LESSON 6: DATA PRIVACY ACT

DATA PRIVACY ACT OF 2012 (R.A. Sensitive Personal Information

10173) Information about an individual’s race,
religion, health, education, political
An act protecting individual personal affiliations, etc.
information in information and Processing
communication systems in the government Any operation performed on personal data
and the private sector, creating for this (collection, recording, storing, sharing, etc.).
purpose a national privacy commission, and Data
for other purposes. Subject
The individual whose personal data is
●​ Passed on June 6, 2012 processed.
●​ Approved into law last August 15, Personal Information Controller (PIC)
2012
The entity responsible for controlling and
●​ Approved by late President Benigno
managing personal data.
S. Aquino III
Personal Information Processor (PIP)
●​ Enacted into law
A person or organization processing data on
○​ Senator President
behalf of a PIC.
■​ Juan Ponce Enrile
○​ Speaker of the House of
Representatives Section 4 – Scope of the Law
■​ Feliciano Belmonte This law applies to all personal data
Jr. processing in the Philippines.
It also applies to foreign businesses if they:
CHAPTER I: GENERAL PROVISIONS ●​ Use data processing equipment in
the Philippines.
●​ Have business operations in the
Section 1 - Title
country.
This Act is called the "Data Privacy Act of
●​ Exceptions:
2012."
○​ Journalism
○​ Research
Section 2 – Declaration of Policy
○​ Government employee
The law protects the fundamental human
records
right of privacy of communication while
○​ National security data
ensuring the free flow of information to
promote innovation and growth.
Section 5 – Protection for Journalists
Journalists are not required to reveal their
Section 3 – Definition of Terms
news sources. This protects freedom of the
Commission
press under Republic Act No. 53. "Sotto
Refer to the National Privacy Commission law”
created by virtue of this Act.
Consent of the data subject Section 6 – Extraterritorial Application
Must freely and knowingly agree before The law applies even outside the
their personal information is collected and Philippines if:
used ●​ The data subject is a Filipino citizen.
Personal Information ●​ A company has a branch or office in
Any information that identifies an individual the Philippines.
(e.g., name, address, phone number).
 CHAPTER II: NATIONAL PRIVACY Section 13 – Sensitive and Privileged
COMMISSION (NPC) Information
Special protection for sensitive data like:
Section 7 – Functions of NPC ●​ Health records
The NPC ensures compliance, investigates ●​ Religious beliefs
complaints, and enforces data privacy laws. ●​ Government-issued IDs
Processing is only allowed if:
Section 8 - Confidentiality ●​ The data subject consents.
●​ A law requires it. (ex. medical
The NPC must keep all personal data it
records may be used for public
handles confidential.
emergencies like disease control)
●​ It is for medical treatment, national
Section 9 - Organizational Structure
security, or legal cases.
The NPC is part of the Department of
Information and Communications
Section 14: Subcontracting of Data
Technology (DICT), led by a Privacy
Processing
Commissioner and two deputies.
A company can hire a third party to process
personal data but is still responsible for its
Section 10 - The Secretariat
protection.
The NPC will have a Secretariat with The original company remains responsible
experts from agencies like SSS, BIR, and for:
PhilHealth. ●​ Data confidentiality.
●​ Security measures.
CHAPTER III: PROCESSING OF ●​ Legal compliance.
PERSONAL INFORMATION
Section 15 – Privileged Communication
Section 11 – General Data Privacy
Some data remains confidential by law,
Principles
such as:
Personal data processing must be ●​ Lawyer-client communication.
transparent, for a legitimate purpose, and ●​ Doctor-patient records.
proportional to its use.
CHAPTER IV: RIGHTS OF THE DATA
Organizations must follow these principles: SUBJECT
Transparency
Inform people about data collection. Section 16 – Rights of the Data Subject -
