Ethics FINALS PDF - Data Privacy Act of 2012
Document Details
Uploaded by NicerYeti
2012
Tags
Summary
This document is a past paper on the Data Privacy Act of 2012 (DPA). The paper discusses the origins and impacts of the DPA in the Philippines. The document also explores the key concepts and provisions of the act.
Full Transcript
Unit 6 FINALS Republic Act 10173 Data Privacy Act of 2012 (DPA) Ethical Issues Related to Technology in the Delivery of (slide 4 of 6) Health Care...
Unit 6 FINALS Republic Act 10173 Data Privacy Act of 2012 (DPA) Ethical Issues Related to Technology in the Delivery of (slide 4 of 6) Health Care * The Journey of the DPA A. Data Protection and Security - European Union’s 1995 Data Protection Directive. 1. Data Privacy Act 2012 (RA 10173 Series of 2012) - Electronic Commerce Act of 2000 (R.A. No. 8792) – recognition and use of electronic commercial and non- Republic Act 10173 Data Privacy Act of 2012 (DPA) commercial transactions and documents. (slide 1 of 6) - Membership in the Asia-Pacific Economic Cooperation “An act protecting individual personal information in (APEC) -- Privacy Framework in 2005. information and communications systems in the - DTI Administrative Order No. 8 in 2006 -- which government and the private sector, creating for this prescribed guidelines for a local data protection purpose a National Privacy Commission, and for other certification system. purposes” - The DPA was signed into law in 2012, with the local BPO sector as its most visible endorser. Republic Act 10173 Data Privacy Act of 2012 (DPA) (slide 5 of 6) * The Journey of the DPA - Creation of the Dept. of Information and Communications Technology (DITC) in 2015 (R.A. No. 10844). - The activation of the National Privacy Commission (NPC) in 2016 - DPA’s Implementing Rules and Regulations was put in effect on September 9, 2016 Republic Act 10173 Data Privacy Act of 2012 (DPA) Republic Act 10173 Data Privacy Act of 2012 (DPA) (slide 3 of 6) (slide 6 of 6) * The Philippines has a growing and important business process management and health information technology Provision of the DPA industry. - Chapter I – General Provisions * Total IT spending reached $4.4 billion in 2016, and - Chapter II – The National Privacy Commission expected to more than double by 2020. - Chapter III – Processing of Personal Information * The country is also in the process of enabling free public - Chapter IV – Rights of the Data Subject Wi-Fi. - Chapter V – Security of Personal Information - rapid growth of the digital economy and increasing - Chapter VI – Accountability for Transfer of Personal international trade of data. Information * Filipinos are heavy social media users - Chapter VII – Security of Sensitive Personal Information - 67M internet users – world’s #1 in terms of social media in Government usage (Digital 2018 by Hootsuite, and We Are Social Ltd.) - Chapter VIII – Penalties * Facebook users – 30M in 2013 to 67M in 2017 - Chapter IX – Miscellaneous Provisions Scope (slide 1 of 5) * SEC. 4. Scope - This Act applies to the processing of all types of personal information and to any natural and juridical person involved in personal information processing including those personal information controllers and processors who, although not found or established in the Scope (slide 5 of 5) Philippines, use equipment that are located in the Philippines, or those who maintain an office, branch or * This Act does not apply to the following: agency in the Philippines. - (f) Information necessary for banks and other financial institutions under the jurisdiction of the independent, Scope (slide 2 of 5) central monetary authority or Bangko Sentral ng Pilipinas to comply with Republic Act No. 9510, and Republic Act *This Act does not apply to the following: No. 9160, as amended, otherwise known as the Anti- - (a) Information about any individual who is or was an Money Laundering Act and other applicable laws; and officer or employee of a government institution that - (g) Personal information originally collected from relates to the position or functions of the individual, residents of foreign including: jurisdictions in accordance with the laws of those foreign * (1) The fact that the individual is or was an officer or jurisdictions, including any applicable data privacy laws, employee of the government institution; which is being processed in the Philippines. * (2) The title, business address and office telephone number of the individual; General Rights of Data Subjects (slide 1 of 2) * (3) The classification, salary range and responsibilities of the position held by the individual; and 1. Right to INFORMATION; * (4) The name of the individual on a document prepared 2. Right to ACCESS; by the individual in the course of employment with the 3. Right to CORRECT; government; 4. Right to REMOVE; 5. Right to DAMAGES; Scope (slide 3 of 5) 6. Right to DATA PORTABILITY. * This Act does not apply to the following: - Rights TRANSMISSIBLE: The lawful heirs of the data - (b) Information about an individual who is or was subject may invoke the rights of the data subject for, performing service under contract for a government which he or she is an heir or assignee at any time after institution that relates to the services performed, the death of the data subject or when the data subject is including the terms of the contract, and the name of the incapacitated or incapable of exercising the rights. individual given in the course of the performance of those services; General Rights of Data Subjects (slide 2 of 2) - (c) Information relating to any discretionary benefit of * Exceptions a financial nature such as the granting of a license or * The Rights