacy and further the development of policy and practice for health data protection. ​
  
 ###​Composition ###​Composition
-The Health Privacy Board shall be composed of the Chairperson who shall be assisted by two Board Members, one to be responsible for Training and Capacity Building and one to be responsible for Compliance and Planning. ​+The Health Privacy Board shall be composed of the Chairperson who shall be assisted by two Board Members, one to be responsible for Training and Capacity Building and one to be responsible for Compliance and Planning. ​\\ 
 + 
 +**Appointment.** Appointment of full-time Board Members with salary grade not lower than 26 shall be done by the Steering Committee of PHIE. They shall be provided with office and administrative staff.\\ 
 + 
 +##​Competencies and Qualifications.  
 +Members of the Board shall have the following competencies and qualifications:​\\ 
 +  * Background in law, education, and clinical or public heath, a bachelor'​s degree in management, information systems, human resources, health administration or other relevant fields.\\ 
 +  * Minimum 5 years experience in health care.\\ 
 +  * Demonstrates mastery of regulatory development and compliance, including standards, laws and regulations concerning information security and privacy.\\ 
 +  * Familiar with business functions and operations of large institutions (preferably health-related).\\ 
 +  * Strong organizational and problem-solving skills.\\ 
 +  * Work effectively with teams and stakeholders.\\ 
 +  * Have the ability to communicate with clarity both orally and in writing.\\
  
 ###General Roles and Functions ###General Roles and Functions
  
-1. The Board shall assist in the implementation of the Privacy Guidelines and related ​issuances ​through Training and Capacity Building, and through Compliance Monitoring and Planning. ​   It shall coordinate with the licensing authority of the health institution or other accreditation bodies, when necessary, in order to perform its function. \\ +1. The Board shall assist in the implementation of the Privacy Guidelines and related ​issuance ​through Training and Capacity Building, and through Compliance Monitoring and Planning. ​  \\ 
-\\ +2. It shall coordinate with the licensing authority of the health institution or other accreditation bodies, when necessary, in order to perform its function. \\ 
-2. The Board shall accept complaints, inquiries and requests for assistance from the health sector on matters related to the Privacy Guidelines and related ​issuances.  \\+3. The Board shall accept complaints, inquiries and requests for assistance from the health sector on matters related to the Privacy Guidelines and related ​issuance.  \\
 a.  Complaints. ​  It shall promulgate rules and procedures for receiving and processing complaints. ​ It shall mediate between parties to reach a compromise settlement, without prejudice to reporting before the NPC or licensing and regulatory authorities matters contrary to law, in which case it shall make its recommendation after proper evaluation. ​  \\ a.  Complaints. ​  It shall promulgate rules and procedures for receiving and processing complaints. ​ It shall mediate between parties to reach a compromise settlement, without prejudice to reporting before the NPC or licensing and regulatory authorities matters contrary to law, in which case it shall make its recommendation after proper evaluation. ​  \\
 b.  Inquiries and Requests for Assistance. ​  It shall assist persons or institutions on the interpretation of privacy regulations. ​  It shall elevate to the Privacy Experts Group issues which in its discretion requires advisory assistance.\\ b.  Inquiries and Requests for Assistance. ​  It shall assist persons or institutions on the interpretation of privacy regulations. ​  It shall elevate to the Privacy Experts Group issues which in its discretion requires advisory assistance.\\
 \\ \\
-3. It shall provide the PEG a report of its activities, including case reports of issues brought before it that are of importance or significant impact.\\+4. It shall provide the PEG a report of its activities, including case reports of issues brought before it that are of importance or significant impact.\\
 \\ \\
-4. It shall make recommendations on change in policy or further policy development. ​ It shall coordinate with appropriate agencies to incorporate emerging technologies and new regulations in existing policies.\\+5. It shall make recommendations on change in policy or further policy development. ​ It shall coordinate with appropriate agencies to incorporate emerging technologies and new regulations in existing policies.\\
    
 \\ \\
  
-###Training and Capacity Building+###Board Member for Training and Capacity Building
 The Training and Capacity Building functions of the Board shall be spearheaded by the Board Member for Training and Capacity Building. He or she shall:\\ The Training and Capacity Building functions of the Board shall be spearheaded by the Board Member for Training and Capacity Building. He or she shall:\\
  
Line 29: Line 41:
 2. Develop and implement training modules for capacity building. 2. Develop and implement training modules for capacity building.
  
-3. Develop and implement programs to inform and educate the public of health information privacy and to promote a privacy culture in the health sector, including ​powerpoint presentations and articles ​that may be used by health information privacy advocates.+3. Develop and implement programs to inform and educate the public of health information privacy and to promote a privacy culture in the health sector, including ​but not limited to IEC materials ​that may be used by health information privacy advocates.
  
 4.  Conduct training workshops and accommodate requests for public information on the implementation of the privacy guidelines. 4.  Conduct training workshops and accommodate requests for public information on the implementation of the privacy guidelines.
Line 44: Line 56:
  
  
-###Privacy Compliance and Planning  +###Board Member for Privacy Compliance and Planning  
-The Pricacy ​Compliance and Planning functions of the Board shall be spearheaded by the Board Member for Privacy Compliance and Planning.+The Privacy ​Compliance and Planning functions of the Board shall be spearheaded by the Board Member for Privacy Compliance and Planning. ​He or she shall:\
  
-**Roles and Functions:​** +1.  Oversee the monitoring of privacy compliance in health facilities. It shall develop procedures for assessment or privacy practices in health facilities, in accordance with standards for organizational,​ physical and technical security measures in the Privacy Guidelines and related ​issuance.  It shall also coordinate with licensing and accreditation bodies to advocate inclusion of privacy standards in their evaluation of health facilities, in view of the requirement of existing laws. 
- +
-1.  Oversee the monitoring of privacy compliance in health facilities. It shall develop procedures for assessment or privacy practices in health facilities, in accordance with standards for organizational,​ physical and technical security measures in the Privacy Guidelines and related ​issuances.  It shall also coordinate with licensing and accreditation bodies to advocate inclusion of privacy standards in their evaluation of health facilities, in view of the requirement of existing laws. +
 2. Review privacy codes voluntarily adhered to by personal information controllers and processors in the health sector and make recommendations to meet standards for the protection of personal health information. 2. Review privacy codes voluntarily adhered to by personal information controllers and processors in the health sector and make recommendations to meet standards for the protection of personal health information.
 3. Identify gaps in current standards for organizational,​ physical and technical security measures for protection of personal health information and make recommendations for its improvement.  ​ 3. Identify gaps in current standards for organizational,​ physical and technical security measures for protection of personal health information and make recommendations for its improvement.  ​
Line 59: Line 69:
  
  
-##​Competencies and Qualifications 
- 
-  * Law, education, and clinical or public heath background. 
-  * At least a bachelor'​s degree in management, information systems, human resources, health administration,​ or other relevant fields 
-  * Minimum 5 years experience in health care 
-  * Demonstrates mastery of regulatory development and compliance, including standards, laws and regulations concerning information security and privacy 
-  * Familiar with business functions and operations of large institutions (preferably health-related) 
-  * Strong organizational and problem-solving skills 
-  * Work effectively with teams and stakeholders 
-  * Have the ability to communicate with clarity both orally and in writing 
  
 ###Job Order ###Job Order