Legitimate Purpose The Data Subject is Entitled to:
Use data only for valid reasons. A.​ Be informed about the processing of
Proportionality their personal information.
Collect only what is necessary. B.​ Provide relevant information before
Security their data is entered into a
Protect and store data properly. processing system.
C.​ Reasonable access to their data,
upon demand.
Section 12 – Lawful Processing of D.​ Dispute the inaccuracy and request
Personal Information corrections, unless unreasonable.
Data processing is only allowed if: E.​ Suspend, withdraw or order the
●​ The person gives consent (e.g., blocking, removal or destruction of
agreeing to a privacy policy). his or her personal information.
●​ It is needed for a contract (e.g., F.​ Seek compensation for damages
employment agreement). caused by inaccurate, unauthorized,
●​ It complies with legal obligations or unlawful data use.
(e.g., government tax reporting)
Section 17 – Transmissibility of Rights of CHAPTER VII: SECURITY OF PERSONAL
the Data Subject SENSITIVE PERSONAL INFORMATION IN
Rights extend to lawful heirs or assigns after GOVERNMENT
the data subject’s death/incapacity.
Section 22 – Responsibility of Heads of
Section 18 – Right to Data Portability Agencies
Obtain an electronic copy of personal data Government agencies must secure
in a commonly used format for easy sensitive personal information using
transfer. industry-recognized standards. Agency
heads are responsible for compliance, while
Section 19 – Non-Applicability the commission monitors and recommends
Rights do not apply if data is used solely for necessary actions.
research, statistics, or legal investigations.
Section 23 – Requirements Relating to
CHAPTER V: SECURITY OF PERSONAL Access by Agency Personnel to
INFORMATION Sensitive Personal Information
A.​ On-site & Online Access
Section 20 – Security of Personal Employees need security clearance
Information to
A.​ Personal information controllers access sensitive data.
must implement organizational, B.​ Off-site Access
physical, and technical measures to Requires agency head approval
protect data. within two
B.​ Security policies must address data business days. If approved:
protection, risk assessment, and ●​ Access is limited to 1,000
incident response. records.
C.​ Confidentiality obligations continue ●​ Data must be encrypted per
even after employment ends. Commission standards.
·Regular monitoring and security ●​ Compliance is required within
policies are required to prevent six months of the law’s
breaches. enactment.
D.​ Prompt notification must be given to
authorities and affected individuals Section 24 - Applicability to Government
in case of a data breach. Contractors
Contracts involving access to 1000+ records
require contractors to register their data
CHAPTER VI: ACCOUNTABILITY FOR processing systems and comply with
TRANSFER OF PERSONAL security regulations.
INFORMATION
CHAPTER VIII: PENALTIES
Section 21 – Principle of Accountability
Each personal information controller is Section 25 - Unauthorized Processing of
responsible for personal information under Personal Information and Sensitive
its control or custody. Personal Information
A.​ Data controllers remain responsible A.​ Personal Information:
for the protection of personal
●​ Imprisonment: 1 to 3 years
information even when transferred to
●​ Fine: ₱500,000 to ₱2,000,000
third parties.
●​ Applies to individuals who process
B.​ Designated individuals must ensure
personal information without the
compliance with data privacy laws.
consent of the data subject or legal
authorization.
 B.​ Sensitive Personal Information: B.​ Sensitive Personal Information:
●​ Imprisonment: 3 to 6 years ●​ Imprisonment: 2 to 7 years
●​ Fine: ₱500,000 to ₱4,000,000 ●​ Fine: ₱500,000 to ₱2,000,000
●​ Applies to individuals processing ●​ Applies when sensitive personal
sensitive personal information data is processed for unauthorized
without consent or legal authority. purposes.

