Pediatric Ophthalmology, Strabismus & Health Informatics

Blogs about Pediatric Ophthalmology, Strabismus, Health Informatics and More

You are here: Home / Archives for kidseyes

Protecting The Filipino Patient’s Privacy and Confidentiality

by 1 Comment

Protecting the Filipino Patient’s Privacy and Confidentiality: What Policies are in Place?

(Combined week 13-14 assignments for #HI201 #MSMHI)

 

blog.greenearthbamboo.com
blog.greenearthbamboo.com

 

These are some of the policies we have in place, protecting the Filipino Patient’s Privacy and Confidentiality—(1) The Bill of Rights in our 1987 Constitution; (2) Republic Act 10175 or the Cybercrime Prevention Act of 2012; (3) Republic Act 10173 or the Data Privacy Act of 2012; (4) the Philippine Medical Association’s Code of Ethics, and (5) the Magna Carta of Patient’s Bill of Rights and Obligations, among others.

 

http://image.slidesharecdn.com
http://image.slidesharecdn.com

 

Bill of Rights, Philippine Constitution 1987

 In the Philippines’ 1987 Constitution, the Filipino patient’s right to privacy and confidentiality is guaranteed under Article 3, Section 3:

“ The privacy of communication an correspondence shall be inviolable except upon lawful order of the court, or when public safety or order requires otherwise, as prescribed by law.”

 

http://1.bp.blogspot.com
http://1.bp.blogspot.com

Republic Act 10175: Cybercrime Prevention Act of 2012

 Under the Cybercrime law, pertinent sections that protects patient privacy are under Chapter II, SEC. 4. Cybercrime Offenses. — The following acts constitute the offense of cybercrime punishable under this Act: (a) Offenses against the confidentiality, integrity and availability of computer data and systems: (1) Illegal Access. – The access to the whole or any part of a computer system without right. (2) Illegal Interception. – The interception made by technical means without right of any nonpublic transmission of computer data to, from, or within a computer system including electromagnetic emissions from a computer system carrying such computer data. (3) Data Interference. — The intentional or reckless alteration, damaging, deletion or deterioration of computer data, electronic document, or electronic data message, without right, including the introduction or transmission of viruses. …”

 

Layout 1

Republic Act 10173: Data Privacy Act of 2012

 Under the Data Privacy Act, protection of patient privacy and confidentiality is protected under the following:

“Section 13. Sensitive Personal Information and Privileged Information. The processing of sensitive personal information and privileged information shall be prohibited, …except in the following instances: data subject consent; existing laws and regulations; to protect the life and health of data subject; lawful and noncommercial objectives of public organizations and associations; medical treatment; protection of lawful rights and interest of natural or legal person in court proceedings; or the establishment, exercise, or defense of legal claims; or, when provided to governments or public authority.”

Sec 19. Non Applicability. The …preceding sections are not applicable if the processed personal information are used only for the needs of scientific and statistical research….the personal information shall be held under strict confidentiality and …used only for the declared purpose.

 

Chapter V. Security of Personal Information.

