Barriers to the Adoption of EHR Systems in the Kingdom of Saudi Arabia

For this week’s coursework in MI227, I have focused on the article tackling the barriers to the adoption of EHR systems in the Kingdom of Saudi Arabia.

What are the key points of the article?

The main points discussed in the article are the barriers to the adoption of Electronic Health Records (EHR) Systems using a Systematic Review of Literature. The literature was based on 6 search engines namely, PubMed, EBSCO Host, Web of Science, ACM, IEEE and Google Scholar. Articles were limited to peer reviewed, empirical studies within Kingdom of Saudi Arabia (KSA). 12 studies were used by the authors which were extracted, analyzed, summarized and categorized empirical results related to EHR barriers.

“Healthcare experts and policymakers consider Electronic Health Records (EHRs) to be essential for improving patient safety, improving healthcare quality, and transforming the healthcare industry. Evaluation studies have shown that an EHR that involves a Computerized Physician Order Entry (CPOE) system can reduce medical errors by as much as 55%, and by 86% when coupled with a Clinical Decision Support (CDS) system. The benefits of an EHR have been well documented in the literature, including: optimizing the documentation of patient encounters, availability and timeliness of information, effective chronic disease management, improved quality of clinical decisions, supporting continuity of care and facilitating the exchange of up-to-date information among healthcare providers in distinct locations, reduction of redundant tests, and reduction of healthcare costs. In addition, EHRs are considered to be central in achieving patient-centered healthcare.” [1]


What lessons learned does it describe?

The article showed that the 4 main barriers that hinder the implementation of EHR system in KSA are (1) lack of computer experience, (2) lack of perceived usefulness, (3) lack of perceived ease of use by the healthcare professionals and (4) technical limitations. These four barriers along comprise 63% of the barriers reported in the literature. [1]

Some of the challenges in the healthcare system in the KSA as listed in the article.

Misdistribution of healthcare services – there is an uneven distribution of healthcare services within the KSA.

Rapid population growth – the rapidly increasing population of KSA will impose tremendous financial pressures on the healthcare systems.

Shortage of medical workforce – majority of health professionals in KSA are expatriates which leads to high levels of turnover and instability in the health workforce.

The need for effective Chronic Disease Management (CDM) programs – the constant increase in chronic diseases in the KSA calls for an early prevention as the best effective way to reduce said diseases.

How can this relate to the local setting in the Philippines?

The challenges in the healthcare system in the KSA are almost like the challenges in the healthcare system for the Philippines. The shortage of medical workforce might not be applicable as the Philippines have enough workforce, but with the limited availability of jobs.

Addressing the challenges in the healthcare system with the use of EHRs will greatly benefit the people by improving the delivery of healthcare services to those medically underserved through the different forms of telemedicine [2]. Using EHRs would make substantial cost savings to the healthcare system, as it was estimated that EHRs would make a potential savings of $77 billion per year in the US healthcare at a 90% level of adoption. [3] EHRs can also improve productivity of clinicians and decrease the time spent per patient visited by physicians which is a good sign for countries experiencing a shortage of clinicians. The use of EHRs could also assist in the changing of health behavior an individual and could be used to track the delivery of recommended preventive across primary healthcare centers.

The results from this article can be used and adopted to Philippine setting to assist in policy makers in planning an designing policies to increase the adoption of EHRs. The results can also help HER vendors in system development and marketing. This will also help researchers in further investigating the reported barriers in different settings and regions. As this study summarizes the current evidence regarding EHR adoption barriers in the KSA, future research will build upon this current evidence and will focus on developing the appropriate framework for the adoption of EHRs in the KSA. [1]



  1. Alqahtani, Asma, Crowder, Richard & Wills, Gary., Barriers to the Adoption of EHR Systems in the Kingdom of Saudi Arabia: An Exploratory Study Using a Systematic Literature Review. 2017 July 09. Vol. 11 No. 2, 2017. Journal of Health Informatics in Developing Countries.
  2. Raposo VL. Electronic health records: Is it a risk worth taking in healthcare delivery? GMS Health Technology Assessment. 2015 Dec 10;11.
  3. Hillestad R, Bigelow J, Bower A, Girosi F, Meili R, Scoville R, et al. Can electronicmedical record systems transform health care? Potential health benefits, savings,and costs. Health Affairs. 2005;24(5):1103–17.