Section 26 - Accessing Personal Section 29 - Unauthorized Access or

Information and Sensitive Personal Intentional Breach
Information Due to Negligence Penalty:
A.​ Personal Information: ●​ Imprisonment: 1 to 3 years
●​ Imprisonment: 1 to 3 years ●​ Fine: ₱500,000 to ₱2,000,000
●​ Fine: ₱500,000 to ₱2,000,000 ●​ Applies to individuals who unlawfully
●​ Penalizes individuals who, due to break into systems containing
negligence, allow unauthorized personal or sensitive personal
access to personal data. information, violating data
B.​ Sensitive Personal Information: confidentiality and security
●​ Imprisonment: 3 to 6 years measures.
●​ Fine: ₱500,000 to ₱4,000,000
●​ Covers cases where negligence Section 30 - Concealment of Security
results in unauthorized access to Branches involving Sensitive Personal
sensitive personal data. Information
Penalty:
Section 27 - Improper Disposal of ●​ Imprisonment: 1 year and 6 months
Personal Information and Sensitive to 5 years
Personal Information ●​ Fine: ₱500,000 to ₱1,000,000
A.​ Personal Information: ●​ Imposed on individuals who, despite
●​ Imprisonment: 6 months to 2 years knowing about a security breach and
●​ Fine: ₱100,000 to ₱500,000 the obligation to notify authorities,
●​ Applies to individuals who intentionally or negligently conceal
improperly dispose of personal data the incident.
in public or unsecured locations.
Section 31 - Malicious Disclosure
B.​ Sensitive Personal Information: Sharing false private information to harm
●​ Imprisonment: 1 to 3 years someone.
●​ Fine: ₱100,000 to ₱1,000,000 Penalty:
●​ Covers cases where sensitive ●​ Imprisonment: 1 year and 6 months
personal data is discarded or to 5 years
abandoned in a way that exposes it ●​ Fine: not less than Php500,000.00
to unauthorized access. but not more than Php1,000,000.00

Section 28 - Processing of Personal Section 32 - Unauthorized Disclosure

Information and Sensitive Personal Sharing private information without
Information for Unauthorized Purposes permission.
A.​ Personal Information: Penalty:
●​ Imprisonment: 1 year and 6 months A.​ For Personal Information
to 5 years ●​ Name, address, phone number
●​ Fine: ₱500,000 to ₱1,000,000 ●​ 1 – 3 years in jail ₱500,000
●​ Imposed on individuals processing ●​ ₱1 million fine
personal data for purposes not
authorized by the data subject or by
law.
 B.​ For Sensitive Personal CHAPTER IX: MISCELLANOUS
Information PROVISIONS
●​ Medical records, financial details,
biometrics Section 38 - Interpretation
●​ 3 – 5 years in jail ₱500,000
Privacy rights should always be protected.
●​ ₱2 million fine

Section 39 - Implementing Rules and

Section 33 - Combination of Acts
Regulation
Committing multiple data privacy violations.
The National Privacy Commission creates
Penalty:
detailed guidelines.
●​ Imprisonment: 3 - 6 years
●​ Fine: ₱1 - ₱5 million fine
Section 40 - Reports & Awareness
The National Privacy Commission educates
Section 34 - Extent of Liability
the public and submit yearly reports.
Company bosses, public officials, and
foreign violators are fine.
Section 41 - Budget
The government funds the National Privacy
Section 35 - Large-Scale Violation
Commission. A ₱20 million budget is
Bigger punishments if 100+ people are allocated to them to investigate the data
affected. privacy complaints and raise awareness.

Section 36 - Public Officer Violations Section 42 - Transition Period

Government workers face double Businesses have one year to comply.
disqualification.
Penalty:
Section 43 - Separability Clause
●​ Banned from public service for twice If one part is invalid, the rest still applies.
the prison sentence.
●​ Disqualification from government
Section 44 - Repealing Clause
jobs.
Old laws that contradict this one are
removed.
Section 37 - Restitution
●​ Victims of data breach can demand
Section 45 - Effectivity Clause
compensation for damages.
The law started 15 days after publication.

Law Focus Weakness How it improved:

E-Commerce Act Promoted online Lacked strong data R.A. 10173 ensures that
of 2000 transactions and protection measures. companies must protect
(R.A. 8792) made electronic No penalties for data customer data and face
documents legally breaches. penalties for violations.
valid.

Civil Code of the Recognized privacy No specific guidelines R.A 10173 sets clear
Philippines as a personal right. on digital privacy or rules on how personal
(R.A 386) data protection. information should be
handled, stored, and
processed.

