Data privacy act

Question 1

An Act Protecting Individual Personal Information in

Information and Communications Systems in the Government and the Private Sector

Answer 1

Data Privacy Act of 2012

Question 2

When was the Data Privacy Act of 2012 enacted

Answer 2

Aug 15 2012

Question 3

Supports the right of persons to life, liberty and

property

Answer 3

Right to privacy

Question 4

Under the Bill of rights include these four:

Answer 4

1. Due process
2. Self incrimination
3. Freedom of speech
4. Freedom of religion

Question 5

Individuals ability to control the flow of information

concerning or describing him

Answer 5

Right to information privacy

Question 6

Right to Privacy must be overbalanced by _____

Answer 6

legitimate public concerns

Question 7

_____ of information on the part of the patient is a prerequisite to quality care and better health outcomes.

Answer 7

Full disclosure

Question 8

Implicit in the “Declaration of Policy” of the DPA is

the recognition that: (2 of them)

Answer 8

1. Law protects privacy

2. Free flow of information

Question 9

____ should not an obstacle for people to

obtain benefits from utilization of personal data

Answer 9

Data protection

Question 10

Use of personal data comes with a responsibility. The
_____ subjects should, at all times, be a
paramount consideration.

Answer 10

rights of data

Question 11

Any information from which the identity of an

individual is apparent

Answer 11

personal data

Question 12

Data containing Race, ethic origin, marital staturs, certificates issued by government agencies, education etc.

Answer 12

Sensitive personal information

Question 13

Processing of data can be done via: ( 2 of them)

Answer 13

1. automatically

2. Manually

Question 14

Who Process Personal Data

Answer 14

Personal information controller (PIC)

Question 15

the one who controls the processing of personal data, the one who decides

Answer 15

The individual, corporation or other sectors

Question 16

They are the ones that will be held liable in circumstances when Data Privacy Act is violated

Answer 16

Personal information controller (PIC)

Question 17

PIC is usually the head of the agency/ company.
Not the employees, not the data protection
officer, NOT the _____

Answer 17

Chief information officer

Question 18

Individual, corporation, or other body who
processes the personal data for a Personal
Information Controller (outsource. Ex: EMR
Provider)

Answer 18

Personal Information Processor

Question 19

Transparent data must be aware of : (2)

Answer 19

1. Nature

2. Purpose

Question 20

4 Extent of the processing of his/her personal data

Answer 20

1. Risk and safety
2. Identify PIC
3. Rights as data subject
4. How these rights are exercised

Question 21

The processing of information shall be with a declared

and specified purpose which must not be contrary to law, morals, or public policy

Answer 21

LEGITIMATE PURPOSE

Question 22

Proportionality must be these 4

Answer 22

→ Adequate
→ Relevant
→ Suitable
→ Necessary

Question 23

Any freely given, specified, informed indication of
will, whereby the data subject agree to the collection and processing of personal information
about and/or relating to him or her

Answer 23

Consent

Question 24

requires that processing of personal data shall be compatible with a declared and specified purpose.

Answer 24

Adhering to the priciple of legitimate purpose

Question 25

should be reflected on the

consent form

Answer 25

Data Privacy Principles

Question 26

Under the privacy information law, data consent should be in

Answer 26

written consent

Question 27

Cases in which consent is not required are as follows:

Answer 27

1. Private facts of person
2. Financial nature
3. Research or journals

Question 28

Info necessary for banks and Financial Institution to

comply with provisions of the ____

Answer 28

Anti-monetary laundering act

Question 29

Section where PERSONAL INFORMATION, NOT SENSITIVE

OR PRIVILEGED

Answer 29

sect. 12

Question 30

Under this section the processing is necessary to protect vitally important interests of the data subject, including his or her life and health.

Answer 30

sect. 12

Question 31

Section where SENSITIVE PERSONAL INFORMATION AND PRIVILEGED INFORMATION

Answer 31

Sect. 13

Question 32

Section stating that the processing is provided for by existing laws and regulations, where personal data protection is guaranteed, and consent is required

Answer 32

Sect. 13

Question 33

Data sharing is allowed provided that: 3

Answer 33

1. Safeguards
2. Follow prinicple of transparency
3. In agreement to the rules issued by the commission

Question 34

Indicate what are the data to be shared, who can access,

how they will destroy, etc

Answer 34

DATA SHARING AGREEMENT

Question 35

Data sharing agreement is subject to be reviewed via ____ or upon complaint of the data subject

Answer 35

motu proporio

Question 36

Inform the patient about everything

Answer 36

Right to information

Question 37

Object to the procurement of their data and object

to any violation of their rights

Answer 37

Right to object

Question 38

Patients can have access to their data but they are

not allowed to have a copy of their record

Answer 38

Right to access

Question 39

Any inaccurate information

Answer 39

Right to correct

Question 40

When somebody is prejudiced because of data
breach, they can file a complaint. The court may
award damages.

Answer 40

Right to damages

Question 41

If you have an old record from another hospital, you
can tell your physician about it and they can request
and use your old records from that hospital

Answer 41

Right to data portability

Question 42

what to do when: adhering to dat Privacy rpinciples, from collection of personal data

Answer 42

Review and develop protection procedures

Question 43

what to do when: Uphold the Rights of Data Subject, Including Privacy
Notices

Answer 43

PIC should implement
changes in policy and
systems

Question 44

what to do when: Obtain MEANINGFUL CONSENT for processing of personal data

Answer 44

Review existing contracts,

consent forms, and notices

Question 45

what to do when: Enter into DATA SHARING AGREEMENTS

Answer 45

Know if data sharing is being done beofre agreeing

Question 46

shall aim to maintain the

confidentiality, integrity, and availability of personal data

Answer 46

Security measures

Question 47

This is not simply a means to demonstrate compliance

with one of the legal requirements

Answer 47

DESIGNATING A DATA PROTECTION OFFICER

Question 48

should be empowered to
perform functions so as to assure that an organization
takes data privacy and security seriously

Answer 48

Data protection officer

Question 49

must have top management support to allow for

meaningful changes in the organization

Answer 49

Data protection officer

Question 50

process to evaluate
and manage privacy impacts in an organization’s
programs, process, activities, systems, and operation

Answer 50

Privacy impact assessment (PIA)

Question 51

This should proceed from an understanding of the

processing systems within an organization.

Answer 51

Privacy management program (PMP)

Question 52

This should take into account PIA and legal obligations and requirements. It includes privacy notices and privacy policies

Answer 52

Privacy management program (PMP)

Question 53

Non-disclosure agreements, training and capacity

building are involved

Answer 53

MANAGEMENT OF HUMAN RESOURCES

Question 54

These measures include design of office space and
workstations, including the physical arrangement of
furniture and equipment, shall provide privacy to
anyone processing personal data

Answer 54

Physical sercurity measures

Question 55

These measures are subject to guidelines are the commission may
issue from time to time.

Answer 55

Techinal security measures

Question 56

Report to the National Privacy Commission within __ hours from knowledge of breach based on info available

Answer 56

72

Question 57

Follow up report on the data breach is submitted within

Answer 57

5 days from knowledge