PRIVACY OF PERSONAL AND PUBLIC DOMAINS
Lariosa, Iresef C. BSN 2-F
Privacy: Refers to the right of an individual to keep his/her health info private.
Confidentiality: Refers to the duty of anyone entrusted with health information to keep that
information private.
Protecting Patients from Harm includes Respect for their Right to Privacy
Health information is valuable and its unauthorized use or disclosure may put patients at risk for
unwanted publicity, identity theft, discrimination and other acts prejudicial to the patient.
Data Privacy Act of 2012
It is the policy of the State to protect the fundamental human right of privacy, of communication while
ensuring free flow of information to promote innovation and growth.
Personal Data
Any information from which the identity of an individual is apparent.
Any information that can be put together with other information to reasonably and directly identify an
individual.
Includes sensitive personal information such as your health, education, genetic or sexual life.
Includes information that is classified or Privileged
Personas Defined in the Law Data Subject
DATA SUBJECT
Individual whose personal information is being processed.
PERSONAL INFORMATION CONTROLLER
Person or organization who controls collection, holding, processing or use of personal information.
PERSONAL INFORMATION PROCESSOR
Natural or judicial person to whom a personal information controller may outsource the
processing of personal data pertaining to data subject
Data Privacy Principles
Transparency
Legitimate Purpose
Proportionality
TRANSPARENCY
The data subject must be aware of the nature, purpose, and extent of the processing of his or her
personal data, including the risks and safeguards involved, the identity of personal information
controller, his or her rights as a data subject, and how these can be exercised.
� Any information and communication relating to the processing of personal data should be easy to
access and understand, using clear and plain language
RIGHTS OF DATA SUBJECTS
including the right to file a complaint before the National Privacy Commission.
Rights of Data Subject:
Right to information
Right to object
Right to access
Right to correct
Right to erase
Right to damages
Right to data portability
Right to file a complaint
Right of Data Subject
1. Description of the personal information to be entered into the system;
2. Purposes for which they are being or are to be processed;
3. Scope and method of the personal information processing;
4. The recipients or classes of recipients to whom they are or may be disclosed;
5. Methods utilized for automated access, if the same is allowed by the data subject, and the extent to
which such access is authorized;
6. The identity and contact details of the personal information controller or its representative;
7. The period for which the information will be stored; and
8. The existence of their rights, i.e., to access, correction, as well as the right to lodge a complaint before
the Commission.
LEGITIMATE PURPOSE
The processing of information shall be compatible with a declared and specified purpose which must
not be contrary to law, morals, or public policy.
Processing of personal data should have the individual’s consent, or must be authorized or allowed by
the Constitution or by law.
Consent
Refers to any freely given, specific, informed indication of will, whereby the data subject agrees to the
collection and processing of personal information about and/or relating to him or her
The consent shall be evidenced by written, electronic or recorded means.
PROPORTIONALITY
The processing of information shall be adequate, relevant, suitable, necessary, and not excessive in
relation to a declared and specified purpose.
� ORGANIZATIONAL SECURITY MEASURES
Data Protection Officer
The DPO should possess specialized knowledge and demonstrate reliability necessary for the
performance of his or her duties and responsibilities.
Privacy Manual
Procedure for collection, use or disclosure, storage and disposal of personal data
Social media use in hospitals and healthcare facilities.
Physical Security Measures
Design of office space and work stations, including the physical arrangement of furniture and
equipment, shall provide privacy to anyone processing personal data, taking into consideration the
environment and accessibility to the public
Records room, work stations and data centers should have limited access.
Technical Security Measures
Security policy system monitoring
Safeguards: encryption, authentic process
Incident response, correct and mitigate breach, restore system