Anti-Wiretapping Prohibited Only covered voice R.A 10173 protects all

Law unauthorized conversations (not forms of personal data,
(R.A 4200, 1965) recording of private digital messages, including digital
conversations. emails, or online data) information.
 Human Security Allowed government Risked violating privacy R.A. 10173 balances
Act of 2007 surveillance for rights through security and privacy,
(R.A. 9372) security reasons surveillance and data ensuring surveillance
collection. follows strict legal
procedures.

LESSON 7: HOSPITAL INFORMATION SYSTEM

HOSPITAL INFORMATION SYSTEM medical and treatment history

collected by and for the clinicians in
●​ Encompass a wide range of a specific setting.
specialized systems designed to ●​ These are primarily used for
manage different aspects of hospital diagnosis and treatment within a
operations and patient care. single healthcare setting. They help
●​ Are comprehensive technology track data over time and improve
platforms designed to manage all healthcare quality but are not
aspects of a hospital's operations, designed for sharing outside the
including administrative, financial, practice.
and clinical functions. These
systems centralize patient data, Patient Management Software
streamline administrative tasks, and ●​ Automates administrative tasks like
improve care coordination by appointment scheduling and billing.
providing timely access to patient ●​ A digital tool designed to manage
health information. and streamline patient-related
administrative and clinical tasks.
TYPES OF HOSPITAL INFORMATION
SYSTEM Patient Registration
Capturing and storing patient demographic
Electronic Health Record (EHR) & and medical information.
Electronic Medical Record (EMR)
Digital versions of patient files, storing Appointment Scheduling
medical history, allergies, test results, and Automating the process of booking
medications. appointments and managing patient flow
Electronic Health Record (EHR)
●​ Are comprehensive digital Billing and Insurance Claims
repositories of a patient's health Handling financial transactions related to
information, documenting their patient care, including billing and insurance
entire healthcare journey across processing.
multiple providers.
●​ These are designed to be shared Master Patient Index (MPI)
among different healthcare settings, ●​ Ensures a single, accurate patient
such as laboratories record across facilities.
●​ and specialists, providing a broader ●​ A centralized database that contains
view of a patient's care. They unique identifiers and essential
facilitate communication between demographic and clinical information
providers and support better for all patients within a healthcare
decision-making. organization. It serves as a
repository to consolidate and link
Electronic Medical Record (EMR) patient data across multiple systems
●​ Are digital versions of the paper and facilities, ensuring accurate
charts used in clinician offices, patient identification and data
clinics, and hospitals. They contain integration.
 ●​ Used within a single healthcare
institution to manage patient data, Patient Portals
ensuring accurate identification and ●​ Are secure online platforms that
linkage of clinical information. provide patients with convenient,
●​ Key functions of an MPI includes : 24-hour access to their personal
health information. These portals
Patient Identification enable patients to view their medical
Assigning a unique identifier to each patient, history, test results, medications,
such as a medical record number (MRN), to and immunizations from anywhere
ensure accurate identification and data with an internet connection.
retrieval. ●​ Key functions: of Patient Portals
Access to Medical Records:
Data Integration Patients can view and download their
Aggregating patient data from various medical history and test results.
sources, including electronic health records Appointment Scheduling
(EHRs), laboratory systems, and radiology Patients can schedule, reschedule, or
systems, to provide a comprehensive view cancel appointments.
of a patient's medical history. Communication with Providers
Secure messaging allows patients to
Data Consistency communicate with their healthcare team.
Ensuring that patient data is consistent and Prescription Management
accurate across all systems, reducing errors Patients can request prescription refills and
and improving care coordination. view current medications.
