LESSON 14

ETHICS, PRIVACY
AND SECURITY
 ETHICS IN HEALTH INFORMATICS
• Application of the principles of ethics in the domain
of health informatics.
Emil Gatus
Student
Technology helped in the modernization of the
• Number
Lesson
health
Name
1 of care industry, however, this made
practitioners
School
1.1 Definition of to be dependent on the use of
mechanical aids in providing patient treatment.
Vision, Mission, Goals
and Objectives
Conversely,
1.2 Comparison
Vision and Mission
of human values should continue to
govern
1.3 Purpose and research and the actual practice in health
care.
Inclusion of Vision
and Mission
Lesson 2
Lesson 3
• Health care informatics covers issues on honorable
Lesson 4

actions and proper and improper behaviors in the

Lesson 5
Lesson 6
field of health care. However, most health
Lesson 7
Lesson 8
practitioners are not familiar with ethical issues even
Lesson 9

if some issues have been controversial.

Lesson 10
Lesson 11
Lesson 12
Lesson 13
Lesson 14
Lesson 15
 ETHICS IN HEALTH INFORMATICS
Ethical concerns:
privacy
•Emil Gatus
Student
and confidentiality
useof of appropriate informatics tools in
• Name
Number

clinical settings
Lesson 1
School
1.1 Definition of
Vision, Mission, Goals

• determination of users
and Objectives
1.2 Comparison of
Vision and Mission

• system evaluation
1.3 Purpose and
Inclusion of Vision
and Mission

• system development,
Lesson 2
Lesson 3
Lesson 4

• legal and regulatory requirements

Lesson 5
Lesson 6
Lesson 7
Lesson 8
Lesson 9
Lesson 10
Lesson 11
Lesson 12
Lesson 13
Lesson 14
Lesson 15
 Listed below is a set of ethical principles for
appropriate use of decision-support systems, particularly
inEmil
Informatics:
Gatus
Student
1.
NumberA program should undergo appropriate evaluation
1 prior
Name
Lesson of to use in clinical practice. It should perform
efficiently
School
1.1 Definition of
Vision, Mission, Goals
at an acceptable financial and timeframe
cost.
and Objectives
1.2 Comparison of
Vision and Mission
2. Adequate training and instruction
1.3 Purpose and should be
completed
Inclusion of Vision
and Mission before proceeding to the
Lesson 2
Lesson 3implementation.
Lesson 4

3. A qualified health professional should be assigned to

Lesson 5
Lesson 6
Lesson 7
Lesson 8
handle concerns regarding uses, licenses and other
Lesson 9concerns. The software systems’ applications should
not replace functions such as decision making.
Lesson 10
Lesson 11
Lesson 12
Lesson 13
Lesson 14
Lesson 15
 Information systems allows easy retrieval
of patient information which assist in the
Emil Gatus
dispensation
Student of health care or other
Number
supplementary
Name of
Lesson 1 services which are part
School
1.1 Definition of

of health informatics.
Vision, Mission, Goals
and Objectives
1.2 Comparison of
The three main aspects
Vision and Mission
1.3 Purpose and

of information ethics:
Inclusion of Vision
and Mission
Lesson 2
Lesson 3
Lesson 4
Lesson 5
Lesson 6
• general ethics
Lesson 7
Lesson 8 • informatics ethics
Lesson 9
Lesson 10
Lesson 11 • software ethics
Lesson 12
Lesson 13
Lesson 14
Lesson 15
General Ethics
In public health, general ethics guide the
reasoning
Emil Gatus
and decision–making of all people and
organization
Student involved in healthcare.
Number
1. Autonomy
Name of
Lesson 1
School
• Autonomy is defined as either allowing
1.1 Definition of
Vision, Mission, Goals
and Objectives

individuals to make their own decisions or as the

1.2 Comparison of
Vision and Mission
1.3 Purpose and
idea of being free from external influence or
Inclusion of Vision
and Mission

control.
Lesson 2
Lesson 3
Lesson 4

• Electronic health records (EHR) must maintain

Lesson 5
Lesson 6
Lesson 7
respect for patient autonomy, and this entails
Lesson 8
Lesson 9