of the Data Subject are not applicable, IF: permit given by the government to an individual, - 1. the processed personal information are used only for including the name of the individual and the exact nature the needs of scientific and statistical research AND, on of the benefit; the basis of such, no activities are carried out and no decisions are taken regarding the data subject; Scope (slide 4 of 5) - 2. The processing of personal information is gathered This Act does not apply to the following: for the purpose of investigations in relation to any - (d) Personal information processed for journalistic, criminal, administrative or tax liabilities of a data subject. artistic, literary or research purposes; - (e) Information necessary in order to carry out the Approach of the Government (slide 1 of 1) functions of public authority which includes the * The processing of personal data shall be allowed processing of personal data for the performance by the subject to adherence to the principles of: independent, central monetary authority and law - Transparency enforcement and regulatory agencies of their - Legitimate purpose constitutionally and statutorily mandated functions. - Proportionality Data Processing and Consent (slide 1 of 3) Sensitive Personal Information (slide 2 of 3) * Collection of personal data must be: - Declared * All processing of sensitive and personal information is - Specified prohibited except in certain circumstances. - Legitimate purpose - Consent of the data subject; - Pursuant to law that does not require consent; Data Processing and Consent (slide 2 of 3) - Necessity to protect life and health of a person; * Consent is required prior to the collection of all - Necessity for medical treatment; personal data. - Necessity to protect the lawful rights of data subjects - the data subject must be informed about the extent and incourt proceedings, legal proceedings, or regulation. purpose of processing. for the “automated processing of his or her personal data for profiling, or processing for Sensitive Personal Information (slide 3 of 3) direct marketing, and data sharing”. * Security of Sensitive Personal Information in - for sharing information with affiliates or even mother Government companies must be “freely given, specific, informed,” - Responsibility of Heads of Agencies – information shall and must be evidenced by recorded means. be secured with the most appropriate standards as recommended by the NPC. Heads of agencies are Data Processing and Consent (slide 3 of 3) responsible for complying with the security * Consent is not required for processing where the data requirements. subject is party to a contractual agreement, for purposes - Requirements of Access by Agency Personnel: of fulfilling that contract. a) ONLINE/ONSITE - no employee of the government - for protection of the vital interests of the data subject. shall have access unless the employee has received a - to response to a national emergency. security clearance. - for the legitimate interests of the data controller. b) OFFSITE – information shall not be transported or accessed offsite unless a request is approved. Agreement (slide 1 of 1) * “The law requires that when sharing data, the sharing Personal Information Controllers (slide 1 of 3) be covered by an agreement that provides adequate safeguards for the rights of data subjects, and that these * Personal Information Controller refers to a person or agreements are subject to review by the National Privacy organization who controls the collection, holding, Commission” processing or use of personal information, including a person or organization who instructs another person or Sensitive Personal Information (slide 1 of 3) organization to collect, hold, process, use, transfer or * The law defines sensitive personal information as disclose personal information on his or her behalf. The being: term excludes: - About an individual’s race, ethnic origin, marital status, - (1) A person or organization who performs such age, color, and religious, philosophical or political functions as instructed by another person or affiliations; organization; and - About an individual’s health, education, genetic or - (2) An individual who collects, holds, processes or uses sexual life of a person, or to any proceeding or any personal information in connection with the individual’s offense committed or alleged to have committed; personal, family or household affairs. - Issued by government agencies “peculiar” (unique) to an individual, such as social security number; Personal Information Controllers (slide 2 of 3) - Marked as classified by executive order or act of Personal Information Processor refers to any natural or Congress. juridical person qualified to act as such to whom a personal information controller may outsource the processing of personal data pertaining to a data subject. Personal Information Controllers (slide 3 of 3) B. Benefits and Challenges of Technology * Rights of Personal Information Controllers 1. Benefits 1. Outsource the processing of personal information to processors qualified as such; 2. Invoke the defense of privileged communication. Benefits of Technology (slide 1 of 8) * Technology has brought a number of remarkable Penalties (slide 1 of 2) changes to the health industry throughout the years. It * Ranging from P100,000 to P5,000,000 (approximately has allowed a number of cures to be created and US$2,000 to US$100,000) beneficial changes to be made in treatment and care. * Imprisonment of 1 year up to 6 years * With the constant state of improvements and upgrades, it is important to consider where we are today - Unauthorized Processing of Personal Information and in terms of beneficial healthcare technology. Sensitive Personal Information Benefits of Technology (slide 2 of 8) - Accessing Personal Information and Sensitive Personal Information Due to Negligence. 