https://privacywiki.serbizhub.net/ 2026-04-18T13:04:29+0800 https://privacywiki.serbizhub.net/ https://privacywiki.serbizhub.net/lib/tpl/writr/images/favicon.ico text/html 2016-10-21T12:49:07+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/access_of_health_information?rev=1477025347&do=diff ACCESS OF HEALTH INFORMATION Access of Health Care Providers. Upon patient consent, only the health care provider shall have access to the patient's health information and authorized entities as defined in Article IV, Section 1. Accessible Information for Health Care Providers text/html 2016-07-07T20:13:43+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/administrative_security?rev=1467893623&do=diff ORGANIZATIONAL SECURITY MEASURES 1. Policies and Procedures. The Health Facility shall be required to create its own privacy protocol. Privacy and security policies must be documented, maintained and updated as appropriate. 1.1. The PHCP shall create policies and procedures to specify the groups and positions that need to access health information to perform their job responsibilities, as well as the type of health information to which they need access. text/html 2015-10-25T15:39:41+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/bibliography?rev=1445758781&do=diff Bibliography Below is a collaborative compilation of literature relevant to privacy. A 1-5-sentence-per-entry annotation is suggested. Philippines Privacy in the Philippines International Frameworks and Standards Privacy Frameworks and Standards International Privacy Laws International Laws ---------- text/html 2016-06-09T18:34:59+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/cases_of_identity_theft?rev=1465468499&do=diff * “Uma Kompton” 1, 2 * “Laxa-Pangilinan” 1 text/html 2016-05-20T08:08:01+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/cloud_computing?rev=1463702881&do=diff ---------- See Also * Privacy Set of Rules (SOR) text/html 2016-07-19T16:26:35+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/compliance_incident_reporting_response?rev=1468916795&do=diff Compliance Compliance. Health care facilities involved in the PHIE are required to: a.) Register their data processing systems involved in the PHIE process to the health privacy board, including the data processing systems of contractors, employees and third parties entering into contracts with them that involves accessing or requiring sensitive personal health information from one thousand (1,000) or more individuals; text/html 2016-01-19T06:36:53+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/consent_form?rev=1453156613&do=diff Consent Features * simplicity; less legalese; easily translatable to local language * help make privacy conversation happen between providers (doctor/hospital) and clients/patients, making the process more educational rather than adversarial * text/html 2019-04-02T09:04:30+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/consent_rules?rev=1554167070&do=diff Consent 1. Consent. The consent shall conform to the requirements of an informed consent which are competence, amount and accuracy of information, patient understanding and voluntariness. The following are the characteristics of a valid informed consent: text/html 2017-07-29T22:02:12+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/consolidated_workshop_outputs?rev=1501336932&do=diff privacyPH.org/rules Privacy Set of Rules (SOR) This is the wiki for the development of the Privacy Set of Rules (SOR) that will be the basis for the Implementing Rules and Regulations (IRR) of the [Privacy Guidelines AO]. Healthcare facilities will also evolve their own Privacy Protocols (PP) based on this SOR. text/html 2016-07-27T11:38:43+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/data_to_be_collected?rev=1469590723&do=diff DATA TO BE COLLECTED Authorized personnel to amend data if required. Data collection and processing shall be done by an authorized employee of the health facility and shall ensure that Clinical Practice Guidelines are observed when changing data: a.) Original entry must be visible. text/html 2016-06-28T23:17:46+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/filing-storage?rev=1467127066&do=diff Filing / Storage * All information collected at different levels of care shall be integrated into a common file and an electronic archiving system shall be developed for the storage of electronic data. * Health care providers shifting to electronic records shall ensure that their paper records are stored properly. Paper records shall be digitized for the purpose of preservation and not destruction. text/html 2016-01-25T13:16:57+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/general_guidelines_and_penalty_clause?rev=1453699017&do=diff