#MI227 #HealthInformatics #MSHI #UPManila



The Tardis Technician, aka MS Health Informatics Student.

A person can choose to never stop learning and this is the philosophy that I have adopted. I graduated from college more than ten years ago but since then, education, whether formal or informal, has and will always be a part of my life. My career can be said to be quite a curious one – I have an industrial economics degree, which I’ve applied in two industries, namely the automotive and hotel industries, and I also have a bachelor’s degree in nursing and I’ve worked in hospitals and aged care facilities. While these fields, at first glance, appear dissonant, I’ve learned that the skills in one can also be applied to the other. In particular, in my operations experience in the automotive and hotel industries, I have seen the advantage of the use of technology and believe that this can be used to an advantage in providing greater benefit in providing better patient care. It is this intersect — that of medicine and technology — that I would like to focus on and develop myself professionally. It is a direction where I can harmonize and apply what I have learned in my current and past roles. It is a field that is of extreme interest to me, not only because of its potential but also because I believe it is where I will develop my strengths. I have a natural inclination to the use of technology as I recognize, and have availed of, its benefits. At the same time, I feel fulfilled when I work in the medical field. It is challenging and rewarding to be directly responsible for the care and happiness of each patient that I have assisted.

Self-directed learning as a method of instruction is ideal for post-graduate studies. A more mature student can be trusted on to take initiative in seeking out answers and not merely relying on others to provide them. Education is as much the process as it is about the outcome. Self-directed learning promotes resourcefulness and discipline. It also makes the student accountable for his education. Because the student has actively chosen the path of his studies, he places a greater value on what is learned. In the modern world, it also creates an opportunity for a student to explore and develop his own interests and to adapt his studies to real world scenarios and experiences.

I lived in Australia for an extended period, during which, I took the opportunity to observe how hospitals and health care facilities used facilities to the benefit of patients. The use of technology helped in minimizing waiting time, assisted nurses and doctors in their tasks, improved efficiency and accuracy. This use of technology was not exercised not only in the high-end facilities but also in public hospitals. In stark contrast, I also worked in a Philippine local government hospital where I witnessed that there was a lack of resources, leading to problems such as not having a standard method of information data-gathering and patients experiencing delays in receiving medical attention. I would like to explore whether the prevalent use of technology, such as in Australia, can be replicated to some extent by our public hospital and facilities.  With this in mind, I’ve considered the following as possible areas of research: (A) because I’ve seen how long it can take to verify and re-verify the patient coming from one hospital to another, whether there can be a standardized system of patient information gathering and sharing among and between government and private hospitals – i.e. whether it would be possible for the hospital industry in to share a secured database for all the patients in the country, which would minimize the time it takes for patients to be admitted from a one hospital to another, may it be private or government; (B) maximizing mobile technology in improving patient care. Mobile technology such as tablets and smartphones have become affordable thus increasing accessibility.  This would be of particular help to low budget hospitals and health centers that would not have the capacity to purchase computers. I would like to know if there is a way to use this kind of mobile technology as a tool in improving the much needed improved data gathering of patient information and data access to help minimize the waiting time of each patient from the time they arrive in the medical institution until they are diagnosed and treated by the doctors; (C) whether mobile technology can be used by a barangay health center in monitoring data of its constituents, which would enable local government officials to: (i) ensure that it has the proper resources for the needs of its people such as medicines and equipment, and (ii) to promote the appropriate education/awareness campaigns and programs. I am hoping that in the course of my studies, I can get advice on which of the foregoing would be the most worthwhile pursuing or if these preliminary ideas can be further developed and formed into clearer research topics.


#HealthInformatics #MSHI #UPManila #Welcome2017!