certain restrictions about the access, content,

Lesson 10
Lesson 11
Lesson 12
and ownership of records.
Lesson 13
Lesson 14
Lesson 15
• A compromise must be reached between
levels of patient autonomy and quality of
patient records. When patients are given too
much control over their EHRs, this could defeat
the purpose of the use of such document
because critical information might be modified
or deleted without the knowledge of the health
professionals.
• Limiting patient access and control over
patient records improves document quality
because patients can also verify their own
records (Mercuri, 2010).
2. Beneficence and Non-maleficence
• Beneficence - “do good” . Relates with the
usage
Emil Gatus of stored data in the EHR system
Student
Number
• Non-Maleficence - “do no harm.”Relates with
Name
Lesson 1
School
1.1 Definition
of
of

how the stored data is protected.

Vision, Mission, Goals
and Objectives
1.2 Comparison of
Vision and Mission
1.3 Purpose and

Deeply integrated EHR systems will contain

Inclusion of Vision
and Mission
Lesson 2

substantial amounts of raw data, and great

Lesson 3
Lesson 4

potential exists for the conduct of groundbreaking

Lesson 5
Lesson 6
Lesson 7

biomedical and public health researches.

Lesson 8
Lesson 9
Lesson 10
Lesson 11
Lesson 12
Lesson 13
Lesson 14
Lesson 15
• These kinds of research will be beneficial to
both the individual patient and to the entirety
of society.
• With this in mind, new EHR systems should be
developed with the capacity to allow patients
to release information from their EHRs which
can be valuable to researchers and scientists.
• Similarly, the available consolidated data from
clinical data repositories will allow health care
professionals to provide the best possible
treatment for their patients, further upholding
the principle of beneficence.
 However, the integrated data storage in health
informatics is also a breeding ground for varying threats.
• Temporary outages, at a minimum, might prevent
health care professionals from performing necessary
procedures.
Emil Gatus At worst, it could even result in significant
Student
patient mortality.
Number
Lesson Total
•1.1 Definition
Name
1 of system failures may cause even greater damage.
School of
Vision,In order
Mission, Goals to avoid these instances, all data must have
and Objectives
multiple back-ups for fast and easy recovery.
1.2 Comparison of
Vision and Mission
• Since
1.3 Purpose and
Inclusion of Vision medical records contain very sensitive
Lessoninformation about an individual, the highest level of
and Mission
2
Lesson 3
Lessondata
4 security possible should also be upheld.
Lesson 5
• Vulnerabilities in security might ultimately lead to the
Lesson 6
Lesson 7

Lessonviolation of the principle of non-maleficence (Mercuri,

Lesson 8
9

Lesson2010).
Lesson 10
11
Lesson 12
Lesson 13
Lesson 14
Lesson 15
Informatics Ethics
Informatics ethics is about the ethical behavior
expected from an individual assigned to handle
information. It follows seven principles as
prescribed
Emil Gatus
Student
by the International Medical
Informatics
Number Association (2016).
Name of
1. Principle
Lesson 1
School
1.1 Definition of of
Vision, Mission, Goals
Information-Privacy and
Disposition
and Objectives
1.2 Comparison of

Everyone has the fundamental right to

Vision and Mission
1.3 Purpose and
Inclusion of Vision
Lesson 2
Lesson 3
privacy. Every individual should ensure that
and Mission

Lesson 4
Lesson 5
he or she has control over the collection,
access, use, communication, manipulation,
Lesson 6
Lesson 7
Lesson 8
Lesson 9
storage, linkage, and disposition of data
Lesson 10

about himself or herself.

Lesson 11
Lesson 12
Lesson 13
Lesson 14
Lesson 15
2. Principle of Openness
• The control measures of particular data
should be disclosed to the concerned
individual in an appropriate and timely
fashion.