Billing Information
Cross-Referencing
Patients can view and pay medical bills
Links patient records across different online.
systems to prevent duplication and ensure
data consistency.
Clinical Information Systems (CIS)
●​ Automate data collection from
Data Exchange
medical devices. are computerized
Facilitating the exchange of patient
platforms designed to collect, store,
information between different healthcare
manage, and provide access to
providers.
clinical data for healthcare providers.
●​ Improve patient safety by
Enterprise Master Patient Index (EMPI) automating tasks, reducing errors,
●​ Extends this concept by linking and enhancing clinical workflow
multiple MPIs across different efficiency. They also facilitate better
facilities or systems, maintaining communication among healthcare
consistent patient data providers and support
organization-wide. evidence-based care through
●​ The EMPI assigns a unique identifier decision support tools.
to each patient, ensuring that they ●​ Key functions: of Clinical Information
are represented only once across all System (CIS):
systems, which helps prevent
duplicate records and errors in Clinical Notes
patient identification. Detailed records of patient interactions and
●​ Use sophisticated algorithms to care plans.
match and merge patient records,
ensuring that patient data is Medication History
accurate and up-to-date.
Lists of current and past medications.
●​ More suitable for large healthcare
networks or organizations with
multiple facilities.
Laboratory Reports ●​ Improve patient safety by reducing
Results from lab tests. medication errors and enhancing
communication between
Images pharmacists and healthcare
Radiology images and other diagnostic providers.
visuals. ●​ Key functions: of Pharmacy
Information System (PIS):
Reports Prescription Management
Summaries of patient care and treatment Entering, modifying, reviewing, and
outcomes. monitoring prescription orders, including
checks for drug interactions and allergies.
Laboratory Information Systems (LIS)
Inventory Management
●​ Manages lab data, including test
orders and results. Tracking medication stock levels and
●​ Is a software application designed to automating reordering processes.
manage and process data from Clinical Screening
laboratory tests and medical Providing alerts for potential medication
procedures. It automates the issues and supporting patient education.
workflow of laboratories by handling
tasks Integration with Other Systems
●​ Enhance laboratory efficiency, Often integrating with Electronic Health
reduce errors, and improve patient Records (EHRs) and Computerized
care by providing timely and Physician Order Entry (CPOE) systems to
accurate test results. enhance patient safety and streamline
●​ Key functions of Laboratory workflows.
Information System (LIS):
Specimen Tracking Radiology Information Systems (RIS)
Managing the flow of specimens from ●​ Handles imaging data and
collection to testing. procedures.
●​ Is a specialized software designed to
Test Ordering and Result Reporting manage and optimize radiological
Automating data and workflows within healthcare
The process of ordering tests and reporting settings. It serves as the operational
results to healthcare providers. backbone of radiology departments,
coordinating various processes from
Data Management patient scheduling to billing and
Storing and managing patient demographic reporting.
information and test results. ●​ Integrates with other systems like
PACS and Hospital Information
Integration with Other Systems Systems (HIS) to enhance workflow
efficiency and patient care.
Interfacing with electronic health records
●​ Key functions: of Radiology
(EHRs) and other healthcare systems to
Information System (RIS):
ensure seamless data exchange.
Patient Management
Tracks patient workflow, integrating images
Pharmacy Information Systems (PIS)
and reports with Electronic Health Records
●​ Manages medication-related
(EHRs).
information.
●​ Is a digital platform designed to
Scheduling
manage the medication use process
within pharmacies. It records, Manages appointments for inpatients and
oversees, and stores patient-related outpatients, optimizing resource utilization.
information, facilitating tasks.
Patient Tracking Patient Engagement
Monitors patient radiology history from Encourages patients to actively manage
admission to discharge. their health.