Bigger on the Inside: A TARDIS view of Health Informatics

A TARDIS or Time And Relative Dimension In Space is a fictional timemachine and spacecraft that appears in the British science fiction television program Doctor Who (1). As a Whovian (Doctor Who fans), I found it interesting to use this reference in starting my blog for my introductory subject for Health Informatics in MS Health Informatics in UP Manila. Thus, this blog TardisTechSupport was born.

The most peculiar feature of the TARDIS is that it is bigger on the inside than the outside. The outside of the TARDIS is a plain old school color blue Police Box from the United Kingdom. But when one steps inside the TARDIS, one can be awed as to how big and spacious it can be, with the big control room at the center of the room. For Whovian, I subscribe to the thinking in the image found below — “I think Inside the Box. Because it’s bigger on the inside.”


image from:

Tardis Exterior

tardis-exterior-2010image from:

Tardis Interior

tardis-interiorimage from:

I think that Health Informatics can be said to be similar to the TARDIS, wherein one may think that it is just a small subject to tackle (like a simple unassuming police box), but once you get inside, there are a lot of space and information that one can explore just to understand the subject more.

I started this subject just a few months back and I can say that I still have a lot to explore on this subject matter.

The first blog I started on with this subject was “The ever changing world of Informatics, Global Health and eHealth.” Informatics, Global Health and eHealth were defined in the blog, but the relevance of each one can be seen in the Concept Map shown below. We started with the concepts of public health and international health to give us Global Health. Global health combined with Informatics will give us eHealth. Lastly, moving forward from eHealth along with new technologies will bring us to the future of eHealth.


image from:

We then moved on to the Future of eHealth, but more specifically the “Future of Health Informatics in the Philippines”. In this entry, I discussed the 3 major issues that impede the progress of health informatics and gave proposals to promote widespread use and accessibility, awareness, ease and comfort of use, and beneficial use and efficiency. (2) This can be clearly seen on the infographic below.


image from:

Along the way, we also discussed the status of health information systems in developing countries as well as the governance and management in health informatics. We identified some steps to achieve the advancement of health informatics in the Philippines, namely:

  • The eHealth be part of the official curriculum of medical students
  • Formal training to be given to medical staff
  • Identification and adoption of best practices
  • Tailor-fitting health informatics to the Philippine situation

Another interesting topic that was discussed was the establishment of the Philippine Health Information Exchange thru the partnership between the Department of Science and Technology (DOST), Philippine Health Insurance Corporation (PHIC) and Department of Health (DOH). The Philippine Health Information Exhange (PHIE) is a health informatics system that will allow the operation and accurate use of data from various institutions and health facilities around the country. Below is the flowchart on how the PHIE will handle the shared health information among and between different health providers.


image from:

Enterprise architecture in healthcare is one of the lengthier and harder topics to discuss in Health Informatics. In the enterprise architecture entry, I summarized the type of enterprise architecture frameworks available and chose which one would be the best applicable to the health sector. Some of the enterprise architecture compared are Zachman Framework, The Open Group Architecture Framework (TOGAF), the Extended Enterprise Architecture Framework (E2AF) and the Generalised Enterprise Reference Architecture and Methodology (GERAM). Among these 4 types, The Open Group Architecture Framework (TOGAF) is the best suited for the Philippine Health Information System.

The idea of Electronic Health Records was the first thing that came into my mind when I applied for the Masters in Health Informatics. It showed how limited my knowledge of health informatics before entering this course. As soon as I opened the doors, it became clear that I am barely scratching the surface on this field. Under this topic, I’ve learned other names for “Electronic Health Records”, namely, Automated Health Records, Electronic Medical Records and Computer-based Patient Record. Regardless of how the system is called, it is important to recognize that the records must be organized primarily to support continuing, efficient and quality health care. Each system must also continue to meet legal, confidentiality and retention requirements of the patient, the attending health professional and the healthcare institution. The World Health Organization listed some issues and challenges in using Electronic Health Records: (3)