3. Principle of Security
• Legitimately collected data should be
protected through all appropriate
measures against access, use,
modification or communication,
manipulation, linkage, loss,
degradation, and unauthorized
destruction.
 4. Principle of Access
Authorized individuals should be given
Emilaccess
Gatus to electronic health records and
also have the right to correct the data with
Student
Number
respect
Name
Lesson 1 of to their completeness, accuracy,
School
1.1 Definition of
and relevance.
Vision, Mission, Goals
and Objectives
1.2 Comparison of
Vision and Mission
1.3 Purpose and

5. Principle of Legitimate Infringement

Inclusion of Vision
and Mission
Lesson 2
The right to privacy and control over
Lesson 3
Lesson 4

personal data should be conditioned by

Lesson 5
Lesson 6
Lesson 7
the appropriate, legitimate, and relevant
Lesson 8
Lesson 9

data-requirement of a democratic society

Lesson 10
Lesson 11
Lesson 12

and by the equal rights of others.

Lesson 13
Lesson 14
Lesson 15
4. Principle of the Least Intrusive
Alternative
Any infringement of privacy rights
should occur in the least intrusive
manner and with the least amount of
interference with the rights of the
affected parties.

5. Principle of Accountability
Any infringement must be justified to the
concerned individuals in a timely and
appropriate fashion.
 Software Ethics
Health informatics ethics relies on the use of the software to
store and process information. It follows that the activities carried
out by the developers might affect the end-users. Therefore
software
Emil Gatus developers have the ethical duties and responsibilities
toStudent
the stakeholders (society, institution and employees, and the
Number
profession).
Name
Lesson 1 of
School
• They should execute all system activities with the best interest
1.1 Definition of
Vision, Mission, Goals
of the society in mind.
and Objectives
1.2 Comparison of
Vision and Mission
• They should disclose any threats or known defects in the
1.3 Purpose and
Inclusion of Vision
software.
and Mission
Lesson 2
Lesson 3
• They should ensure that completed activities serve the best
Lesson 4
Lesson 5
interests of the institution and its employees.
Lesson 6
Lesson 7
Lesson 8
• They should be straightforward about their personal limitations
Lesson 9
Lesson 10
and qualifications.
Lesson 11
Lesson 12
Lesson 13
• They must build products that meet the professional standards
Lesson 14
Lesson 15
 PRIVACY, CONFIDENTIALITY AND SECURITY
• Privacy generally applies to individuals and
their
Emil Gatusaversion to eavesdropping.
For
Studentexample, someone who is spying on a
• Number
certain
Name
Lesson 1 of person to find out about his or her
School
1.1 Definition of
visit to an acquired immunodeficiency
Vision, Mission, Goals
and Objectives

syndrome (AIDS) clinic is a violation of that

1.2 Comparison of
Vision and Mission
1.3 Purpose and
person’s privacy.
Inclusion of Vision
and Mission
Lesson 2
• Confidentiality is more closely related to
Lesson 3
Lesson 4

unintended disclosure of information. E.g. If

Lesson 5
Lesson 6
Lesson 7
someone breaks into the clinic to view an
Lesson 8
Lesson 9