SEC. 20. Security of Personal Information. – (a) The personal information controller must implement reasonable and appropriate organizational, physical and technical measures intended for the protection of personal information against any accidental or unlawful destruction, alteration and disclosure, as well as against any other unlawful processing. (b) The personal information controller shall implement reasonable and appropriate measures to protect personal information against natural dangers such as accidental loss or destruction, and human dangers such as unlawful access, fraudulent misuse, unlawful destruction, alteration and contamination. (c) The determination of the appropriate level of security under this section must take into account the nature of the personal information to be protected, the risks represented by the processing, the size of the organization and complexity of its operations, current data privacy best practices and the cost of security implementation. Subject to guidelines as the Commission may issue from time to time, the measures implemented must include: (1) Safeguards to protect its computer network against accidental, unlawful or unauthorized usage or interference with or hindering of their functioning or availability; (2) A security policy with respect to the processing of personal information; (3) A process for identifying and accessing reasonably foreseeable vulnerabilities in its computer networks, and for taking preventive, corrective and mitigating action against security incidents that can lead to a security breach; and (4) Regular monitoring for security breaches and a process for taking preventive, corrective and mitigating action against security incidents that can lead to a security breach. (d) The personal information controller must further ensure that third parties processing personal information on its behalf shall implement the security measures required by this provision. (e) The employees, agents or representatives of a personal information controller who are involved in the processing of personal information shall operate and hold personal information under strict confidentiality if the personal information are not intended for public disclosure. This obligation shall continue even after leaving the public service, transfer to another position or upon termination of employment or contractual relations. (f) The personal information controller shall promptly notify the Commission and affected data subjects when sensitive personal information or other information that may, under the circumstances, be used to enable identity fraud are reasonably believed to have been acquired by an unauthorized person, and the personal information controller or the Commission believes (bat such unauthorized acquisition is likely to give rise to a real risk of serious harm to any affected data subject. The notification shall at least describe the nature of the breach, the sensitive personal information possibly involved, and the measures taken by the entity to address the breach. Notification may be delayed only to the extent necessary to determine the scope of the breach, to prevent further disclosures, or to restore reasonable integrity to the information and communications system. (1) In evaluating if notification is unwarranted, the Commission may take into account compliance by the personal information controller with this section and existence of good faith in the acquisition of personal information. (2) The Commission may exempt a personal information controller from notification where, in its reasonable judgment, such notification would not be in the public interest or in the interests of the affected data subjects. (3) The Commission may authorize postponement of notification where it may hinder the progress of a criminal investigation related to a serious breach.”

 

https://www.philippinemedicalassociation.org
https://www.philippinemedicalassociation.org

 

The Philippine Medical Association’s (PMA) Code of Ethics

Under the PMA’s Code of Ethics patient privacy and confidentiality is covered by Article 2. Duties of Physicians to their Patients, in the PMA Code:

“Section 6. The physician should hold as sacred and highly confidential whatever may be discovered or learned pertinent to the patient even after death, except when required in the promotion of justice, safety and public health.”

 

http://www.arapm.com
http://www.arapm.com

 

The Magna Carta of Patient’s Bill of Rights and Obligations

 The Magna Carta stating patient’s bill of rights and obligations has made to to the house of Congress several times.  One version is sponsored by Senator Pia Cayetano, during the 16th Congress:

“Right To Privacy and Confidentiality–The patient has the right to privacy and protection from unwarranted publicity.  The right to privacy shall include the patient’s right not to be subjected to exposure, private or public, either by photography, publications, video-taping, discussion, or by any other means that would otherwise tend to reveal his person and identity and the circumstances under which he was, he is, or he will be, under medical or surgical care or treatment.  …  All identifiable information about a patient’s health status, medical condition, diagnosis, prognosis and treatment, and all other information of a personal kind, must be kept confidential even after death.  Provided, That descendants may have a right of access to information that will inform them of their health risks.  All identifiable Patient data must also be protected.  The protection of the data must be appropriate as to the manner of its storage.  Human substance from which identifiable data can be derived must be likewise protected.

Confidential information can be disclosed in the following cases: i. When the patient’s medical or physical condition is in controversy in a court litigation and the court, in its discretion, orders the patient to submit to physical or mental examination of a physician; ii. When public health or safety so demands; iii. When the Patient, or in his incapacity, his/her legal representative, expressly gives the consent; iv. When the patient’s medical or surgical condition is discussid in a medical or scientific forum for expert discussion for I his/her benefit or for the advancement of science and 6 medicine, Provided however, That the identity of the Patient should not be revealed; and v. When it is otherwise required by law.”

 

http://static.rappler.com
http://static.rappler.com

 

OTHER PROTECTION

Entities like the PHILHEALTH and other accrediting agencies (e.g., ICO, JCIA) did not wait for the Patient’s Bill of Rights to be signed into law, and required that the same rights be communicated to the patient in a formal education material. Patient rights to privacy and confidentiality, data security, as well as informed consent are tenets that are followed even without an enabling law.