  • Unique patient identifier must be addressed before moving forward to automation
  • Clinical data entry issues and lack of standard of terminology
  • Resistance to computer technology and lack of computer literacy
  • Strong resistance to change by many health care providers
  • High cost of computers and computer systems and funding limitations
  • Concern by providers as to whether information will be available on request
  • Concerns raised by the healthcare professionals, patients and the general community about privacy, confidentiality and the quality and accuracy of electronically generated information
  • Quality of electronic healthcare information and accuracy of data entries
  • Lack of staff with adequate knowledge of disease classification systems
  • Manpower issues – lack of staff with adequate skills
  • Environmental issues – electrical wiring and supply of electricity, amount and quality of space needed for computers, etc.
  • Involvement of clinicians and hospital administrators

After the Electronic Health Record topic, we moved to Personal Health Records. We focused on an electronic application used by patients to maintain and manage their health information in a private, secure, and confidential environment. For this topic, we tested out different Personal Health Records mobile applications. Being an iPhone user, I searched the AppStore and narrowed it down to 5 applications, namely, onpatient PHR, Healthspek, FollowMyHealth, Health Tracker and Manager for iPhone and Teledoc Member. Among these 5, I chose FollowMyHealth as my top Personal Health Records app. All applications have their advantages and disadvantages, but FollowMyHealth outweighs the advantages over its disadvantages. The image below is the sample format of the FollowMyHealth mobile application.


image from:

Standards and Interoperability as a subject matter is concerned with the concept of healthcare institutions in adopting standards to ensure its interoperability due to the rising cost of healthcare. Aside from lowering costs, “Interoperability will bind together a wide network of real-time, life-critical data that not only transform but become health care.”(4) ICD-10 or International Classification of Disease Version 10 is another subject that I am looking forward to taking next semester. ICD-10 is a set of codes that hold critical information about epidemiology, managing health and treating conditions.

Another topic discussed within the course is the Clinical Decision Support and an example is CHITS-EMR or Community Health Information Tracking System-Electronic Medical Records. This is an open source electronic medical record system designed to run in public health centers and rural health units. CHITS-EMR has built-in modules for general patient consultations scheduling, maternal care services, child care, family planning and reporting features for the Department of Health (DOH) Field Health Service Information System. CHITS-EMR runs over a local area network (LAN) installed inside the health center and accessible to computers installed within the health center.


image from:

Under the Knowledge Management and Information Retrieval topic, we discussed a sample local public health problem that can be solved by the proper and targeted information education and dissemination to individuals to achieve the intended results of the healthcare program. In this entry, we discussed how knowledge management can benefit the vaccination system and scheduling of parents and children.

Legal and ethical issues also exist in Health Informatics. We discussed how on “privacy, confidentiality, security and trust”in relation to the policies that need to be put in place to protect the Filipino patient’s privacy and confidentiality of health information. A question arose as to whether the Data Privacy Act of 2012 was adequate to protect confidential health information. These 2 blogs were combined as a single blog answering both driving questions. The Data Privacy Act of 2012 is a policy promulgated by the lawmakers to protect the privacy and confidentiality of health information of the patient. In my view, the law is adequate to protect the confidential health information of the patient. Images posted by the facebook page DataPrivacyPH shows Section 16 of the Data Privacy Act of 2012. The following images are owned by DataPrivacyPH.


images from:

For the topic on Telehealth, we focused on the 2 pending bills involving telehealth, the Telehealth Act of 2012 and Telehealth Act of 2014. I  chose 2 sections and suggested revisions on the said sections. I chose the sections on databases and privacy as these two parts are intertwined with one another. Databases will contain vital and confidential information of the patients, thus the privacy of said information is of utmost importance. Some suggestions revolved  the need to properly secure the databases of the patients as well as ensuring that the privacy thereof will not be compromised. The penalties for the breach of said databases and privacy will be a great deterrent for breach and will ensure that the providers and personnel will handle the medical records of each patient with importance and security.

