Data Privacy Mod 2 PDF

Summary

This document discusses data privacy, specifically the rights related to personal data. It outlines the concepts of informed consent, access, rectification, and the right to object to the processing of personal data. It includes considerations for healthcare data breaches and the proportionality of data processing.

Full Transcript

HEALTH INFORMATICS 08/31/2024.

MOD 2: DATA PRIVACY
Rafael Alexis Resurreccion, MD, FPCS Trans Group/s: 3B

I. INTRODUCTION
7 Right to Rectify
Technology and innovation have made communication
and our way of life faster and easier, but if our personal 8 Right to Data Portability
data and privacy have been compromised, it could affect
not only our personal and social life, but also pose an
impact on our finances. A. THE RIGHT TO BE INFORMED
For example, we post our daily routine, vacation, and Personal data is not to be collected, processed, or
shopping on social media. You registered your personal stored without an explicit consent
data to be able to obtain this free item. Sometimes, your
personal data are passed to different companies for B.THE RIGHT TO ACCESS
profiling, or what they call direct marketing. But what if it The right of the individual to have reasonable access
was used for something else? to his personal data, the manner in which this was
This is where the Republic Act of 2012 comes in. obtained and processed, and the identity of the
personal information controller
II. RA NO. 10173: DATA PRIVACY ACT OF 2012
The Congress of the Philippines passed the Republic C. THE RIGHT TO OBJECT
Act No. 10173 in 2012 Right of the individual to object to processing of
Also known as the Data Privacy Act (DPA) of 2012 personal data
Protects individuals from unauthorized processing Individuals have the absolute right to stop their data
of personal information that is private — NOT from being used for direct marketing
publicly available and identifiable Individuals must be informed of their right to object
An individual can make an objection verbally or in
writing
3 KEY ELEMENTS

DATA Any individual who is the D. THE RIGHT TO ERASURE AND BLOCKING
1 Also known as the RIGHT TO BE FORGOTTEN
SUBJECT source to obtain information
Right to suspend, withdraw, or order the blocking or
destruction of one’s personal data
Determines the purpose and
Individuals can make a request for erasure verbally or
the manner for which the
in writing
personal data is processed
DATA
He/she is the actual
2 INFORMATION E. THE RIGHT TO DAMAGES
beneficiary of the data
CONTROLLER One may claim compensation if they suffered
Task: control, review,
compare, and aggregate web damages due to inaccurate, incomplete, outdated,
analytics data false, or unlawfully obtained personal data

Any individual or legal entity F. THE RIGHT TO FILE A COMPLAINT
DATA subcontracted by the If one’s personal information has been misused,
3 maliciously disclosed, or improperly disposed of,
PROCESSOR controller to process personal
data they have the right to file a complaint

G. THE RIGHT TO RECTIFY
III. DATA SUBJECT’S RIGHTS Right to dispute and have corrected any inaccuracies
Personal information must be held under strict or errors in one’s data
confidentiality and for declared purpose only.
H. THE RIGHT TO DATA PORTABILITY
Allows individuals to obtain and reuse their personal
DATA SUBJECT’S RIGHTS
data for their own purposes across different services
Allows them to move, copy, or transfer personal data
1 Right to be Informed
easily from one IT environment to another in a safe and
secure way without affecting its usability
2 Right to Access This enables individuals to take advantage of
applications and services that can use data to find
3 Right to Object them a better deal
The right only applies to information an individual has
4 Right to Erasure and Blocking provided to a controller.

5 Right to Damages

6 Right to File a Complaint

Health Informatics - Mod 2 Data Privacy 1 of 3
The use of trans, practice questions, and evals ratio must be used discreetly and social media/public exposure of the aforementioned shall be strictly prohibited.
 IV. TRANSPARENCY, PURPOSE, AND IV. HEALTHCARE INDUSTRY
PROPORTIONALITY
The Philippine Law takes the approach that processing
of personal data shall be allowed subject to adherence
to the principles of transparency, legitimate purpose, and
proportionality.
Personal data should be processed fairly and lawfully.

A. PRINCIPLE OF PROPORTIONALITY
Requires that the processing of personal information
must be relevant to, and must not exceed the
declared purpose.
In research, personal information shall be held under
strict confidentiality and only for the declared
purpose.
Cybercrime in the healthcare system.
COMPLIANCE WITH THE PRINCIPLE OF
PROPORTIONALITY A total of 51% occur on healthcare data breaches

1 PERSONAL Description of personal data to 2 MAIN CAUSES OF HEALTHCARE DATA BREACHES
DATA TO BE be entered into the system
COLLECTED FAILURE TO Healthcare organizations fail to
UPGRADE upgrade their cyberspace as quickly
2 PURPOSE The exact purposes for which as other businesses.
they will be processed, such
as for direct marketing, PATIENT Criminals find personal patient
statistics, and research INFORMATION information valuable to exploit.
In the healthcare setting: VALUABLE TO
○ Research EXPLOIT
○ Case presentations
○ Live surgeries More and more records are stored digitally.
○ Those that are presented ○ Finding and sharing information is easier,
during societies’ reducing mistakes and providing better care.
conventions or Thus, the challenge between the balance of security
workshops of patient’s data and the need for productivity/

3 BASIS Basis for processing,
IN MEDICINE AND HEALTHCARE:
especially when it is not based
on one’s consent DATA SUBJECTS Patients

4 SCOPE AND Scope and method of one’s DATA INFORMATION Healthcare professionals
METHOD OF personal data processing CONTROLLER
PROCESSING

5 RECIPIENTS To whom the data may be PHYSICIANS SEE DATA PRIVACY IN THESE
disclosed CONDITIONS:

CLINICAL Both In-patient and out-patient scenarios
6 RECIPIENTS’ Methods used for automated
PRACTICE
ACCESS access by the recipient, and
its expected consequences SURGICAL Conventions, workshops, round table
for the data subject EDUCATION discussion and conferences

7 DATA Identity and contact details RESEARCH
CONTROLLER of the personal information
controller
MEDICAL STUDENTS SEE DATA PRIVACY IN THESE
8 STORAGE The duration for which the CONDITIONS:
DURATION data will be kept
WARD WORK Upon obtaining data, history,
ACTIVITIES physical examination
9 DATA One must also be informed of
SUBJECT’S the existence of one’s rights CASE
RIGHTS as a data subject PRESENTATION AND
REPORTING

Entails all the data processing
COMMUNITY
from data collection to data
MEDICINE
storage

CONCLUSION

Health Informatics - Mod 2 Data Privacy 2 of 3
The use of trans, practice questions, and evals ratio must be used discreetly and social media/public exposure of the aforementioned shall be strictly prohibited.
 1 RIGHTS: always keep in mind the data subject’s rights
regardless of whether you are the data subject or data
controller

2 INFORMED CONSENT: should adhere to
transparency, legitimate purpose, and proportionally

3 APPLY: the statements above in your profession and
daily routine

Health Informatics - Mod 2 Data Privacy 3 of 3
The use of trans, practice questions, and evals ratio must be used discreetly and social media/public exposure of the aforementioned shall be strictly prohibited.