General Guidelines and Penalty Clause General Guidelines * Since there are different classifications of health facilities, an algorithm should be made to standardize the process. * The HIE policy should be consistent and transparent during deployment. text/html 2016-08-15T11:26:52+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/health_research?rev=1471231612&do=diff Health Research Research Subject. * The research participant shall be made to understand that he or she can opt-out of the study or have their personal information deleted from the project's database if they so request in writing. * Acceptable recruitment methods. text/html 2015-10-19T23:16:38+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/hipaa_infographic?rev=1445267798&do=diff text/html 2016-07-19T15:52:02+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/human_resources?rev=1468914722&do=diff Human Resources 1. On-boarding of employees of the health care facilities. All candidates for employment, contractors and third party shall be adequately screened, especially for sensitive jobs. Security roles and responsibilities of employees, contractors , and the third party shall be defined and documented in accordance with the facility's information security policy. This document shall be signed as an agreement by employees, contractors, and the third party of information processing faci… text/html 2016-07-01T20:11:00+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/identification_of_patient?rev=1467375060&do=diff Patient Identifier. The unique identifier for patients shall be their PhilHealth Personal Identification Number. Point of de-identification. Only de-identified health information shall be stored in the PHIE Data Warehouse. De-identification shall be done upon contact with the Participating Health Care Provider. The Participating Health Care Provider shall transmit information from patient's records to PHIE as shared health record or as part of PHIE's data warehouse. If the patient consents, t… text/html 2016-07-01T20:17:53+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/information_to_be_shared?rev=1467375473&do=diff Information to be shared Participating health care providers shall share health information exclusively for continuity of medical services. Health information shall be retained and shared only for purposes prescribed upon its collection. ---------- text/html 2015-10-25T15:51:45+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/international_privacy_laws?rev=1445759505&do=diff Privacy Laws Europe * Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data The Data Privacy Act of 2012 of the Philippines has been patterned after this EU law. North America * Health Insurance Portability and Accountability Act of 1996 (HIPAA) ---------- See Also * Bibliography text/html 2016-07-25T15:27:37+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/introduction?rev=1469431657&do=diff Introduction As a mandate of the Constitution to provide quality health care to the Filipino people while protecting and promoting the right to privacy, the Department of Health (DOH), in cooperation with the Department of Science and Technology (DOST), Philippine Health Insurance Corporation (PhilHealth), University of the Philippines-Manila (UPM), and Commission on Higher Education (CHED), established the National eHealth Program (NeHP) that envisions widespread information-technology (IT)-en… text/html 2016-07-12T16:54:10+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/irr_public_consultation?rev=1468313650&do=diff Event Help Info shortcut to this page: privacyPH.org/eventhelp Public Consultation on the Draft IRR of the Data Privacy Act Wednesday, July 13, 2016, 8am-5pm Room 301 Institute of Small Scale Industries (ISSI) E. Jacinto St. University of the Philippines DIliman, Quezon City text/html 2015-11-14T19:23:59+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/joint_circular_on_the_implementation_of_phie_lite?rev=1447500239&do=diff Privacy write here text/html 2016-07-06T00:23:45+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/national_health_data_privacy_board?rev=1467735825&do=diff Draft notes only. Contribute; do not cite without permission. Rationale The Health Privacy Board is a broad sectoral response to health information privacy needs. It will support the health sector in complying with laws, issuance and administrative orders relating to health information privacy and further the development of policy and practice for health data protection. text/html 2016-07-05T21:16:55+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/patient_registries?rev=1467724615&do=diff Patient Registries Patient Registry- refers to the