1. Easily Accessible Medical Information - Improper Disposal of Personal Information and Sensitive Personal Information It has become increasingly common for people suffering from questionable symptoms to immediately consult the Penalties (slide 2 of 2) internet for an answer to their ailments.This is great for * Ranging from P100,000 to P5,000,000 (approximately easing worries or providing answers when your medical US$2,000 to US$100,000) provider may not be readily available. * Imprisonment of 1 year up to 6 years - Processing of Personal Information and Sensitive It can also save you money by avoiding unnecessary Personal Information for Unauthorized Purposes. doctor visits. - Unauthorized Access or Intentional Breach. However, looking up your symptoms online can lead to - Concealment of Security Breaches Involving Sensitive anxiety and panic over a simple illness, as your symptoms Personal Information. may be present for a number of different sicknesses. In - Malicious Disclosure. these instances, it is important to consult your doctor for - Unauthorized Disclosure. a professional diagnosis. Who Needs to Register? (slide 1 of 1) Benefits of Technology (slide 3 of 8) * Companies with at least 250 employees or access to the personal and identifiable information of at least 1,000 2. A Larger Presence on Social Media people are required to register with the National Privacy - Physicians, hospitals, and clinics have made it a Commission and comply with the Data Privacy Act of standard practice to create an avenue to the public 2012. through social media sites. This not only grants them a larger audience, but allows people an easy way to reach Compliance of the Data Privacy Act (slide 1 of 1) out for information from them. * The National Privacy Commission, which was created - They can offer advice or information specific to their to enforce RA 10173, will check whether companies are practice, educating followers far and wide. compliant based on a company having 5 elements: - Another great perk from this is that past patients are - Appointing a Data Protection Officer able to leave feedback or a review of the service they - Conducting a privacy impact assessment received at the specific medical facility, or with a specific - Creating a privacy knowledge management program doctor. This can greatly help potential patients narrow - Implementing a privacy and data protection policy down a doctor or facility that they feel could best serve - Exercising a breach reporting procedure their needs. Benefits of Technology (slide 4 of 8) Benefits of Technology (slide 7 of 8) 5. Improved Relationships with Patients 3. Better treatments, equipment, and medicine - Doctors can easily access a patient’s records, allowing - It is no secret that as we move further into the age of them to provide better, in-depth knowledge about each technology, a number of benefits emerging. patient’s medical past and care. - Many would consider that improved healthcare is the - Patient files used to line the halls of practices, creating greatest result to come from technology. large amounts of paperwork and eliminating the - Better equipment has allowed doctors to provide more possibility of finding years-past medical records. comprehensive care. Better treatments have increased - Now, technology has allowed medical records to be the quality of life of a number of different people transcribed online, easily available to both doctor and suffering from long-term illnesses. And better medicine patient. has completely wiped out the fear of some life- - Patients can feel more comfortable with their doctor threatening illnesses of the past. when he understands their complete health picture. Benefits of Technology (slide 5 of 8) Benefits of Technology (slide 8 of 8) 3. Better treatments, equipment, and medicine 6. It Helps to Predict Outbreaks - It has also helped speed up research, as well as connect - Since many people search online for answers once they medical researchers from around the world. This has begin to feel under the weather, that data actually adds allowed the focus to be narrowed and the manpower to up to create a larger picture specific to that query. multiplied in finding answers to certain medical - Yearly flu outbreaks are a great example of this. mysteries. Locations can be determined from the online searches - Procedures have been improved as well. For example, a and a database can be created that shows the rise in medical spain San Mateo County uses state-of-the-art possible cases as well as the spread of the illness. This technology for plastic surgery. can be an important step in preparing for outbreaks as - The scope of qualified technicians and physicians has well as predicting the outlook for the flu season in future largely increased, allowing more options with safe years. results. - All of these things are due to improved technology. B. Benefits and Challenges of Technology 2. Challenges Benefits of Technology (slide 6 of 8) Challenges of Technology (slide 1 of 6) 4. Faster Results * Technology has changed the way industry professionals - It used to take weeks or even a month to get the results approach the idea of healthcare. of medical testing. * While many of these innovations are positive — - With improved technology, it is now possible to get facilitating patient care and ensuring traditional results as soon as the lab is finished with your sample. treatments are more effective — they also present some - Many hospitals