Ethics, Privacy & Security

avatar
Created by
lou nah

Cards (50)

  • The collection, storage, access, use, communication, manipulation, linkage and disposition of personal data may be legitimately infringed upon only in accordance with applicable law, regulation, policy, procedure, contract, agreement or other legally binding instrument.
  • Principle of Least Intrusive Alternatives
    The collection, storage, access, use, communication, manipulation, linkage and disposition of personal data should be the least intrusive alternatives possible.
  • Any combination or series of acts enumerated above shall make the person subject to imprisonment ranging from three (3) years to six (6) years, and a fine of not less than One million pesos (Php1,000,000.00) but not more than Five million pesos (Php5,000,000.00) (Republic Act No. 10173, Ch. 8, Sec. 33).
  • Principle of Accountability
    All persons and groups of persons have a responsibility to comply with the principles of information privacy and disposition, openness, security, access, legitimate infringement, least intrusive alternatives, and accountability.
  • Access controls to health IT and electronic health information include authorized computer accounts, encryption of electronic health information, auditing of health IT operations, health IT backup capabilities, and perimeter identification.
  • Steps in a laboratory information system (LIS) include registering a patient, ordering tests, collecting a sample, receiving a sample, running a sample, reviewing results, releasing results, and reporting results.
  • Administrative safeguards for the LIS include continuous employee training, periodic review of standards in identifying which results should be flagged, strengthening laboratory authorization and supervision policies, implementing strict rules and regulations regarding the testing procedures, and releasing guidelines on proper disposal of laboratory specimen.
  • The National Research Council (1997) emphasizes that technological security tools are essential components of modern distributed health care information systems, serving five key functions: availability, accountability, perimeter identification, controlling access, and comprehensibility and control.
  • Regardless of the type of safeguard your practice chooses to implement, it is important to monitor its effectiveness and regularly assess your health IT environment to determine if new risks are present.
  • Developers should be mindful of social impacts of software systems.
  • Technical Safeguards include securely configured computing equipment (e.g., virus, checking, firewalls), and certified applications and technologies that store or exchange electronic health information.
  • Health informatics ethics heavily relies on use of software to store and process information.
  • Any infringement of the privacy rights of a person or group of persons, and of their right of control over data about them, may only occur in the least intrusive fashion and with a minimum of interference with the rights of the affected parties.
  • There are numerous significant reasons to protect privacy and confidentiality.
  • Physical Safeguards include office alarm systems, locked offices containing computing equipment that store electronic health information, security guards, and access control systems.
  • Privacy and confidentiality are widely regarded as rights of all people which merits respect without need to be earned, argued, or defended.
  • It is important to note that the types of safeguards you choose may be prescribed or restricted by law.
  • The software developer has ethical duties and responsibilities to the following stakeholders: society, institution and employees, and the profession.
  • Any infringement of the privacy rights of a person or group of persons, and of the right to control over data about them, must be justified to the latter in good time and in an appropriate fashion.
  • The fundamental right of privacy and of control over the collection, storage, access, use, manipulation, linkage, communication and disposition of personal data is conditioned only by the legitimate, appropriate and relevant data-needs of a free, responsible and democratic society, and by the equal and competing rights of others.
  • Another important consideration is the cost-benefit principle.
  • Developers should disclose any threats or known defects in software.
  • If you cannot afford to place additional burden on your staff due to possibilities of human error, you may choose to purchase a technology that automates the procedure in order to minimize the risk.
  • Protection of privacy and confidentiality is ultimately advantageous for both individuals and society.
  • When people are not afraid to disclose personal information, they are more inclined to seek out professional assistance, and it will diminish the risk of increasing untreated illnesses and spreading infectious diseases.
  • Activities carried out by software developers might significantly affect end-users.
  • Privacy and confidentiality protection also benefits public health.
  • If it is not cost effective for your practice to avail of an expensive technology to mitigate a risk to electronic health information, an alternative may be requiring your staff to follow a new administrative procedure that equally reduces that risk.
  • Administrative Safeguards include continual risk assessment of your health IT environment, continual assessment of the effectiveness of safeguards for electronic health information, detailed processes for viewing and administering electronic health information, employee training on the use of health IT to appropriately protect electronic health information, and appropriately reporting security breaches.
  • Privacy generally applies to individuals and their aversion to eavesdropping, whereas confidentiality is more closely related to unintended disclosure of information.
  • Patients are more likely to be comfortable to share sensitive health care data when they believe this information would not be shared inappropriately.
  • The act provides that consent must be documented and given prior to the collection of all forms of personal data, and the collection must be declared, specified, and for a legitimate purpose.
  • The subject must be notified about the purpose and extent of data processing, with details specifying the need for automated processing, profiling, direct marketing, or sharing.
  • The Data Privacy Act describes sensitive personal information as those being: About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations; About an individual’s health, education, genetic or sexual life of a person, or to any proceeding or any offense committed or alleged to have committed; Issued by government agencies “peculiar” (unique) to an individual, such as social security number; Marked as classified by executive order or act of Congress.
  • Consent is one of the major elements highly-valued by the Data Privacy Act.
  • Business Process Management, particularly involving Health Information Technology, is an increasingly growing industry within the Philippine economy.
  • Given the rapid evolution of the digital economy and heightened international data trading, the Philippines has decided to strengthen its privacy and security protection by passing the Data Privacy Act of 2012, with an aim “to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth.” (Republic Act No. 10173, Ch. 1, Sec. 2).
  • These factors ensure that consent is freely-given, specific, and informed.
  • Filipinos utilize social media heavily, with a whopping 3.5 Million users on LinkedIn, 13 Million on Twitter, and 42.1 on Facebook (Wall, 2017).
  • An exception to the requirement of consent is allowed in cases of contractual agreements where processing is essential to pursue the legitimate interests of the parties, except when overridden by fundamental rights and freedom.