organisation and processes supporting a patient register-- a set of patient records systematized around a particular disease, condition or exposure, and serving “one or more predetermined scientific, clinical or policy purposes text/html 2016-04-11T17:28:34+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/peg_to_dos_and_suggestions?rev=1460366914&do=diff ToDo List * Site visit and engagement for protocol development with an RHU. * Coordinate with PHIC/ Dr. Kenneth Go in identifying the smaller health facilities that will champion in the privacy protocol development. * Set a meeting with the National Archives of the Philippines and the Philippine Statistical authority to discuss the timeline in retaining information. text/html 2015-12-22T08:54:03+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/peg_wishlist?rev=1450745643&do=diff PEG (Privacy Expert Group) Wishlist For PHIE * MOA templates (between Participating Health Care Providers and PHIE) For DOH * plantilla position for the privacy officer * standardization of health facility forms (e.g., admission form, admitting order, advanced procedures, patient release), incorporating privacy concerns text/html 2015-10-30T12:08:37+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/peg_workshop_facilitators_guide?rev=1446178117&do=diff Facilitators' Guide Privacy Workshops 12-13 November, Palawan 26-27 November, NCR 22-23 October 2015 Davao City 1-2 October 2015 Bacolod City Introduction The series of workshops on privacy is an exercise in participatory rule-making. It aims to formulate privacy-related rules that concretize, refine, and enhance the provisions of the ehealth privacy guidelines from the perspective of healthcare practitioners, support staff, healthcare managers, patients, and other stakeholders. Special… text/html 2016-07-02T17:29:59+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/physical_security?rev=1467451799&do=diff PHYSICAL SECURITY 1. Inventory of Information Technology Physical Devices. The IT personnel shall maintain and update an inventory of all information technology physical devices being used in the facility. The inventory shall include but not be limited to, on premise server equipment, firewall and security devices, client workstations, network devices, mobile devices, biometric and authentication devices, as well as other present and future information technology devices that may be relevant f… text/html 2016-07-19T13:39:16+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/point_of_collection?rev=1468906756&do=diff POINT OF COLLECTION Point of Collection of Information Collection of information shall start at the time of registration in the health facility. This shall be done in the Admitting or Registration section and subsequent information shall be provided at different points of care undergone by the patient. text/html 2016-06-09T18:58:08+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/privacy_harms?rev=1465469888&do=diff Privacy Harms Introduction According to Thomson, most people nowadays seem to have no clear or surefire answers in defining the right to privacy as they tend to confuse and completely associate it with other rights related to this such as the right “to be forgotten,” “to be left alone,” and “to property” without really focusing on the aspect of privacy. In fact, most people are oblivious about privacy wherein they only acknowledge it knowing that there is something special about this right tha… text/html 2018-06-15T17:47:01+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/privacy_impact_assessment?rev=1529056021&do=diff Privacy Impact Assessment * NPC PIA Template v2 References Indicated on the NPC PIA-related Documents * ISO/IEC 29134:2017 |Information technology -- Security techniques -- Guidelines for privacy impact assessment * Privacy Impact Assessment: the 10 Steps. This is based on the Australian regulation. Important in its focus on project-based assessment. * Commission Nationale de l’Informatique et des Libertés. (2012). Managing Privacy Risks Assessment Methodology. Retrieved from text/html 2015-12-02T09:12:20+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/privacy_in_the_philippines?rev=1449018740&do=diff Privacy in the Philippines--Annotated Bibliography Laws, Circulars * Data Privacy Act of 2012 (RA 10173) * [Department Circular No. 70 Series of 1996 - Revised Disposition Schedule of Medical Records] Declarations * [Philippine Medical Association (PMA) Declaration on the Rights and Obligations of the Patient] Cases * Cebu Cannister Scandal * See Also * Bibliography text/html 2016-03-10T10:44:57+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/privacy_interests_in_emrs?rev=1457577897&do=diff Privacy