The last topic for Health Informatics is mHealth or Mobile Health. For this. we were tasked to plan our own mobile health application and discuss how the contents and features of our own mobile application will benefit the patients or individuals targeted for the said mobile application. As for my mobile health application, I decided to make one designed specifically for elders and senior citizen use. From my personal experience, I saw firsthand the likelihood that our elders would sometimes forget the medical documentations and instructions for their care. This application will ensure that the information will not only be transferred from the medical provider to the elderly patient, but to the relatives as well. The relatives must be authorized by the elderly to be able to have access to his/her medical information, otherwise this can be seen as a breach of doctor and patient confidentiality. The main reason that I decided to focus on this application is to minimize the mistakes that elders and seniors are prone to committing when they are visiting their doctors alone or with an assistant who might also be not familiar with handling the instructions of the doctor. The image below shows how I want the mobile application to look after development.


image from:

And this is where I will end this blog series. Health Informatics is indeed bigger on the inside than the outside, once you enter through its doors. I plan to continue updating this blog whenever I encounter anything interesting or novel that is relevant to Health Informatics. There are new paths to cross in this field in the same way that some areas inside the TARDIS are still unexplored.

#MSHI #HI201




  2. Marcelo A. Health Informatics in the Philippines. APAMI/MIST 2006 yearbook.
  3. Electronic Health Records: A Manual for Developing Countries. World Health Organization, 2006.
  4. Brailer DJ. Interoperability: The Key to the Future Health Care System. Health Affairs; 2013 [Online]. Available from: Accessed on: 29 January 2013


Mobile Application for Senior Citizens and Family Members to assist in the regular doctor visits of the patient.

From my personal experience, our elderly relatives and senior citizens have a higher risk to loose documents and papers when they hold or keep them. A regular checkup with a medical doctor will, with the minimum, give instructions on when is the next visit. There will be other instructions like the possible medications, when and how long to take them. These things are usually listed down on prescription pad by the medical doctor. The use of this application is to transfer the data from the hard copy prescription pad into the soft copy on the mobile application. This will provide a soft copy of all the medical documentation of the patient regarding the last visit, medications and schedule of next visits. Family members will have an actual interface and data in their phones so as to monitor the medical data of their elderly members of the family. The data inputted can only be edited and updated by an assigned designated family member, authorized doctor or authorized nurse in updating the information. The senior cannot update the said information without the help of another individual to avoid accidentally removing important medical information given by the doctor or the healthcare provider. Interface will be provided with big fonts and easy to read. The data will be able to sync among the allowed devices connected to the primary device of the elderly or senior person. This application will work with either a mobile phone or tablet. This will also be available in both the Android and iOS operating system.












#MSHI #HI201





How can telehealth support healthcare delivery in the Philippines?

To begin, we need to know the meaning of telehealth. As defined by Health Resources and Services Administration (HRSA), telehealth is “the use of electronic information and telecommunications technologies to support long-distance clinical health care, patient and professional health-related education, public health and health administration.”

To relate telehealth in the Philippine setting, it is important to note that there are two pending bills involving telehealth. The first on is the proposed Telehealth Act of 2012 or House Bill No. 6336, which was introduced by then Congressman Joseph Abaya. As stated in the objectives and purpose of this bill, the Telehealth Act shall provide a policy framework and establish a National Telehealth System that will govern the practice and development of telehealth in the country. The National Telehealth System will shall be a comprehensive, integrative, sustainable and progressive system that will facilitate inter-agency and inter-sectoral coordination at various levels of governance covering both the public and private sectors.

The second is the proposed Telehealth Act of 2014 or House Bill No. 4199, which was introduced by then Congressman Rogelio Espina. The objectives and purpose of this bill is similar to the Telehealth Act of 2012 as stated above. The declaration of the policy has been improved from the original Telehealth Act of 2012 which is “it is the policy of the State to protect and promote the right to health of the people, especially for those in the medically unserved and underserved areas.” The proposed Telehealth Act of 2014 declaration of policy states “the State shall protect and promote the right to health of the people and instill health consciousness among them. Henceforth, it is the intent of the Legislature to recognize the practice of telehealth as a legitimate means by which an individual may receive health care services from a health provider without in-person contact with health provider.” Furthermore, it states that “Telehealth or Telemedicine shall not be construed to alter the scope of practice of medicine or any health care provider or authorize the delivery of health care services in a setting or in a manner not otherwise authorized by law.”