Results Reporting Clinical Decision Support Systems

Generates reports for individual patients or (CDSS)
procedures. ●​ Provide healthcare professionals
with clinical decision-making
Image Tracking support.
Integrates with Picture Archiving and ●​ Are computerized tools designed to
Communication Systems (PACS) for digital assist healthcare providers in
image management. making informed clinical decisions.
These systems integrate medical
Billing knowledge with patient data to
Handles financial record-keeping and provide tailored recommendations,
automated claims. alerts, and reminders at the point of
care.
Remote Patient Monitoring (RPM) ●​ Enhance decision-making by
providing timely information,
●​ Enables remote monitoring of
reducing errors, and improving
patients using wearable devices.
patient outcomes. They include
●​ Is a technology-enabled service that
features like drug interaction alerts,
allows healthcare providers to
condition-specific order sets, and
monitor patients remotely, typically in
reminders for preventive care.
their homes or outside traditional
●​ Key functions of Clinical Decision
clinical settings. RPM involves the
Support System (CDSS):
use of digital devices such as
Knowledge Base
wearable sensors, blood pressure
monitors, and pulse oximeters to Contains medical guidelines, protocols, and
collect vital health data, which is clinical rules.
then transmitted to healthcare
providers for analysis and Patient Data Interface
intervention. Integrates with electronic health records
●​ Is particularly beneficial for (EHRs) to access patient information..
managing chronic conditions, post
hospitalization care, and reducing Inference Engine
healthcare costs by minimizing Analyzes patient data to generate
hospitalizations and emergency suggestions based on predefined
visits. algorithms.
●​ Key functions of Remote Patient
Monitoring (RPM): User Interface
Data Collection Presents recommendations and alerts to
Continuous monitoring of vital signs and healthcare providers in a user-friendly
health metrics. format.

Data Transmission Workforce Management Systems (WMS)