Interests in EMRs Rationale * No EMRs, no electronic health record to share, no potential for privacy breach of electronic health records. While paper-based patient information may also be shared illegitimately, electronic records magnify the ease and reach of unauthorized sharing or privacy breach. text/html 2016-04-16T08:11:51+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/privacy_interests_in_healthcare_facility_administration?rev=1460765511&do=diff Privacy Interest in Healthcare Facility Administration Rationale Without an enforcement mechanism and strong leadership in the site, privacy guidelines, rules, procedures, protocols are difficult to implement Respect for privacy is respect for persons and their human rights. It helps improve quality of care and make healthcare providers more mindful of patients' needs. Privacy is context-sensitive. For privacy policies to be effective, they have to be driven by a deep understanding of the cont… text/html 2016-08-15T11:23:47+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/privacy_interests_in_research?rev=1471231427&do=diff PrivacyPH.org/research Privacy Interests in Health Research ---------- Latest version of the IRR: privacyPH.org/dpairr ---------- This wiki aims to discuss privacy issues in health research and to propose specific Privacy Code for [the Privacy Guidelines] (based on RA 10173). The main Code-drafting exercise for the Guidelines is done text/html 2016-05-30T07:46:53+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/privacy_risk_mitigation?rev=1464565613&do=diff privacyPH.org/protect In light of the recent breach at COMELEC involving personal information of 55-million Filipino voters, we're compiling certain measures below that may help mitigate some privacy risks entailed by the incident. Since Filipino voters are generally young, it can take decades before much of the personal information from the breach becomes obsolete and useless to those who may commit fraud using the COMELEC data. Such data include (at least) fullnames, birthdates, birthplaces, … text/html 2015-10-30T22:52:06+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/privacy_standards?rev=1446216726&do=diff ISO * [ISO/IEC 29100 Information technology — Security techniques — Privacy framework] * [ISO/IEC 15944-8 Information technology — Business Operational View — Part 8: Identification of privacy protection requirements as external constraints on business transactions] * [ISO/IEC 29187-1 Information technology — Identification of privacy protection requirements pertaining to learning, education and training (LET) — Part 1: Framework and reference model] Frameworks * U.S.-EU & U.S.-Swiss … text/html 2016-10-21T13:56:44+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/privacy_team?rev=1477029404&do=diff For discussion only. Do not cite without permission. Contribute by editing this document directly. Use the Discussion section below for suggestions. ---------- The Privacy Team of a Health Facility The Privacy Officer In so far as practicable, a Privacy Officer (PO) shall be designated at a health facility. The PO's identity shall be made known to any data subject upon request. It is recommended that the PO has to be on the VP level (or equivalent) to have sufficient authority to uphold priv… text/html 2019-07-16T09:27:59+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/privacy_tools?rev=1563240479&do=diff Privacy-Enhancing Tools Operating System * Tails - a live operating system that can be used to start from a DVD, USB stick, or SD card. Data Collection and Processing * RedCAP * KoBoToolbox ##See Also * PrivacyTools.io ---------- text/html 2016-02-12T23:34:29+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/privacy_training_team?rev=1455291269&do=diff The Privacy Training Team This is the proposed Training Team of the proposed Health Privacy Board. Privacy Training Officer Roles and Functions The privacy training officer can help fill the gap between rule-making exercises and some urgent need to build a cadre of health privacy advocates and organizers. The Privacy Training Officer could text/html 2015-11-02T21:30:39+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/privacy_workshop_presentations?rev=1446471039&do=diff * [Al Alegre, "Privacy, technology, & public policy in electronic health management," 2014] See Also * Privacy Workshops text/html 2015-11-02T21:20:41+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/privacy_workshop_program?rev=1446470441&do=diff Day 1 * Overview of NeHP and PHIE * Workshop Series Objectives * Health Info Privacy Panel: Privacy Guidelines Overview, Collection and Processing of Health Information, Access of Health Information, Uses and Disclosure of Health