In addition, major hospitals, aside from the PMA Code of Ethics, also have written codes of professional conduct for staff to follow. The same is true for the subspecialty societies such as the Philippine College of Physicians and the Philippine Academy of Ophthalmology, which espouse the tenets of protecting patient confidentiality and privacy.

 

What needs to be done?

Despite the presence of these laws, however, RA 10175 and RA 10173 are still waiting for “Implementing Rules and Regulations” before full implementation. These need to be crafted before the law can become an implementable law.

 

References

1.  1987 Constitution of the Republic of the Philippines. Bill of Rights.  http://www.gov.ph/constitutions/the-1987-constitution-of-the-republic-of-the-philippines/.  Accessed November 15, 2014.

2.  Republic Act 10175, Cybercrime Prevention Act of 2012. http://www.gov.ph/2012/09/12/republic-act-no-10175/.  Accessed November 15, 2014.

3.  Republic Act 10173, Data Privacy Act of 2012. http://www.gov.ph/2012/08/15/republic-act-no-10173/.  Accessed November 15, 2014.

4.  Code of Ethics of the Philippine Medical Association.  https://www.philippinemedicalassociation.org/downloads/pma-codes/FINAL-PMA-CODEOFETHICS2008.pdf.  Accessed November 15, 2014.

5.  Sixteenth Congress, Senate Bill 151. Magna Carta of Patient’s Rights and Obligations of 2013.  Sponsored by Senator Pia Cayetano.  http://www.senate.gov.ph/lisdata/1597713214!.pdf.  Accessed November 26, 2014.

6.  Patient Rights and Organizational Ethics.  in Hospital Benchbook Masterlist of Indicators, Philippine Health Insurance Corporation.  http://www.philhealth.gov.ph/partners/providers/benchbook/Masterlist_of_Indicators.pdf, accessed November 26, 2014.

 

 

Telehealth Philippines: Are we ready?

by Leave a Comment

http://www.ourcatholicfaithjourney.com
http://www.ourcatholicfaithjourney.com

This week’s topic in #HI201 #MSMHI is #telehealthphilippines. Unlike in previous weeks where I could clearly integrate both the driving question and the task, this week’s seemed like a dichotomy: the driving question being: “How can telehealth support healthcare delivery in the Philippines?
; and the assignment was to pick two sections in the proposed telehealth bill, evaluate and suggest revisions if any.

 

http://mhealthwatch.com
http://mhealthwatch.com

 

How can telehealth support health care delivery in the Philippines?

 

Telehealth as defined in the proposed House Bill 6336 by then Congressman Joseph Emilio Aguinaldo Abaya, as the “delivery of medical services and information across a distance and …recognizes and accepts [telehealth as a means] of addressing problems of uneven provider distribution and discontinuous and inequitable health system development, especially in unserved and underserved areas.” [1]

 

A clearer definition would be that from the Nebraska Telehealth Act: i.e., “the use of medical information electronically exchanged from one site to another, whether synchronously or asynchronously to aid a health care practitioner in the diagnosis or treatment of a patient. Telehealth includes services originating from a patient’s home or any other location where such patient is located, asynchronous services involving the acquisition and storage of medical information at one site that is then forwarded to or retrieved by a health care practitioner at another site for medical evaluation and telemonitoring.” Further defined is telehealth consultation, which is any contact between a patient and a health care practitioner relating to the health care diagnosis or treatment of such patient through telehealth; and telemonitoring which is the remote monitoring of a patient’s vital signs, biometric data, or subjective data is a monitoring device, which transmits such data electronically for a health care practitioner for analysis and storage.”

 

 

http://www.healthcare.philips.com
http://www.healthcare.philips.com

 

Why Telehealth?