individual’s patient record, that act is in

Lesson 10
Lesson 11
Lesson 12
violation of confidentiality.
Lesson 13
Lesson 14
Lesson 15
PRIVACY, CONFIDENTIALITY AND SECURITY
• Reasons to protect privacy and confidentiality.
1. Privacy and confidentiality are widely regarded as
Emil Gatus
universal rights which merit respect without the need
Student
to be earned, argued, or defended.
Number
Name
Lesson 1 of
School
1.1 Definition of
Vision, Mission, Goals
2. Protection of these rights is ultimately advantageous
and Objectives
1.2 Comparison of
for both individuals and society.
Vision and Mission
1.3 Purpose and
• Patients are more likely to be comfortable to share
Inclusion of Vision
and Mission
sensitive health care data when they believe this
Lesson 2
Lesson 3
Lesson 4
information would not be shared inappropriately.
Lesson 5
Lesson 6
• This kind of trust essentially establishes a successful
Lesson 7
Lesson 8
physician-patient or nurse-patient relationship, and
Lesson 9
Lesson 10
enables the practitioners to perform their jobs better.
Lesson 11
Lesson 12
Lesson 13
Lesson 14
Lesson 15
 Protection of Establishes Disclosure of
Emil Gatusand
privacy successful patient- sensitive
Student
confidentiality
Number
HCP relationship information
Name
Lesson 1 of
School
1.1 Definition of
Vision, Mission, Goals
and Objectives
1.2 Comparison of
Vision and Mission
1.3 Purpose and
Inclusion of Vision
and Mission Informed decision
Lesson 2 Protection of
Lesson 3
Lesson 4
public health
Lesson 5
Lesson 6
Lesson 7
Lesson 8
Lesson 9
Improved clinical
Lesson 10 outcome
Lesson 11
Lesson 12
Lesson 13
Lesson 14
Lesson 15
 3. The protection of privacy and confidentiality
benefits public health. When people are not afraid to
disclose personal information, they are more inclined
to seek out professional assistance which helps in
diminishing the risk of increasing untreated illnesses
Emil Gatus
and spreading infectious diseases.
Student
Number
Name
When of
patients trust medical professionals and
1.1health information technology enough to disclose
Lesson 1
School
Definition of
their health information, the latter will have a more
Vision, Mission, Goals
and Objectives
1.2holistic
Comparison of view of patients’ overall health and both
1.3health
Purpose and care professional and patient can formulate
Vision and Mission

more
Inclusion informed decisions.
of Vision
and Mission
Lesson 2

Breaches of privacy and confidentiality may cause

Lesson 3
Lesson 4
serious reputational and financial harm, or personal
Lesson 5
Lesson 6
harm to patients.
Lesson 7
Lesson 8
Lesson 9
Poor privacy and security practices heighten the
Lesson 10

vulnerability of patient information and increase the

Lesson 11
Lesson 12
risk of successful cyber-attacks (USA Department of
Lesson 13
Lesson 14
Health and Human Services, 2015).
Lesson 15
 The obligation to protect privacy and to
keep
Emil Gatus health information confidential fall

on the following:
Student
Number

system
• Name
Lesson 1 of
School designers
1.1 Definition of
Vision, Mission, Goals
• maintenance personnel
and Objectives
1.2 Comparison of

• administrators
Vision and Mission
1.3 Purpose and
Inclusion of Vision

• physicians
and Mission
Lesson 2
Lesson 3
Lesson 4

• nurses
Lesson 5
Lesson 6
Lesson 7
• other frontline users of the information
Lesson 8
Lesson 9
Lesson 10
Lesson 11
Lesson 12
Lesson 13
Lesson 14
Lesson 15
Levels of Security in the Hospital Information System
• Safeguards are the solutions and tools which may be
utilized to implement security policies at different
levels of health organization.
• May be prescribed or restricted by law
Emil Gatus
• Cost-benefit principle. If it is not cost effective for
Student
Number the institution to avail of an expensive technology
1 toofmitigate a risk to electronic health information,
Name
Lesson
Schoolan
1.1 Definition of
Vision, Mission, alternative is to require the staff to follow a new
Goals
administrative procedure that equally reduces
and Objectives
1.2 Comparison of
that risk. Conversely, if they cannot afford to place
Vision and Mission

Inclusion ofadditional burden on the staff due to possibilities of

1.3 Purpose and
Vision
and Missionhuman error, they may choose to purchase a
Lesson 2
Lesson 3
Lesson 4
technology that automates the procedure in order
Lesson 5 to minimize the risk.
Lesson 6
Lesson 7
Lesson 8
• Monitor its effectiveness and regularly assess the
Lesson 9 health IT environment to determine if new risks are