For this entry, I will focus on two sections to evaluate and will suggest some revisions.  I will refer to the proposed Telehealth Act of 2014 as this is the more recent House bill.

Under the proposed Telehealth Act of 2014, Section 9 states: “Databases – All telehealth centers and originating sites shall coordinate with DOH for consolidation of pertinent databases. DOH shall maintain and manage a national database for consults on clinical cases as well as health and medical education exchanges.”

This section is lacking in such that the definition on how databases shall be managed and maintained is not clear. Databases in the medical field are much valued as the data gathered therein can help decision makers create paths and policies for the improvement of health, while health care providers can use such data to improve the delivery of health care to patients. The contents of such databases usually cannot be replicated anymore, thus it is important that such contents be handled properly and safely. The proposed Telehealth Act of 2012, Section 12, states that all telehealth centers and originating sites shall coordinate with the National Telehealth Reference Center (NTRC) for the consolidation of patient databases. The NTRC shall maintain and manage a national database for clinical cases as well as health and medical education exchanges made through the National Telehealth System. Specifying an actual agency that will handle and secure the medical databases is better than just handling it to DOH. The DOH is already a very big and busy agency such that this section might be overlooked. Another important feature that was lacking in the proposed Telehealth Act of 2014 is the need for the NTRC to submit annual reports both to the National Telehealth Board and DOH on the status of and relevant health information derived from the database. Lastly, under the earlier bill, it was provided that a plan for a long-term outcome evaluation of telehealth service utilizing cases registries shall be developed within two years of the passage of the Telehealth Act. This means that there will be continuity in the program and the continuous improvement of the databases ensures that there will be medical information that can be used to improve the decision making and healthcare of the people.

Another section of the proposed Telehealth Act of 2014 that I want to discuss is Section 12, “Privacy – Any medical records generated, including records maintained via video, audio, electronic, or other means due to telehealth examination, consultation or monitoring must conform to the laws regarding the confidentiality of healthcare information of the patient, his/her rights to medical information and recordkeeping requirements. Violation thereof shall constitute unprofessional conduct and would be liable to a fine not exceeding five (5) thousand pesos without prejudice to administrative, civil or criminal liability. Telehealth technology used by health care provider must be encrypted and must use a record keeping program to record each interaction.” The general content of this section is comprehensive as regards the thrust to protect the privacy of the medical records of the patient and is aligned with the Data Privacy Act of 2012 which ensures that human right of privacy is protected while ensuring the free flow of information. This was discussed in the previous blogs on the Data Privacy Act of 2012. What I would suggest is to increase in the penalties for such violation of this section or to make a reference to Chapter VIII of the Data Privacy Act of 2012, wherein substantial penalties are imposed. The proposed penalty of five thousand pesos is paltry compared to the breach of privacy of the patient. A bigger penalty, jail time and the risk of losing the license to practice in the medical field will be a greater deterrent against the breach of privacy and will ensure that healthcare providers and personnel will handle the medical records of each patient with importance and security.



Marcelo. Telehealth in the Philippines.


#MSHI #HI201



Legal and Regulatory Issues in eHealth

In order to answer the driving questions for Week 13: Privacy, Confidentiality, Security and Trust and Week 14: Legal and Regulatory Issues in eHealth, it will help to combine these two as the subject matter are intertwined.

Week 13 Driving Question: What policies are in place to protect the Filipino patient’s privacy and confidentiality of health information?

Yes, we have a law in place to protect the Filipino patient’s privacy and confidentiality of health information. This law is the Data Privacy Act of 2012 or Republic Act No. 10173 “An act protecting individual personal information in information and communications systems in the government and the private sector, creating for this purpose a national privacy commission, and for other purposes”. This was passed by the Senate and the House of Representative on June 6, 2012 and approved by the President on Aug 15, 2012.

Week 14 Driving Question: Is the Data Privacy Act adequate to protect confidential health information?

Yes. I think that the newly created Data Privacy Act of 2012 is adequate to protect confidential health information of the patient. We will tackle some pertinent sections to support this statement.