 

In some unserved and underserved communities, telehealth offers the best chance of overcoming or reducing barriers and facilitating access to health care and services. It fills a palpable void of a lack of health care practitioners in rural communities. It addresses the difficulty of attracting and retaining health care providers in unserved and underserved areas. The inadequate and uneven distribution of health care practitioners, lost to brain drain, or concentrated in urban areas and some suburban communities, telehealth can be the great equalizer, providing services where they are wanting. Instances when a difficulty in obtaining support for local health facilities exists, compromising the range of health care services, telehealth can fill this void. [1,2]

 

Telecommunications is envisioned to “deliver health care services that can reduce health care costs, improve health care quality, improve access to health care, and enhance the economic health of communities in medically underserved areas. “ [2]

 

http://www.globalmed.com
http://www.globalmed.com

 

Why is there a need for a Telehealth Bill?

 

Perhaps to address lack of monitoring and regulation of current telehealth practice in the Philippines, and the need to define standards and unify existing systems, the existence of such a bill can be argued.

 

In June 2012, then Congressman Joseph Emilio Aguinaldo Abaya, filed House Bill No. 6336, known as the Telehealth Act of 2012, during the second regular session of the Fifteenth Congress of the House of Representatives, Republic of the Philippines.

 

This brings us to our second task of evaluating at least two sections of the Telehealth Act as proposed.

 

 

Telehealth Bill of 2012.  Which sections need a second look?

 

Section 5. Telehealth as an authorized procedure. The delivery of health care via telehealth is recognized and encouraged as a safe, practical, and necessary practice in the Philippines. All health care providers shall be encouraged to participate in telehealth pursuant to the Telehealth Act, in using telehealth procedures, health care providers shall comply with all applicable State guidelines and shall follow established state rules that are consistent with the accepted safe clinical norms, as well as security, confidentiality and privacy protections for health information.

 

The Department of Health (DOH) and Philippine Health Insurance Corporation (PHIC) shall require telehealth practitioners in both originating and distant sites to undergo accreditation, through the National Telehealth Reference Center.

 

Comment on Section 5:

In the sentence “The delivery of health care via tele health is recognised and encouraged as a safe, practical, and necessary practice in the Philippines…”, the word “encouraged” leaves me squirming in my seat.  It is unclear what the real intent of the law is.  When they say “necessary practice” is this only for remote communities without access to health care?  Applicability of this phrase needs to be defined clearly in the law.  Moreover, no telehealth can replace an actual physician-patient encounter, and its applicability, may perhaps be limited only to the remotest of communities without quick access to health care and specialists.  The law needs also to define the limits and applicability of a private telehealth enterprise, perhaps even provide laws that will regulate such a practice.  Does telemedicine, for example, constitute the practice of medicine?  Does one need a professional regulatory commission license?

When the law says “All health care providers shall be encouraged to participate in telehealth pursuant to the Telehealth Act, in using tele health procedures...” , it is not clear what the law means by a “tele health procedure.”  Further, it states, that “Health care providers shall comply with all applicable State guidelines and shall follow established state rules that are consistent with the accepted safe clinical norms…” , at this point, there are no norms.  Who defines safe clinical norms or practice guidelines for tele health?

The complete sentence “…health care providers shall comply with all applicable State guidelines and shall follow established state rules that are consistent with the accepted safe clinical norms, as well as security, confidentiality and privacy protections for health information.”  is grammatically incorrect as written.  Does the law mean health care provides shall comply with all applicable State guidelines ….on security, confidentiality, and privacy protections for health information?  This statement remains unclear as there were no provisions with regard to informed consent, and explanation of data security and protection was not even alluded to.

When the bill says “The Department of Health (DOH) and Philippine Health Insurance Corporation (PHIC) shall require telehealth practitioners in both originating and distant sites to undergo accreditation, through the National Telehealth Reference Center.“, does the National Telehealth Reference Center accredits the tele health system or the tele health practitioner?  Certainly it seems appropriate that what the National Telehealth Reference Center accredits is the tele health system, and should be clearly stated as such.  Nonetheless, it still leaves the accreditation of the tele health practitioner hanging.  Who is in charge? Who defines ethical practice? What are the rules? Who accredits the practitioner?

