Rationale

• No EMRs, no electronic health record to share, no potential for privacy breach of electronic health records. While paper-based patient information may also be shared illegitimately, electronic records magnify the ease and reach of unauthorized sharing or privacy breach.
• greater potential for privacy breach, greater need for accountability
• privacy and data security are intertwined

• Access Roles (encoders, managers, supervisors, doctors, nurses, PhilHealth, other PHIE operators): Data Warehouse vs Shared Patient Records
• Encryption (data at rest, transmission, sharing, backup)
• Masking, Hiding, Password (identify data fields to be hidden, masked fully or partially to whom?)
• Audit Trail (access to logs; authority to copy, download, delete logs)
• Use Cases for Data Dumps

• Privacy Breach (definition, monitoring, reporting)
• Authority, Accountability (who does what?: breach monitoring & reporting; data field masking, data download, data backup)
• Roles of data custodian, processessor, encoders
• privacy provisions in employment contracts of EMR operators

• Privacy Policy Statement (institution's website)
• data retention and processing policies