Secure transmission of patient data to ●​ Manage staffing and scheduling.
healthcare providers. ●​ Are digital platforms designed to
manage and optimize the
Clinical Decision Support operational aspects of healthcare
Enables timely interventions based on staffing.
real-time data analysis. ●​ Enhance operational efficiency,
improve employee satisfaction, and
support better patient care by
 ensuring that the right staff are Inventory Management
available at the right time. They Tracking stock levels and automating
often integrate with other hospital reordering processes.
systems, such as electronic health
records (EHRs) and billing software, Purchasing
to provide a comprehensive view of Handling purchase requests, quotations,
hospital operations. and orders.
●​ Key functions of Workforce
Management System (WMS): Supply Chain Management
Staff Scheduling
Coordinating with suppliers for timely
Creating and managing employee deliveries and negotiating favorable terms.
schedules efficiently.
Cost Control
Time and Attendance Tracking
Managing material costs while maintaining
Monitoring employee work hours and quality patient care.
attendance.
Quality Assurance
Leave Management
Ensuring that materials meet quality
Handling vacation requests and ensuring standards.
adequate staffing.
Financial Management Systems (FMS)
Payroll Integration
●​ Manage billing, insurance claims,
Automating payroll processes to reduce and financial reporting.
errors. ●​ Are comprehensive platforms
designed to manage the financial
Compliance Management operations of healthcare
Ensuring adherence to labor laws and union organizations.
regulations. ●​ Key functions of Financial
Management Systems (FMS):
Performance Monitoring Revenue Cycle Management
Analyzing employee productivity and Tracking patient payments from registration
performance metrics. to final reimbursement, including biling,
coding, and claims processing.
Materials Management Systems (MMS)
●​ Handle inventory and supply chain Budgeting and Forecasting
management. Developing financial plans and predicting
●​ Are designed to manage the flow of future financial conditions to ensure
materials and supplies within resource allocation.
healthcare facilities. These systems
automate tasks such as purchasing, Cost Control
inventory management, and supply Analyzing and managing operational
distribution to ensure that necessary expenses to optimize resource use without
items are available when needed. compromising patient care.
●​ Often utilize Materials Management
Information Systems (MMIS), which Financial Reporting
provide a centralized platform for
Generating timely and accurate financial
managing these processes,
reports to inform decision-making and
enhancing efficiency and reducing
ensure compliance.
costs.
●​ Key functions of Material
Management Systems (MMS):
Compliance Management Misuse of Devices:
Ensuring adherence to financial regulations Creating, selling, or possessing devices or
and standards, such as HIPAA and software primarily designed for committing
Medicare requirements. cyber crimes
Cybersquatting:
Registering domain names in bad faith.
CYBERCRIME PREVENTION ACT OF
2012 (REPUBLIC ACT NO. 10175) Computer-related Offenses
Computer-related Forgery:
Objectives of R.A. 10175 Creating inauthentic computer data with
RA 10175, also known as the Cybercrime fraudulent intent.
Prevention Act of 2012, has several primary Computer-related Fraud:
objectives. Firstly, it aims to define various
Unauthorized access or alteration of
cybercrimes, providing a legal framework for
computer data with fraudulent intent.
prosecuting offenders. Secondly, it
Computer-related Identity Theft:
establishes mechanisms for preventing,
Unauthorized acquisition, use, or misuse of
investigating, and suppressing these
someone's identifying information.
crimes. Thirdly, it outlines the penalties for
those found guilty of violating the Act.
Finally, it emphasizes international Context-related Offenses
cooperation to combat transnational Cybersex:
cybercrime, recognizing that this is a global Willful engagement in lascivious exhibitions
challenge. of sexual organs or sexual activity online.
Child Pornography:
Context of R.A. 10175 Acts defined and punishable under RA 9775
The rapid expansion of internet access and (Anti-Child Pornography Act of 2009), with
the increasing reliance on technology in the penalties increased by one degree if
Philippines necessitated a comprehensive committed through a computer system.
legal framework to address cybercrime. RA Unsolicited Commercial
10175 aims to provide this framework by Communications (Spam):
defining various cybercrimes, establishing Sending unsolicited commercial electronic
mechanisms for prevention and communications without prior consent.
investigation, and outlining penalties for Online Libel:
offenders. It acknowledges the transnational Committing libel through a computer
nature of cybercrime, emphasizing the need system.
for international cooperation.
Enforcement and Jurisdiction
Offenses Against Confidentiality, Law Enforcement Agencies:
Integrity, and Availability
NBI and PNP are primarily responsible, with
Illegal Access: specialized cybercrime units.
Unauthorized access to computer systems. Cybercrime Investigation and
Illegal Interception: Coordinating Center (CICC):
Unauthorized interception of computer data Coordinates efforts between agencies.
transmissions Jurisdiction:
Data Interference: Regional Trial Courts have jurisdiction, with
Intentionally damaging or altering computer designated special cybercrime courts.
data. Jurisdiction extends to offenses committed
System Interference: by Filipinos abroad if any element of the
Disrupting the functioning of a computer crime occurred in the Philippines.
system or network
 Debate and Criticisms OBJECTIVES OF CIS
While the Act is crucial for cybersecurity, it
has faced significant criticism. The most ●​ Enhance patient care, streamline
prominent concern revolves around the operational efficiency, bolster data
provisions on online libel, which some argue security and privacy, and ensure full
stifle freedom of expression. Concerns have compliance with all relevant
also been raised about the potential for regulations.
misuse of power by law enforcement and ●​ This follows a thorough assessment
the need for greater transparency in the of our current systems, a meticulous
CICC's operations. The constantly evolving selection process for new
nature of technology also presents technologies, a detailed
challenges in keeping the law updated and implementation strategy, and a
effective. robust ongoing maintenance and
support program.
Impact and Recommendations ●​ The ultimate goal is a modernized,
The Cybercrime Prevention Act has had a secure, and user-friendly CIS that
significant impact on the Philippines' digital optimizes healthcare delivery and
landscape. It has increased awareness of improves outcomes for our patients.
cybercrime and has provided a legal basis
for prosecuting offenders. However, its OVERVIEW OF CIS
effectiveness remains a subject of debate.
To improve the Act, we need: Clinical Decision Support
●​ Clearer guidelines on freedom of This provides users with the tools to
expression. acquire, manipulate, apply and display
●​ Enhanced training for law appropriate information to aid in the making
enforcement on cybercrime of correct, timely and evidence-based
investigation. clinical decisions.
●​ Increased transparency and
accountability in the CICC. Electronic Medical Record (EMR)
●​ Regular review and updates to keep This contains information about the patient,
pace with technological from their personal details, such as their
advancements. name, age, address and sex to details of
every aspect of care given by the hospital
CLINICAL INFORMATION SYSTEM (from routine visits to major operations .

