Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
privacy_team [2016/04/07 00:17]
wikiadmin rephrase appointment subsection to reflect accurately discussions from a PEG mtg
privacy_team [2016/10/21 13:56] (current)
jillian_nadette_de_leon
Line 6: Line 6:
 ##The Privacy Officer ##The Privacy Officer
 In so far as practicable,​ a Privacy Officer (PO) shall be designated at a health facility. The PO's identity shall be made known to any data subject upon request. It is recommended that the PO has to be on the VP level (or equivalent) to have sufficient authority to uphold privacy in the institution. Expected to have some personnel with specialized privacy roles are regional health units (RHUs) and bigger health facilities. In a facility where plantilla position for a privacy officer could not be immediately secured, a Privacy-Officer-Designate shall be appointed. In so far as practicable,​ a Privacy Officer (PO) shall be designated at a health facility. The PO's identity shall be made known to any data subject upon request. It is recommended that the PO has to be on the VP level (or equivalent) to have sufficient authority to uphold privacy in the institution. Expected to have some personnel with specialized privacy roles are regional health units (RHUs) and bigger health facilities. In a facility where plantilla position for a privacy officer could not be immediately secured, a Privacy-Officer-Designate shall be appointed.
 +
 +----
 +###​Appointment
 +  * Hospitals with at least 300 authorized bed capacity shall employ a full time privacy officer. Hospitals with less than 300 authorized bed capacity and other health facilities such as infirmaries,​ birthing homes, BHS, OFW clinics, dialysis clinics, ambulatory-surgical clinic, psychiatric facilities, etc. may federate and designate a shared privacy officer.\\
 +*The Development Management Officer (DMO) shall be assigned as the Privacy Officer Designate for Rural Health Units. This shall be in addition to their responsibilities as DMO.\\
 +
 +----
 +
 +
 +###​Qualifications
 +  * At least a bachelor'​s degree in management, information systems, human resources, health administration,​ or other relevant fields\\
 +  * Minimum 5 years experience in health care or data security.\\
 +  * Familiar with regulatory development and compliance, including standards, laws and regulations concerning information security and privacy\\
 +  * Familiar with business functions and operations of large institutions (preferably health-related)\\
 +  * Strong organizational and problem-solving skills
 +  * Work effectively with teams and stakeholders\\
 +  * Has the ability to communicate with clarity both orally and in writing\\
  
 ---- ----
Line 33: Line 50:
   *The PO shall coordinates with the institution'​s Risk manager (if any) to address privacy risks.\\   *The PO shall coordinates with the institution'​s Risk manager (if any) to address privacy risks.\\
   *The PO reports directly to the hospital director, president, board of directors.\\   *The PO reports directly to the hospital director, president, board of directors.\\
- 
----- 
-##​Appointment 
-  * Health facilities with at least 300 beds are required to employ a Privacy Officer. Those with less than 300 beds may affiliate with other health facilities to employ a shared Privacy Officer. A government health facility requiring official plantilla position shall appoint Privacy Officer Designate while waiting for the official plantilla assignment.\\ 
-  * Rural Health Units may share a Privacy Officer in the provincial level, preferably working with the Provincial Health Unit.\\ 
- 
----- 
- 
-###​Qualifications 
-  * At least a bachelor'​s degree in management, information systems, human resources, health administration,​ or other relevant fields\\ 
-  * Minimum 5 years experience in health care\\ 
-  * Familiar with regulatory development and compliance, including standards, laws and regulations concerning information security and privacy\\ 
-  * Familiar with business functions and operations of large institutions (preferably health-related)\\ 
-  * Strong organizational and problem-solving skills 
-  * Work effectively with teams and stakeholders\\ 
-  * Have the ability to communicate with clarity both orally and in writing\\ 
-  * Must undergo data privacy and security training from reputable training providers\\ 
- 
 ---- ----
  
-###​Staff ​+##​Staff ​
   * While the PO is responsible for privacy management and compliance, he or she may delegate responsibilities to others within the organization if they are trained and would communicate promptly with the privacy official on these matters.\\   * While the PO is responsible for privacy management and compliance, he or she may delegate responsibilities to others within the organization if they are trained and would communicate promptly with the privacy official on these matters.\\
  
Line 65: Line 64:
  
 ##See Also ##See Also
-  * [[consolidated_workshop_outputs|Consolidated Workshop Outputs]] +  * [[consolidated_workshop_outputs|Privacy Set of Rules (SOR)]]
  
 ---- ----
-