and clinics offer web portals, allowing unique challenges. Why? Because this technology is you to access your results within hours or days. This is something the industry has never seen before. incredibly helpful in easily anxiety and providing the answers you seek. Challenges of Technology (slide 2 of 6) - These web portals also allow you to access your past medical records, giving you a chance to keep track of 1. The Challenge Of Interoperability (exchange) appointments, medical issues, and billing. It is a great - One of the most significant selling points of electronic way to add convenience for the patient. health records (EHRs) is they allow practitioners to access relevant patient data instantly. With the adoption of this technology nearly complete — around 95 percent of hospitals use EHRs — interoperability is proving to be a challenge. Challenges of Technology (slide 5 of 6) - To put it bluntly, interoperability is a mess. Patient identification isn't standardized, often making it 4. Exacerbating Malpractice Claims impossible to match a person with their records. Nearly - MedTech has made many practices easier, but it anyone can input information into a patient's EHR, but overcomplicates others. withdrawing data isn't always possible. One case from 2013 is an ideal example. - Avoiding interoperability problems will require * A 16-year-old patient was supposed to take a single industrywide changes. One solution is to implement dose of antibiotics before a routine procedure. A lack of cloud-based EHRs, which centralize the database while interoperability meant everyone who saw the patient — still providing the necessary security. between admissions and when he complained of anxiety — thought he needed to Challenges of Technology (slide 3 of 6) take another dose. Overall, he took nearly 39 times the recommended dose of this medication. 2. Keeping Up With Old Tech In spite of all of these technological advances, many Challenges of Technology (slide 6 of 6) facilities still use out-of-date technology. Outdated software creates security holes like the one that allowed 5. Overall Implementation hackers to take down the National Health Security's - Implementing technology in medicine has a steep (NHS's) system in 2017. Windows 7 devices are about to learning curve. Those who need it most may not have be in the same boat, with the company ending support in time to learn how to use it. Without a comprehensive 2020. understanding, trying to use medical technology can - It's easy to upgrade a computer to the next operating lead to practitioner error and malpractice. system in line. However, for medical equipment running - Hospital administrators, medical professionals and IT an older OS, upgrading isn't as straightforward. The best teams need to tackle this challenge head-on. Technology way to avoid problems is to upgrade when possible. The is going to change and shape the medical industry for facility's IT department should be fluent in every decades to come. Those that don't adapt will be left operating system that's currently in use. behind, struggling to keep up with the tidal wave of innovation that's sweeping through healthcare. Challenges of Technology (slide 4 of 6) 3. User-Unfriendly Interfaces C. Current Technology: Issues and Dilemma - Medical technology is advancing by leaps and bounds. 1. Issues and Dilemma Yet one thing left in the dark ages is user interface. These devices might change the world, but it won't matter if they're too difficult to use. If there's too much data on Issues and Dilemma (slide 1 of 3) the screen at once, or the interface doesn't help users 1. Privacy and Confidentiality navigate, no one is going to use it. Although controlling access to health information is - For medical professionals, there are two possible important, but is not sufficient for protecting the courses of action to avoid an interface problem. confidentiality. Additional security steps such as strong * First, engage with manufacturers during the privacy and security policies are essential to secure research and development phase and let them know patient's information. what's needed. * Second, take the time to learn how unfriendly Issues and Dilemma (slide 2 of 3) interfaces work. It may be challenging, but it could be the lesser of two evils. 2. Security Breaches - Security measures such as firewalls, antivirus software, and intrusion detection software must be included to protect data integrity. Specific policies and procedures serve to maintain patient privacy and confidentiality. For example, employees must not share their ID with anyone, always log off when leaving a terminal and use their own ID to access patient digital records. A security officer must be designated by the organization to work with a team of health IT experts. - Routine random audits should be conducted on a regular basis to ensure compliance with hospital policy. All system activity can be tracked by audittrails. This includes detailed listings of content, duration and the user; generating date and time for entries and logs of all modifications to EHRs. Issues and Dilemma (slide 3 of 3) 3. Data Inaccuracies - Inaccurate representation of the patient's current condition and treatment occurs due to improper use of options such as “cut and paste”. This practice is unacceptable because it increases the risk for patients and liability for clinicians and organizations. - Another feature that can cause a problem in the data integrity is the drop down menu and disposition of relevant information in the trash. - A growing problem is of medical identity theft. This results in the input of inaccurate information into the record of the victim.