Compliance and Privacy PDF
Document Details
Uploaded by RetractableForethought5217
Tags
Related
Summary
This document outlines compliance and privacy measures, referencing the Republic Act 10173 - Data Privacy Act of 2012. It covers topics such as cybersecurity, access controls, monitoring, and encryption. These are essential considerations for the protection of information systems, particularly within the government and private sectors.
Full Transcript
Compliance and Privacy In accordance to Republic Act 10173 - Data Privacy Act of 2012, SEC. 2. Declaration of Policy. – It is the policy of the State to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth. The Sta...
Compliance and Privacy In accordance to Republic Act 10173 - Data Privacy Act of 2012, SEC. 2. Declaration of Policy. – It is the policy of the State to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth. The State recognizes the vital role of information and communications technology in nation-building and its inherent obligation to ensure that personal information in information and communications systems in the government and in the private sector are secured and protected. 1. Cyberecurity a. PACS should be fortified against network-based attacks and software vulnerabilities i. The RIS-PACS server is connected to UP-Philippine General Hospital’s network firewall. ii. The RIS-PACS server is update to latest Microsoft versions and security software. iii. Updated operating systems with the latest vendor-approved critical patches from Microsoft in every workstations inside the UP- Philippine General Hospital. 2. Secured access controls a. The RIS-PACS access can be managed using internal software or via hospital’s domain network. b. User access is configured according to the staff’s role. c. The ability to change passsword is given to all users to protect their user account. d. Downloading of DICOM studies has been restricted for those roles that are only allowed by the radiology department. 3. Monitoring a. Any activities done in both Synapse PACS and Yasasii RIS can be tracked with an audit trail specifying the user, date and time, event, and particular study. 4. Encryption a. Studies that are being stored in Synapse PACS and Yasasii RIS are encrypted in using our very own Synapse technology. Reference: https://privacy.gov.ph/data-privacy-act/