Lesson 11 present.
Lesson 10

Lesson 12
Lesson 13
Lesson 14
Lesson 15
 Table 14.1 Examples of Administrative, Physical, and Technical Safeguards
• Regular risk assessment of the health IT
environment
Emil Gatus
Student • Continuous assessment of the effectiveness
Number of safeguards for employed for electronic
Name of
Lesson 1
School
1.1 Definition of health information
Vision, Mission, Goals
and Objectives
1.2 Comparison of
• Provide detailed processes and procedure
Vision and Mission
Administrative
1.3 Purpose and
for viewing and administering electronic
Inclusion of Vision
Safeguards
and Mission health information
Lesson 2
Lesson 3
Lesson 4
• Training for the users of health IT to
Lesson 5
Lesson 6
appropriately protect electronic health
Lesson 7
Lesson 8 information
Lesson 9
Lesson 10 • Prompt reporting of security breaches (e.g.,
Lesson 11
Lesson 12
Lesson 13
to those entities required by law or contract)
Lesson 14
Lesson 15
and ensure continued health IT operations
 • Place office alarm systems
• Lock offices and areas that contains computing
Physical equipment that store electronic health
Safeguards information
• Have security guards that makes regular rounds
in the vicinity

• Configure computing equipment to ensure

security (e.g. virus checking, firewalls)
• Use certified applications and technologies that
store or exchange electronic health information
• Set up access controls to health IT and electronic
Technical health information (e.g., authorized computer
Safeguards accounts)
• Encrypt the electronic health information
• Regular audit of the health IT operations
• Have backup capabilities (e.g., regular backups
of electronic health information to another
computer file server)
 Five key functions of security tools acc. to
The National Research Council (1997)
1. Availability – ensuring that accurate
and up-to-date information is available when
Emil Gatus
Student
needed
Number at appropriate places
Name of
School2. Accountability – helping to ensure that
Lesson 1
1.1 Definition of
Vision, Mission, Goals
health care providers are responsible for their
and Objectives
1.2 Comparison of

access to and use of information, based on a

Vision and Mission
1.3 Purpose and
Inclusion of Vision
legitimate need and right to know
and Mission
Lesson 2
Lesson 3
Lesson 4
Lesson 5
3. Perimeter identification – knowing and
controlling the boundaries of trusted access to
Lesson 6
Lesson 7
Lesson 8
the information system, both physically and
Lesson 9
Lesson 10

logically
Lesson 11
Lesson 12
Lesson 13
Lesson 14
Lesson 15
 4. Controlling access – enabling
access for health care providers only to
information essential to the performance
of their jobs and limiting the real or
perceived temptation to access
information beyond a legitimate need
5. Comprehensibility and control –
ensuring that record owners, data
stewards, and patients understand and
have effective control over appropriate
aspects of information privacy and access
Levels of Security in the Laboratory Information System
Table 14.2: Key Steps in Laboratory Information Flow for a
hospital patient
STEP DESCRIPTION

Emil Gatus The patient record (e.g. ID Number, name, sex,

Student
Number age, location) must be created in the LIS prior to
Name
Lesson 1 of
Register
School
1.1 Definition ofPatient the test(s).The LIS usually receives these data
Vision, Mission, Goals
and Objectives
1.2 Comparison of
automatically from the hospital registration system
Vision and Mission
1.3 Purpose and when a patient was admitted.
Inclusion of Vision
and Mission
Lesson 2 The attending physician orders the tests for the
Lesson 3
Lesson 4
Lesson 5 patient and the procedure is requested as part of
Lesson 6
Order Tests
Lesson 7
Lesson 8
the laboratory’s morning blood collection rounds.
Lesson 9
Lesson 10 These orders are entered into the CIS and
Lesson 11
Lesson 12
Lesson 13 electronically it is sent to the LIS.
Lesson 14
Lesson 15
 STEP DESCRIPTION

