Privacy Interests in EMRs
Rationale
- No EMRs, no electronic health record to share, no potential for privacy breach of electronic health records. While paper-based patient information may also be shared illegitimately, electronic records magnify the ease and reach of unauthorized sharing or privacy breach.
- greater potential for privacy breach, greater need for accountability
- privacy and data security are intertwined
Privacy By Default and Design
- Access Roles (encoders, managers, supervisors, doctors, nurses, PhilHealth, other PHIE operators): Data Warehouse vs Shared Patient Records
- Encryption (data at rest, transmission, sharing, backup)
- Masking, Hiding, Password (identify data fields to be hidden, masked fully or partially to whom?)
- Audit Trail (access to logs; authority to copy, download, delete logs)
- Use Cases for Data Dumps
- Privacy Breach (definition, monitoring, reporting)
- Authority, Accountability (who does what?: breach monitoring & reporting; data field masking, data download, data backup)
- Roles of data custodian, processessor, encoders
- privacy provisions in employment contracts of EMR operators
- Privacy Policy Statement (institution's website)
- data retention and processing policies