 

Section 12. database — All telehealth centers and originating sites shall coordinate with the National Telehealth Reference Center for consolidation of patient databases.. The NTRC shall maintain and manage a national database for consults on clinical cases, as well as health and medical education exchanges made through the NTHS. It shall submit reports annually to the Committee and to the DOH on the status of and relevant health information derived from the database. A plan for long term outcome evlaution of telehealth service utilizing the cases registries shall be developed with one (two) years of passage of the Act by the NTRC in consultation with the Advisory Committee on Telehealth Service. Implementation of this plan shall be the responsibility of the Advisory Committee.

Comment on Section 12:

This section imposes coordination with the National Telehealth Reference Center, implying that ALL should coordinate for database consolidation.  ALL is such an ambitious word.  Is the bill talking about both the public or government tele health system or including also private endeavours in tele health?  What are the minimum data sets required for sharing for database consolidation? Do the patients know their data will be shared?

It [the National Telehealth Reference Center] shall submit reports annually to the Committee and to the DOH on the status of and relevant health information derived from the database. A plan for long term outcome evaluation of telehealth service utilizing the cases registries shall be developed within one (two) years of passage of the Act by the NTRC in consultation with the Advisory Committee on Telehealth Service. Implementation of this plan shall be the responsibility of the Advisory Committee.

At the present time, even at the National Institute of Health, our case registries remain incomplete.  Is there a national registry in place? That needs to be constructed and defined, and fully implemented before the tele health bill can “interoperate” so to speak with these registries.  The roles of the National Telehealth Resource Center, the Advisory Committee, the National Telecommunications Center have no clearly defined roles and function.  Each of these entities deserve a separate section in the bill.

 

Do we need a tele health bill?

In summary, do we need a tele health bill?  Affirmative.  But the tele health bill as it is written needs some major revisions and rethink.  Even better perhaps, is to craft a more encompassing bill, such as an eHealth Bill.  We need more graduates of MSHI, we need more thinkers, we need more interested personalities with their heart and mind in the right places.  Perhaps, then we can move on eHealth, including tele health.

 

 

 

References:

  1. Telehealth Act of 2012. http://www.congress.gov.ph/download/basic_15/HB06336.pdf Accessed November 15, 2014
  2. Nebraska Telehealth Act. http://dhhs.ne.gov/publichealth/Licensure/Documents/NebraskaTelehealthAct.pdf Accessed November 15, 2014.
  3. Marcelo, Alvin B.  Telemedicine in developing countries: Perspectives from the Philippines.   http://www.idrc.ca/EN/Resources/Publications/openebooks/396-6/index.html#page_27, accessed November 15, 2014.

 

 

 

Standards and Interoperability: An enigma to chase

by Leave a Comment

http://www.ecsoftwareconsulting.com
http://www.ecsoftwareconsulting.com

I had a difficult time with week 10 assignment on “Standards and Interoperability.”  Only one thing was clear, unless one understood “Standards,” the language by which “Interoperability” can be implemented remains an enigma.  In my confusion, I found it easier to write this piece:

 

Sa gitna ng aking agam-agam, isang munting tula, aking nakatha.

Mga katagang aking nasambit, ang sumunod mga salitang ginamit.

“Standards and interoperability”-di kita lubos na maunawaan,

pakiwari ko tinimbang ka, nguni’t kulang?

Tanging kaalamang tumatak sa aking isipan,

“standards” kinakailangan, upang “interoperability” lubusang makamtan.

Ano nga ba ang dahilan, pati sa aking pagtulog, ika’y aking napanaginipan?

Bumabagabag sa aking isipan, ang ating di pagkakaunawaan.

 

Of the five scenarios given, Dr. Santos predicament was the one I chose for discussion (scenario 5):

“Dr. Santos uses a clinic EMR called ClinicSys.  He wants to send prescriptions to a national pharmacy chain that uses a system called PharmSoft.  Dr. Santos also wants to know if the medications have been dispensed to the patient.”