The LIS prints a list of all patients who have to be drawn which
also includes the appropriate number of sample bar-code labels
for each patient order.
Emil Gatus
Student Each barcode contains the patient ID, sample contained, and
Number laboratory workstation which is used to sort the tube once it
Collect
Name
Lesson 1 of
Sample School
1.1 Definition of reaches the laboratory.
Vision, Mission, Goals
and Objectives
1.2 Comparison of
Vision and Mission
An increasingly popular approach is for caregivers or nurses to
1.3 Purpose and
Inclusion of Vision collect the blood sample. Sample barcode labels can be printed
and Mission
Lesson 2
Lesson 3 (on demand) at the nursing station on an LIS printer or portable
Lesson 4
Lesson 5 bedside printer prior to collection.
Lesson 6
Lesson 7 Once the sample arrives in the laboratory, the status is updated
Lesson 8
Lesson 9
Lesson 10 in the LIS from “collected” to “received.” This is done by scanning
Receive
Lesson 11
Lesson 12 each sample container’s barcode ID into the LIS. Once the status
Sample
Lesson 13
Lesson 14
Lesson 15
becomes “received” the LIS then transmits the test order to the
analyser who will perform the required test.
 The sample is loaded to the analyser, and the bar code is then
read. No work list is needed because the analyser knows what
test to perform from the order provided by the LIS. However,
Run Sample when tests are performed manually, the technologist prints a
work list from the LIS. The work list should contain the names of
the patients and the tests ordered on each and next to each
test is a space to record the result.
The analyser then produces the results and sends the same to the
LIS. The result is only viewable to the assigned technologists until it
Review is released for general viewing. The LIS can also be programmed
Results to flag certain results—for example, critical values—so the
technologist can easily identify what needs to be repeated or
further evaluated.
STEP DESCRIPTION
The technologist is responsible for the release of the results.
Emil Gatus Unflagged results are reviewed and released at the same time.
Student
Number The LIS can be programmed to automatically review and release
Release
Name
Lesson 1 of
School
1.1 Definition of normal results or results that fall within a certain range. This
Results
Vision, Mission, Goals
and Objectives approach reduces the number of tests that a technologist has to
1.2 Comparison of
Vision and Mission
1.3 Purpose and review. The results are automatically transmitted to the CIS upon
Inclusion of Vision
and Mission
Lesson 2
release.
Lesson 3
Report
Lesson 4 The physician can now view the results on the CIS screen. Reports
Lesson 5
Results
Lesson 6 can be printed when needed.
Lesson 7
Lesson 8
Lesson 9
Lesson 10
Lesson 11
Lesson 12
Lesson 13
Lesson 14
Lesson 15
 Principles regarding administrative, technological, and physical
safeguards as appliedto the Laboratory Information System

• Continuous training for the users of the LIS

Emil Gatus
Student
• Periodic review of standards used to identify
Number results that should be flagged
Name of
Lesson 1
School
1.1 Definition of
• Review and strengthen the authorization
Vision, Mission, Goals
and Objectives and supervision policies
1.2 Comparison of
Vision and Mission • Strict implementation of the rules and
Administrative
regulations for the testing procedures
1.3 Purpose and
Inclusion of Vision
Safeguards
and Mission
Lesson 2
• Release and disseminate guidelines on the
Lesson 3
Lesson 4
Lesson 5 proper disposal of laboratory specimen
Lesson 6
Lesson 7 • Enforce strict policies on the proper use of
Lesson 8
Lesson 9 laboratory workstations
Lesson 10
Lesson 11
Lesson 12
• Impose appropriate disciplinary measures as
Lesson 13
Lesson 14
needed
Lesson 15
 • Ensuring the periodic maintenance of
laboratory equipment
• Having Biometrics or other security
measures for laboratory access
• Maintenance of controlled
Physical
temperature both for equipment and
Safeguards specimen
• Presence of a contingency
operations plan
• Use appropriate personal laboratory
safety equipment
 Principles regarding administrative, technological, and physical safeguards as
appliedto the Laboratory Information System

• Presence of an Automated identity

Emil Gatus
Student confirmation procedures for users
Number
Name of
Lesson 1
requesting access
School
• Regular updating of passwords
1.1 Definition of