Information, Data Security text/html 2015-12-07T13:35:48+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/privacy_workshops?rev=1449466548&do=diff Metro Manila 26-27 November 2015 * [Consolidated Output from Angeles Workshop] Palawan 12-13 November 2015 * [Consolidated Output from Palawan Workshop] Davao 23-24 October 2015 * [Consolidated Output from Davao Workshop] Bacolod 1-2 October 2015 * [Consolidated Output from Bacolod Workshop] See Also * Workshop Program * Privacy Workshop Presentations text/html 2019-01-25T10:00:47+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/public_repositories?rev=1548381647&do=diff Public Repositories public repositories of data sets Qualitative * Qualitative Data Repository - Syracuse University * UK Data Service Mixed * Academic Torrents. This requires an edu email to be able to upload. text/html 2016-07-06T21:18:22+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/publication_and_public_communication?rev=1467811102&do=diff Publication of Privacy Policy * Privacy protocols of health facilities shall be available both in written and electronic forms and shall be distributed to all employees. * Health facilities shall ensure that appropriate signages indicating the availability of privacy protocols are posted. text/html 2016-06-14T19:26:35+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/rhu_sample_contract?rev=1465903595&do=diff * CONTRACT OF SERVICE* KNOW ALL MEN BY THESE PRESENTS: This Contract made and entered into this (Date) and between: THE CITY OF (), a Local Government Unit existing under the laws of the Philippines with address at () City; -and\\ text/html 2016-06-26T08:00:01+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/sample_privacy_protocol_for_a_municipal_health_office?rev=1466899201&do=diff PRIVACY PROTOCOL FOR A MUNICIPAL HEALTH OFFICE eHealth Information Privacy in the Philippines These rules adopt the principles of transparency, legitimate purpose and proportionality contained in the Data Privacy Act of 2012 for the processing of health information ad acknowledges the need to implement security measures for data protection. It adheres to the duty of maintaining confidentiality of patient’s medical records and health information as provided by the law, Rules of Court, and the … text/html 2016-10-18T14:41:56+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/start?rev=1476772916&do=diff PrivacyPH.org Privacy Wiki Featured Documents * Updated IRR of the Data Privacy Act: privacyPH.org/dpairr * Privacy Interests in Research * [Joint AO 2016-0001 - Implementation of the Philippine Health Information Exchange (PHIE)] * [Joint AO 2016-002 - Privacy Guidelines for the Implementation of the PHIE] ---- * Privacy Set of Rules (SOR). Interested publics are welcome to help refine this document that will serve as basis for the Health Privacy Protocol. text/html 2016-07-04T16:00:57+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/technical_safeguards?rev=1467619257&do=diff TECHNICAL SAFEGUARDS A. Access Controls Technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights: text/html 2016-07-19T15:27:10+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/use_and_disclosure_of_health_information?rev=1468913230&do=diff USE AND DISCLOSURE OF HEALTH INFORMATION\\ Use and Disclosure. Use and disclosure of health information shall only be to the extent of consent given by the patient and for the following purposes: a.) For planning of quality services; b.) Requirement for reporting for communicable, infectious and other notifiable diseases as well as those with serious health and safety threat to the public such as, but not limited to: text/html 2016-07-05T17:11:38+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/use_of_social_media?rev=1467709898&do=diff Use of Social Media This code on social media use shall apply to all facilities and health care personnel covered by the enabling order, the Joint Administrative Order No. 2016-0002. 1. Definition of Social Media. This refers to electronic communication, websites or applications through which users connect, interact or share information or other content with other individuals, collectively part of an online community. This includes Facebook, Twitter, Google+, Instagram, LinkedIn, Pinterest, B… text/html 2017-07-26T08:40:06+0800 Anonymous (anonymous@undisclosed.example.com) https://privacywiki.serbizhub.net/doku.php/video_materials?rev=1501029606&do=diff The power of privacy (1/5): Does the internet know where you live? The power of privacy (2/5): Hacking exposed: the tricks of the trade The power of privacy (3/5): What can you do when private data goes public? The power of privacy (4/5): Open data: mapping the fallout from Fukushima