“SEC. 2. Declaration of Policy. – It is the policy of the State to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth. The State recognizes the vital role of information and communications technology in nation-building and its inherent obligation to ensure that personal information in information and communications systems in the government and in the private sector are secured and protected.”

The last sentence in Section 2, specifically mentions that “…its inherent obligation to ensure that personal information in information and communications systems in the government and in the private sector are secured and protected.” Health information of a patient is owned by the patient; thus it is covered within the “personal information” of that patient that is mentioned in Section 2. This is further supported under Section 3, Definition of Terms, (g) which states that “Personal information refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.” A medical record is considered a confidential health information that can easily identify an individual based on the recorded information. This is why the confidential health information in a medical record falls under the definition of this particular section.

“SEC. 13. Sensitive Personal Information and Privileged Information. – The processing of sensitive personal information and privileged information shall be prohibited, except in the following cases:

(a) The data subject has given his or her consent, specific to the purpose prior to the processing, or in the case of privileged information, all parties to the exchange have given their consent prior to processing;

(b) The processing of the same is provided for by existing laws and regulations: Provided, That such regulatory enactments guarantee the protection of the sensitive personal information and the privileged information: Provided, further, That the consent of the data subjects are not required by law or regulation permitting the processing of the sensitive personal information or the privileged information;

(c) The processing is necessary to protect the life and health of the data subject or another person, and the data subject is not legally or physically able to express his or her consent prior to the processing;

(d) The processing is necessary to achieve the lawful and noncommercial objectives of public organizations and their associations: Provided, That such processing is only confined and related to the bona fide members of these organizations or their associations: Provided, further, That the sensitive personal information are not transferred to third parties: Provided, finally, That consent of the data subject was obtained prior to processing;

(e) The processing is necessary for purposes of medical treatment, is carried out by a medical practitioner or a medical treatment institution, and an adequate level of protection of personal information is ensured; or

(f) The processing concerns such personal information as is necessary for the protection of lawful rights and interests of natural or legal persons in court proceedings, or the establishment, exercise or defense of legal claims, or when provided to government or public authority.”

From this section, we can see that the general rule is that processing of personal information and privileged information is prohibited, except for the following cases as listed from (a) to (f) in this section. Sub-section (a) is commonly used and is generally applicable in medical practice. A patient will need to freely sign his consent before any medical procedure is done to him/her. This will be in writing to ensure that the patient already gave the health care providers the consent needed before the start of the procedure or treatment. Without this consent, the health care providers can choose not to push through with any procedure on the patient, for the protection of the health care provider as well as that of the patient. This sub-section clearly states that the data subject has to give his or her consent specific to the purpose prior to the processing and use of his data.

Another sub-section that is applicable to medical related data is sub-section (e). This states that the processing of data is necessary and important for purposes of medical treatment and is carried out by a medical practitioner or medical treatment institution. This sub-section relates to medical emergencies wherein a medical treatment must be done to the patient, such that gathering of his sensitive personal information is allowed in order to save his life. The last portion of that sub-section still states that there should be an adequate level of protection of personal information even if the purpose is for a medical treatment. We can see that the framers of the law still prioritized the need to ensure the protection of personal information, even if this is for use of a medical treatment. This means that even if the medical personel are there to save the life of the patient, the medical personnel still need to provide adequate level of protection of the sensivite personal information of the patient.

These two subsections are indicative of how the framers of the law intended to protect sensitive health information of a patient. The primary consideration is that medical personnel should provide adequate level of protection of the personal information of the patient under their care and supervision. The general rule is that the processing of sensitive personal information and privileged information shall be prohibited and any processing of sensitive personal information and privileged information should fall within the exceptions in order to be valid or allowed under the law. Chapter VIII of the Data Privacy Act imposes serious penalties, consisting of imprisonment and substantial fines, on those who violate the act such as those who conduct unauthorized processing of personal information.

Lastly I have come upon this images from DataPrivacyPH and talks about the Rights of the Data Subject under Section 16 of this law. These are useful in informing the public of their rights under this law.



Images owned by:

#MSHI #HI201