Technical
Vision, Mission, Goals
and Objectives
• Requiring different authorizations
1.2 Comparison of
Vision and Mission
Safeguards
1.3 Purpose and
based on user level
Inclusion of Vision
and Mission
Lesson 2
Lesson 3 • Capacity of the unit to automatically
Lesson 4
Lesson 5
Lesson 6
log-off after a specified period of
Lesson 7
Lesson 8 inactivity
Lesson 9
Lesson 10
Lesson 11
Lesson 12
Lesson 13
Lesson 14
Lesson 15
 Philippine Data Privacy Act of 2012
(Republic Act. No. 10173)
Business process management, particularly involving
health information technology, is an increasingly
growing
Emil Gatus industry within the Philippine economy.
Student
With
Number total IT expenditure reaching $4.4 billion in 2016,
Name of
the
Lesson 1 industry
School
1.1 Definition of
is forecasted to go beyond doubling itself
byMission,
Vision, 2020.
Goals In addition, Filipinos utilize social media
1.2heavily,
Comparison of with a whopping 3.5 million users on LinkedIn,
and Objectives

13 million on Twitter, and 42.1 million on Facebook

Vision and Mission
1.3 Purpose and
(Wall,
Inclusion 2017).
of Vision
and Mission
Lesson 2
Given the rapid evolution of the digital economy
Lesson 3
Lesson 4
and heightened international data trading, the
Lesson 5

Philippines has decided to strengthen its privacy and

Lesson 6
Lesson 7
security protection by passing the Data Privacy Act of
Lesson 8
Lesson 9
2012, with an aim “to protect the fundamental human
Lesson 10

right of privacy of communication while ensuring free

Lesson 11
Lesson 12
flow of information to promote innovation and growth”
Lesson 13
Lesson 14
(Republic Act. No. 10173, Ch. 1, Sec. 2).
Lesson 15
Philippine Data Privacy Act of 2012
(Republic Act. No. 10173)
AN ACT PROTECTING INDIVIDUAL PERSONAL
INFORMATION IN INFORMATION AND
COMMUNICATIONS
Emil Gatus SYSTEMS IN THE
Student
GOVERNMENT
Number
AND THE PRIVATE SECTOR,
CREATING
Name of FOR THIS PURPOSE A NATIONAL
PRIVACY
Lesson 1
School
1.1 Definition of COMMISSION, AND FOR OTHER
PURPOSES
Vision, Mission, Goals
and Objectives
1.2 Comparison of
The act applies to individuals and legal entities
Vision and Mission
1.3 Purpose and
that are in the business of processing personal
Inclusion of Vision

information. The law applies extraterritorially,

and Mission
Lesson 2

applying both to companies with offices in the

Lesson 3
Lesson 4
Philippines and even those located outside that
Lesson 5
Lesson 6
use equipment based in the Philippines. It covers
Lesson 7

personal
Lesson 8
Lesson 9 information of Filipino citizens
regardless of the place of residence. The main
Lesson 10
Lesson 11
principles that govern the approach for this Act
Lesson 12

include transparency, legitimacy of purpose,

Lesson 13
Lesson 14
and proportionality.
Lesson 15
• Furthermore, in the Data Privacy Act, consent is one
of the major elements highly valued. The act provides
that
Emil Gatus consent must be documented and given prior to
the
Student collection of all forms of personal data; and the
Number
Lesson
collection
Name
1 of must be declared, specified, and used for a
legitimate
School
1.1 Definition of
Vision, Mission, Goals
purpose.
and Objectives
1.2 Comparison of

In addition, the subject must be notified about the

Vision and Mission
•
1.3 Purpose and
Inclusion of Vision
purpose and extent of data processing, with details
and Mission
Lesson 2
specifying the need for automated processing,
Lesson 3
Lesson 4

profiling, direct marketing, or sharing. These factors

Lesson 5
Lesson 6
Lesson 7
ensure that consent is freely given, specific, and
Lesson 8
Lesson 9
informed.
Lesson 10
Lesson 11
Lesson 12
Lesson 13
Lesson 14
Lesson 15
However, an exception to the
requirement of consent is allowed in
cases of contractual agreements
where processing is essential to
pursue the legitimate interests of the
parties, except when overridden by
fundamental rights and freedom.
Such is also the case in responding to
national emergencies.
 Processing of sensitive and personal information is
also forbidden, except in particular circumstances
enumerated below. The Data Privacy Act describes
sensitive
Emil Gatus personal information as those being:
Student
Number• About an individual’s race, ethnic origin, marital
Name
Lesson 1 of status, age, color, and religious, philosophical or
School
1.1 Definition of
Vision, Mission, Goals
political affiliations;
1.2 Comparison• of About an individual’s health, education,
and Objectives

