Data Privacy

Question 1

→ official health document of an individual shared among multiple facilities and agencies
→ demographic info, diagnosis, prescriptions, lab tests, contact info, visitation info, allergies, insurance info, family history, etc.

Answer 1

Electronic Medical Records (EMRs) or Electronic Health Records (EHRs)

Question 2

→ hospital discharge data reported to a government agency
→ data that organizations collect about their operations such as status reports on their routine operations

Answer 2

Administrative Data

Question 3

→ billed interactions between insured patients and healthcare systems (inpatient, outpatient, pharmacy, and enrollment)
→ collects information across a wide range of medical professionals
→ comes directly from the notes of physicians as info is recorded at the time of the appointment
→ allows researchers to analyze patients with rare conditions

Answer 3

Claims Data

Question 4

→ tracks a narrow range of key data for chronic conditions
→ uses observational study methods to collect uniform data to evaluate specified outcomes for a population
→ observes the course of the disease and the variations of treatment

Answer 4

Patient/Disease Registries

Question 5

→ conducted to provide prevalence rates of certain diseases
→ includes the measures of risk factors, health behaviors, and non-health determinants or correlations (e.g. socioeconomic status)

Answer 5

Health Surveys

Question 6

→ registry and results database hosted by government agencies or the WHO
→ clinical research data made available only through national or discipline-specific organizations
→ studies new tests and treatments that evaluate their effects on human health outcomes
→ data collected are variables relevant to the research hypotheses

Answer 6

Clinical Trials Data

Question 7

Documents used for study implementation (acronym is CRF)

Answer 7

Case Report Forms

Question 8

→ (acc. to the dictionary)—facts and statistics collected for reference
→ (acc. to philosophy)—things known or assumed as facts which shapes the basis of reasoning
→ (acc. to computing)—quantities, characters, or symbols where operations are performed by a computer that transmits electrical signals to record on various media platforms

Answer 8

Data

Question 9

→ ensures that data are not accessed by unauthorized entities

Answer 9

Data Security

Question 10

HIPAA stands for?

Answer 10

Health Insurance Portability and Accountability Act

Question 11

RA 10173

Answer 11

Data Privacy Act of 2012

Question 12

RA 10713 Chapter 1

Answer 12

General Provisions

Question 13

RA 10173 Section 1

Answer 13

Short Title

Question 14

RA 10173 Section 2

Answer 14

Declaration of Policy

• the state shall protect the human fundamental right of privacy and communication while ensuring a free flow of information
• the state recognizes the vital role of information and communications technology in nation-building and ensures that personal info is secured and protected

Question 15

RA 10173 Section 3

Answer 15

Definition of Terms

Question 16

Freely given permission evidenced by written, electronic, or recorded means

Answer 16

Consent

Question 17

Race, ethnic origin, marital status, age, color, religion, sex, etc.

Answer 17

Personal Information

Question 18

RA 10173 Section 4

Answer 18

Scope; applies to to any natural or juridical person involved in information processing

Question 19

RA 10173 Section 5

Answer 19

Journalist Protection

Question 20

RA 10173 Section 6

Answer 20

Extraterritorial Application; countries are obliged to deport foreign criminals running away from their country of origin if found guilty

Question 21

RA 10173 Chapter 2

Answer 21

National Privacy Commission

Question 22

RA 10173 Section 7

Answer 22

Function of the NPC; administer, implement, monitor, and ensure compliance of the country to international standards of data protection

Question 23

RA 10173 Section 8

Answer 23

Confidentiality

Question 24

RA 10173 Section 9

Answer 24

Organizational Structure of the Commission

Question 25

T or F: The NPC is attached to the DICT

Answer 25

True

Question 26

DICT stands for?

Answer 26

Department of Information and Communications Technology

Question 27

T or F: The DICT Chairman acts as the Privacy Commissioner of the NPC

Answer 27

True

Question 28

The current DICT Secretary

Answer 28

Sec. Gringo Honasan

Question 29

The three agencies attached to the DICT

Answer 29

• NTC
• NPC
• CICC

Question 30

NTC stands for?

Answer 30

National Telecommunications Commission

Question 31

CICC stands for?

Answer 31

Cybercrime Investigation and Coordinating Center

Question 32

RA 10173 Section 10

Answer 32

The Secretariat

Question 33

RA 10173 Chapter 3

Answer 33

Processing of Personal Information

Question 34

RA 10173 Section 11

Answer 34

General Data Privacy Principles

Question 35

RA 10173 Section 12

Answer 35

Criteria for Lawful Processing of Personal Information; consent must be given and the information is necessary as supported by the law

Question 36

RA 10173 Section 13

Answer 36

Sensitive and Privileged Information; prohibited by law but with the following exceptions:

• consent is given
• supported by law (legal purposes)
• to protect life and health
• there is lawful and non-commercial objective of public organizations
• medical treatment

Question 37

RA 10173 Section 14

Answer 37

Subcontract of Personal Information (third-party processing)

Question 38

RA 10173 Section 15

Answer 38

Extension of Privileged Communication (between doctor and patient)

Question 39

RA 10173 Chapter 4

Answer 39

Rights of the Data Subject

Question 40

RA 10173 Section 16

Answer 40

Data Subject Rights

Question 41

RA 10173 Section 17

Answer 41

Transmissibility of Rights of the Data Subjects

Question 42

RA 10173 Section 18

Answer 42

Right to Data Portability

Question 43

RA 10173 Section 19

Answer 43

Non-Applicability

Question 44

RA 10173 Chapter 5

Answer 44

Security of Personal Information

Question 45

RA 10173 Section 20

Answer 45

Personal Information Security

• accidental or unlawful destruction, alteration, and disclosure
• accidental loss, human dangers, unlawful access, fraudulent misuse, and contamination
• level of protection is dependent on the kind of information present
• monitoring of 3rd party processors

Question 46

RA 10173 Chapter 6

Answer 46

Accountability for Transfer of Personal Information

Question 47

RA 10173 Section 21

Answer 47

Principle of Accountability; the information controller is responsible and accountable for any personal information under their control or custody—including those transferred to a 3rd party whether domestic or international

Question 48

RA 10173 Chapter 7

Answer 48

Security of Sensitive Personal Information in Government

Question 49

RA 10173 Section 22

Answer 49

Responsibility of the Heads of Agencies

Question 50

RA 10173 Section 23

Answer 50

Requirements relating to Access by Agency Personnel to Sensitive Personal Information

Question 51

Type of access wherein security clearance is required

Answer 51

Onsite and Online Access

Question 52

Type of access approved by the head of the agency but with a limit of 1000 records only with encryptions required

Answer 52

Offsite Access

Question 53

RA 10173 Section 24

Answer 53

Applicability to Government Contractors

Question 54

International Data Laws:

→ Europe (2016)
→ gives control to the individual over their personal data and to simplify the regulatory environment

Answer 54

General Data Protection Regulation (GDPR)

Question 55

International Data Laws:

→ USA (1996)
→ stipulates how healthcare information should be protected from fraud and theft
→ addresses limitations on healthcare insurance coverage

Answer 55

Health Insurance Portability and Accountability Act (HIPAA)