●​ An array or collection of applications BENEFITS OF CIS

and functionality; amalgamation of
systems, medical equipment, and ●​ Ease of obtaining patient data at the
technologies working together that point of care.
are committed or dedicated to ●​ Ability to search patient data easily.
collecting, storing, and manipulating ●​ There is no concern with legibility of
healthcare data and information and charting.
providing secure access to ●​ Ability to analyze data easily.
interdisciplinary clinicians navigating ●​ Enhanced patient safety
the continuum of client care.
●​ Designed to collect patient data in KEY PLAYERS TO A CIS
real time to enhance care by
providing data at the clinician's ●​ Nurse
fingertips and enabling decision ●​ Nurse managers
making where it needs to occur-at ●​ Support staff
the bedside ●​ Performance improvement analytics
●​ Physicians
●​ Administration
 EIGHT PHASES OF CLINICAL 4. Development
INFORMATION TO SYSTEMS This phase encompasses the actual CIS
IMPLEMENTATION creations.

1. Planning Coding and Configuration:

This phase begins when an organization Developing software based on design
identifies a need addressable through CIS specifications..
development or implementation.
Integration:
Defining Project Scope: Ensuring seamless CIS operation with
Establishing clear objectives and goals. existing systems (e.g., EHRs, lab systems).

Conducting a Feasibility Study: Testing:

Assessing project viability regarding Conducting various tests (unit, integration,
technology, budget, and resources. and user acceptance testing) to ensure
correct system function and user needs
Forming a Project Team: fulfillment.
Assembling a diverse team to oversee the
project 5. Implementation
Once development is complete, the system
2. System Analysis is deployed.
Also known as the fact-finding phase.
Training Staff:
Gathering Requirements: Providing comprehensive training on
Collecting data requirements from effective system use.
stakeholders to understand the current
system and identify new system needs. Data Migration:
Transferring existing data while ensuring
Analyzing Existing Workflows: integrity.
Evaluating how current systems are used
and identifying potential improvements. Go-Live:
Launching the system for real-world
3. System Design/System Selection healthcare use.
This phase creates detailed CIS design
specifications. 6. Maintenance and Support
Post-implementation, ongoing support is
Designing Functional Components: crucial.
Outlining user interfaces, data management
processes, and integration points with other System Updates:
systems. Regularly updating software to improve
functionality and security.
Selecting Technology Stack:
Choosing the software and hardware to User Support:
support the CIS. Providing help desk services to address
user issues.
Vendor Selection:
If applicable, choosing a vendor aligning Feedback Loops:
with project needs. Continuously gathering user feedback for
iterative system improvements.
 7. Performance Monitoring and
Evaluation
This phase involves ongoing monitoring of
system performance against key metrics
(response times, error rates, user
satisfaction) to identify areas for
optimization and improvement. Regular
reports should be generated and reviewed.

8. Security and Compliance

This phase ensures the CIS meets all
relevant security and compliance standards
(e.g., HIPAA, GDPR). This includes regular
security audits, vulnerability assessments,
and implementation of security controls to
protect patient data.

Compliance with regulations:

Adherence to all relevant data privacy
regulations, including HIPAA (if applicable)
and local laws.

Access control:
Implementing strict access control
measures to limit access to patient data
based on roles and responsibilities.

Data encryption:
Encrypting all patient data both in transit
and at rest to protect against unauthorized
access.

Regular Security Audits:

Conducting regular security audits to
identify and address potential vulnerabilities.

Incident Response Plan:

Developing and implementing a
comprehensive incident response plan to
address data breaches and other security
incidents.

BENEFITS OF ELECTRONIC HEALTH

RECORD

1.​ Improves Quality of Care

2.​ Increases Efficiency
3.​ Boosts Patient Engagement
4.​ Reduces Medication Errors
5.​ Enhances Data Security
6.​ Enhance Data Accessibility
7.​ Cost-Efficient