With adequate and unlimited funding, correct staffing number and skills, and technology (hardware and software) connections working perfectly, the assignment required answers to the following:

  1. Why did you choose this scenario?
  1. What organisations / entities are involved in this scenario?
  1. What applications within the different organisations need to talk to each other?
  1. List specific project goals for making the organisations / applications talk to each other.
  1. List data elements that should be transferred.
  1. At what point in the process should the transfer of information happen (the trigger event)?
  1. At what point in the application/software process should the transfer of information happen.

 

The answers to these questions are summarised in a presentation on slideshare.net.

http://www.slideshare.net/AlvinaPaulineSantiag/standards-interoperability-slideshare

Enterprise Architecture atbp., Q and A: Week 7 assignment under Dr. Marcelo in #HI201 #EA #MSMHI

by Leave a Comment

We were tasked to post questions about enterprise architecture and others as it relates to health.  Below are my questions, and answers from Dr. Alvin Marcelo, and a few others.

 

www.chemanager-online.com
www.chemanager-online.com

#1 Is interoperability addressed by using open EHR?

See Doctors Find Barriers to Sharing Digital Medical Records http://www.nytimes.com/2014/10/01/business/digital-medical-records-become-common-but

Marcelo: In the US, the EMRS got bigger before the Health Information Exchanges (the interoperability layer). In such a situation, it becomes harder for mature EMRS to connect “back” to an HIE. The lesson is to quickly define the HIE and ask the EMRs to comply with it.

Up to a certain point [interoperability can be addressed by open EHRs] but not beyond it. OpenEHR helps organize clinical knowledge and structure it consistently. That helps with managing the complexity of clinicians having varying ways of representing their knowledge … [In an openEHR workshop, group] members given the same clinical scenario …had varying mindmaps for that case. If they proceeded to create the EMRs from their mindmap, for sure, their EMRs will not be interoperable because they had already diverged at the clinical knowledge layer (in EA, the business architecture). OpenEHR is like a bucket of lego blocks from where you can get pre-built blocks (representing clinical knowledge) which you can then put together to create your EMR. Since all of you got your building blocks from the same bucket, the chances that your EMRs can connect to each other is higher.

 

www.cynibit.com
www.cynibit.com

#2 Will open EMR prevent this type of scenario?

See Billing Dispute Leads to Blocked Patient Data in Maine. http://www.bostonglobe.com/news/nation/2014/09/21/electronic-health-records-vendor-compugroup-blocks-maine-practice-from-accessing-patient-data/6ILpMv78NARDsrdU5O0T9N/story.html?event=event25

Marcelo: No it will not. There are at least three layers of interoperability that need to exist before data flows effectively — business, information, technical. Open electronic medical records can address information and technical interoperability but cannot assure that there will be business interoperability (that is, two entities agreeing to do business with each other). The article is interesting that it actually states that information and technical interoperability already existed but a disagreement in how to run the business prevented the exchange of information. Similar cases abound in healthcare.

 

ITITan: I saw one contract where it is explicitly stated that there is an extra charge for extracting records at end of contract.

PSantiago: Is this practice fusion?

ITITan: It was a local EMR product

 

AJReyes: Have installed openemr and giving it a good look. What do you think about it?

PSantiago: I am suspicious of a hidden agenda… Whats in it for them? I don’t know yet, still exploring…

AJReyes: FOSS is like that. They may make money from professional support, or from having it in their CV or they just enjoy doing it. Still the data model is open to you (mysql RDBMS) so in theory, you should not get stuck, the way Full Circle was. FOSS aside, Full Circle should know, doctor lang ang puwedeng pilitin mag T.Y.

 

MAAlcantara-Santiago If you are implementing the openEMR in your own institution or hospital by “yourself” (meaning there is no third party implementor), then no, it should not be a problem.

