Gensela L. Lacambacal
Records Officer V
Chief, Medical Records Division
Philippine General Hospital
UP Manila
The Medical Records Division of the Philippine General Hospital is aware of Republic Act 10173, also known as the Data Privacy Act of 2012, and is strictly complying with it.
As Personal Information Controller relating to health care records, our office implements the security measures required by the provision under Chapter V – Security of Personal Information, Section 20, particularly letter (e), which states that employees, agents or representatives of a personal information controller who are involved in the processing of personal information shall operate and hold personal information under strict confidentiality. We make sure every information collected from data subject is well-kept, stored and secured, specifically researches and chart reviews.
We also have guidelines on the release of sensitive information and information with clinical value, particularly: “The release of any information of a patient shall be done only with the written consent/waiver from the patients. This consent should be explicitly expressed in their general consent both in the in-patient admissions and out-patient consults.”
When it comes to accountability for transfer particularly in research, we designate an individual/s who is/are accountable for the organization’s compliance with Chapter VI under Acceptability for Transfer of Personal Information. It is stated in Sec. 21, Principles of Accountability, letter b: The identity of the individual/s so designated shall be made known to any data subject upon request. We are also using a Non-Disclosure Agreement Form for various purposes such as research, mortality review and conferences.
With regard to records disposition, particularly on records retention and disposal, we follow the legal records disposition schedule as prescribed by the National Archives of the Philippines.
Michael P. Lagaya
Chief Administrative Officer
Human Resources Development Office
and Data Protection Officer
UP Open University
The Data Privacy Act of 2012 is about protecting the employees’ personal information and sensitive personal information as enumerated in the RA. It also enumerates the rights of the data subjects and the corresponding penalties if we will be violating the law.
To protect my data, I do not give my personal information to anyone or even write down my personal information unless it is really required.
In our office, we provide the personal information of an employee only to him/her. If an employee will give us consent, that is only the time that we can disclose any information about him or her to a third party. We also secure our area by seeing to it that no other employee can access our physical and digital files. Our computers are all password-protected.
Frederick P. Omalza
4th Year, BS Biology
Chairperson, University Student Council
University of the Philippines Mindanao
The Data Privacy Act of 2012 is the government’s way of ensuring that personal and private data from various stakeholders are protected through law. It outlines the provisions, penalties, government responsibilities, rights and responsibilities of those who handle and own data and its implementation through the National Privacy Commission. It is an important law that every citizen must be familiar with, as our lives are now more intertwined with the Internet, and along with this comes more opportunities for criminals to take advantage of our data in the commission of crimes.
To protect my data, I ensure that my online accounts are enrolled in more secure protocols such as the two-step verification. I take note of security advisories against phishing schemes and avoid writing down usernames and passwords. We should also make others aware—especially the student body—as our collective security is key in mitigating the risks of living in a more online world.