Vision and Mission genetic or sexual life of a person, or to any

proceeding or any offense committed or

1.3 Purpose and
Inclusion of Vision
and Mission
Lesson 2 alleged to have committed;
Lesson 3
Lesson 4 • Issued by government agencies “peculiar”
(unique) to an individual, such as social security
Lesson 5
Lesson 6
Lesson 7
Lesson 8 number;
Lesson 9
Lesson 10 • Marked as classified by executive order or act
Lesson 11
Lesson 12
of Congress.
Lesson 13
Lesson 14
Lesson 15
 The exceptions are:
• Consent of the data subject;
• Pursuant to law that does not require
consent;
Emil Gatus
Student
• Necessity to protect life and health of a
Number
Nameperson;
Lesson 1 of
School
1.1 Definition of
• Necessity for medical treatment;
Vision, Mission, Goals
and Objectives
• Necessity to protect the lawful rights of
1.2 Comparison of
Vision and Mission
data subjects in court proceedings, legal
1.3 Purpose and

proceedings, or regulation.
Inclusion of Vision
and Mission
Lesson 2
The provisions of the law necessitate
Lesson 3
Lesson 4
covered entities to create privacy and
Lesson 5

security programs to improve the collection of

Lesson 6
Lesson 7
data, limit processing to legitimate purposes,
Lesson 8
Lesson 9
manage access, and implement data
Lesson 10

retention procedures.
Lesson 11
Lesson 12
Lesson 13
Lesson 14
Lesson 15
Penalties
The act provides for different penalties for varying
violations, majority of which include imprisonment. These
violations include:
Emil •Gatus Unauthorized processing
• Processing for unauthorized purposes
Student
• Negligent access
Number
Name of
• ofImproper disposal
Lesson 1
School
1.1 Definition

• Unauthorized access or intentional breach

Vision, Mission, Goals
and Objectives

Concealment of breach involving sensitive

Vision and•Mission
1.2 Comparison of

1.3 Purpose and personal information

Inclusion of Vision
Lesson 2 •
and Mission Unauthorized disclosure; and
Lesson 4 •
Lesson 3
Malicious disclosure.
Lesson 6Any combination or series of acts enumerated above
Lesson 5

shall
Lesson 7
Lesson 8 make the person subject to imprisonment ranging
from
Lesson 9 three (3) years to six (6) years, and a fine of not less
than One million pesos (Php1,000,000.00) but not more
Lesson 10
Lesson 11
than
Lesson 12
Lesson 13 Five million pesos (Php5,000,000.00) (Republic Act.
No.14 10173, Ch. 8, Sec. 33).
Lesson
Lesson 15
 KEY POINTS TO REMEMBER:
✓ Health informatics ethics is the application of the principles of
ethics to the domain of health informatics. There are three
Emil Gatus
Student
main aspects of health informatics ethics: general ethics,
Number
informatics ethics, and software ethics.
Name
Lesson 1 of
School
1.1 Definition of
✓ General ethics covers autonomy, beneficence, and non-
Vision, Mission, Goals
maleficence.
and Objectives
1.2 Comparison of
Vision and Mission
1.3 Purpose and
✓ Informatics refers to privacy, openness, security, access,
Inclusion of Vision
infringement, least intrusion and accountability.
and Mission
Lesson 2
Lesson 3
Lesson 4
✓ Software developers should consider the best interest of the
Lesson 5
Lesson 6
Lesson 7
society in general, the institution and its employees, and the
Lesson 8profession.
Lesson 9
Lesson 10
✓ Administrative, physical, and technical safeguards are
Lesson 11
Lesson 12
placed to regularly monitor effectiveness and assess the
Lesson 13
health IT environment.
Lesson 14
Lesson 15