But, in cases where you have a third party implementor of openEHR, then the problem of this happening in your institution will depend on the contract. In this case, it doesn’t matter if its openEMR or not. What matters is what is stated in the contract. If the institution failed to correct an implementor’s stated penalty wheb the institution is not able to pay, then the legal department of that institution is incompetent. I would rather not do business with an implementor that holds access to information when problems with payment or financials are experienced.

Sorry have to correct myself on this. I meant openMRS and not openEHR. OpenEMR is the open source EMR. OpenHR is a standards tool and contains concepts or archetypes which can be used in any EMR.

But, the problem of information lockdown is still dependent on the contract between implementor and the institution.

 

AHSantiago This is not an issue of implementing another system or not just to solve the problem. This is just a simple question of is this stipulated in the contract between vendor and client. In the world of entrepreneurship, if a businessman owns a bank money that he used for his business and does not pay back the bank can take back what is rightfully theirs in any form in which will be stated in their contract. This is like what happened between stradcom and lto, where system access was used as a bargaining chip to complete the payment deal. I think LTO won legally

AJReyes If you choose to run the system on your own computers, as opposed to having someone else host them, you should always be able to use it, even as a second system (inconvenient). Given the quality of our broadband system, I doubt if any local would seriously consider outside hosting. As to importing the data to a new system so you can have seamless access, the base implementation of openemr has over 170 tables but only for form* tables, and a few others have the clinical data so it’s doable by an independent provider but only if your contract is big enough. Would it retain it’s legal validity? The advantage of FOSS is that you can fire your support staff and hire another group if need be.

PPlanas This is what the IT department is for you back-up your data, so that whatever the local EMR vendor wants between you and management, regardless of the legalities, continuity of care can still be done on another EHR. Just implement a business continuity plan for vendor related lock-ups.

www.flickr.com
www.flickr.com

#3 Should PGH adopt an IT governance and an enterprise architecture? Or are we in the middle of it? What are our barriers?PGH has a wealth of clinical data but is not a DOH hospital. How can we harvest this data or integrate with the DOH system?

THerbosa:  Through an interoperability layer.  Mela Lapitan onboard

TLeachon: Just met with Atty Deegee, Staff of Sen Pia, She asked how to support this.

 

#4 Can we make all departments’ EHR/EMR interoperate so we get a better picture of our patients in PGH?  First things first, EHRs for different departments in PGH, make them interoperable and fully accessible by health care provider?

Marcelo: First definitions: an EMR is an electronic system for recording patient data in one facility. An EHR on the other hand is a person’s longitudinal record which may comprise of data coming from different EMRs.  So in PGH, ISIS is the EMR of the Department of Surgery. In IM, they have their own EMR. But patient Juan dela Cruz should only have one EHR which is a collection of his data from Surgery and IM.

How is this possible? Through interoperability — a system that allows the collection of Juan’s data from the different EMRs where his data resides. Do we need to design this from scratch? No, the Integrating the Healthcare Enterprise (www.ihe.net) has already described how this could be done in a health system.

 

meetupstatic.com
meetupstatic.com

#5 Practice Fusion claims free electronic health records, “no hidden costs, no strings attached.” Really?  Is there a hidden agenda?  Practice fusion sells “anonymised data.”  Are we as physicians willing to take that risk?

From Practice Fusion Privacy Policy: http://www.practicefusion.com/pages/privacy-policy.html

“We use non-personal information for the following purposes:  Auditing, research, measurement and analysis in order to maintain, administer, enhance and protect our Services, including analyzing usage trends and patterns and measuring the effectiveness of content, advertising, features or services; Creating new features and services; Contextual and cookie-based automated content delivery, such as tailored ads or search results;Health and medical research; public health and service activities; healthcare- and medical-related services; and Other purposes described in this Policy or your User Agreement.

We may also use non-personal information to prepare aggregate reports for current or future advertisers, sponsors or other partners to show trends about the general use of our Services. Such reports may include age, gender, geographic, demographic or other general user information, but do not include personal information.”

Marcelo: Everyone has a hidden agenda, (deliberately or not).  The key is agreeing on principles. Based on Data Privacy Act of 2012, personal information is not sharable….except when anonymized for research…




so technically, practice fusion is above the table…




(I have no stocks with PF).

 

http://www4.pcmag.com
http://www4.pcmag.com

#5a  If data is anonymised for market research, and not health research, such as pharmaceuticals establishing trends and analysing physicians’ practice patterns, is this still acceptable?

Marcelo: Based on the Data Privacy Act of 2012 (Chapter 1, Section 4 (d)), processing personal information for “research purposes” is allowed by law. As the section states, “research purpose” is out of scope of the Act. But is it acceptable (who defines “acceptable)?  (Make sure to consult a lawyer prior to implementing this for your protection).

“SEC. 4. Scope. – This Act applies to the processing of all types of personal information and to any natural and juridical person involved in personal information processing including those personal information controllers and processors who, although not found or established in the Philippines, use equipment that are located in the Philippines, or those who maintain an office, branch or agency in the Philippines subject to the immediately succeeding paragraph: Provided, That the requirements of Section 5 are complied with.

This Act does not apply to the following:
(a) Information about any individual who is or was an officer or employee of a government institution that relates to the position or functions of the individual, including:
(1) The fact that the individual is or was an officer or employee of the government institution;
(2) The title, business address and office telephone number of the individual;
(3) The classification, salary range and responsibilities of the position held by the individual; and
(4) The name of the individual on a document prepared by the individual in the course of employment with the government;
(b) Information about an individual who is or was performing service under contract for a government institution that relates to the services performed, including the terms of the contract, and the name of the individual given in the course of the performance of those services;
(c) Information relating to any discretionary benefit of a financial nature such as the granting of a license or permit given by the government to an individual, including the name of the individual and the exact nature of the benefit;
(d) Personal information processed for journalistic, artistic, literary or research purposes;
(e) Information necessary in order to carry out the functions of public authority which includes the processing of personal data for the performance by the independent, central monetary authority and law enforcement and regulatory agencies of their constitutionally and statutorily mandated functions. Nothing in this Act shall be construed as to have amended or repealed Republic Act No. 1405, otherwise known as the Secrecy of Bank Deposits Act; Republic Act No. 6426, otherwise known as the Foreign Currency Deposit Act; and Republic Act No. 9510, otherwise known as the Credit Information System Act (CISA);
(f) Information necessary for banks and other financial institutions under the jurisdiction of the independent, central monetary authority or Bangko Sentral ng Pilipinas to comply with Republic Act No. 9510, and Republic Act No. 9160, as amended, otherwise known as the Anti-Money Laundering Act and other applicable laws; and
(g) Personal information originally collected from residents of foreign jurisdictions in accordance with the laws of those foreign jurisdictions, including any applicable data privacy laws, which is being processed in the Philippines.”

Lectures Links to Slideshare.net

by Leave a Comment

www.slideshare.net
www.slideshare.net

 

When I came home from fellowship, one of my first lectures was plagiarised.  I am changing strategy… I am sharing most if not all my lectures on slideshare.  I should have done this a long time ago.

 

Pediatric Ophthalmology:

1.  Amblyopia Treatment Studies:
https://www.slideshare.net/secret/K8TwmnOEnuwgGM

2.  Basic Pediatric Vision Exam: 
https://www.slideshare.net/secret/j1m14ApVaPu52G

 

Strabismus:

1.  Strabismus Surgery:  

2.  Common Motility Problems:    
http://www.slideshare.net/AlvinaPaulineSantiag/2014-common-motility-problems

3.  Binocular vision and retinal correspondence: 
https://www.slideshare.net/secret/6iz0WVabSM3yyC

4.  Basic Motility Exam:  
https://www.slideshare.net/secret/2egdjvKKakKFSp

 

 

Health Informatics:

1.  Physician and Patient in Social Media.  Do we need a code of ethics