Beruflich Dokumente
Kultur Dokumente
Bill of Rights
Submitted by: Juliene Hannah V. Flores Submitted to: Marilyn M. Santos, Ph.D.
confidentiality of this information when it releases it to any other parties entitled to
review information in these records.
7. The patient has the right to review the records pertaining to his/her medical care and to
have the information explained or interpreted as necessary, except when restricted by
law.
8. The patient has the right to expect that, within its capacity and policies, a hospital will
make reasonable response to the request of a patient for appropriate and medically
indicated care and services. The hospital must provide evaluation, service, and/or referral
as indicated by the urgency of the case. When medically appropriate and legally
permissible, or when a patient has so requested, a patient may be transferred to another
facility. The institution to which the patient is to be transferred must first have accepted
the patient for transfer. The patient must also have the benefit of complete information
and explanation concerning the need for, risks, benefits, and alternatives to such a
transfer.
9. The patient has the right to ask and to be informed of the existence of business
relationships among the hospital, educational institutions, other health care providers, or
payers that may influence the patient's treatment and care.
10. The patient has the right to consent to or decline to participate in proposed research
studies or human experimentation affecting care and treatment or requiring direct patient
involvement, and to have those studies fully explained prior to consent. A patient who
declines to participate in research or experimentation is entitled to the most effective care
that the hospital can otherwise provide.
11. The patient has the right to expect reasonable continuity of care when appropriate and to
be informed by physicians and other caregivers of available and realistic patient care
options when hospital care is no longer appropriate.
12. The patient has the right to be informed of hospital policies and practices that relate to
patient care, treatment, and responsibilities. The patient has the right to be informed of
available resources for resolving disputes, grievances, and conflicts, such as ethics
committees, patient representatives, or other mechanisms available in the institution. The
patient has the right to be informed of the hospital's charges for services and available
payment methods.
Data Privacy Act
In 2012 the Philippines passed the Data Privacy Act 2012, comprehensive and strict privacy
legislation “to protect the fundamental human right of privacy, of communication while ensuring
free flow of information to promote innovation and growth.” (Republic Act. No. 10173, Ch. 1,
Sec. 2). This comprehensive privacy law also established a National Privacy Commission that
enforces and oversees it and is endowed with rulemaking power. On September 9, 2016, the final
implementing rules and regulations came into force, adding specificity to the Privacy Act.
Approach
The Philippines law takes the approach that “The processing of personal data shall be allowed
subject to adherence to the principles of transparency, legitimate purpose, and proportionality.”
About an individual’s race, ethnic origin, marital status, age, color, and religious,
philosophical or political affiliations;
About an individual’s health, education, genetic or sexual life of a person, or to any
proceeding or any offense committed or alleged to have committed;
Issued by government agencies “peculiar” (unique) to an individual, such as social
security number;
Marked as classified by executive order or act of Congress.
All processing of sensitive and personal information is prohibited except in certain
circumstances. The exceptions are:
Consent of the data subject;
Pursuant to law that does not require consent;
Necessity to protect life and health of a person;
Necessity for medical treatment;
Necessity to protect the lawful rights of data subjects in court proceedings, legal
proceedings, or regulation.
Requirement to notify
The law further provides that not all “personal data breaches” require notification., which
provides several bases for not notifying data subjects or the data protection authority. Section 38
of the IRRs provides the requirements of breach notification:
The breached information must be sensitive personal information, or information that
could be used for identity fraud, and
There is a reasonable belief that unauthorized acquisition has occurred, and
The risk to the data subject is real, and
The potential harm is serious.
The law provides that the Commission may determine that notification to data subjects is
unwarranted after taking into account the entity’s compliance with the Privacy Act, and
whether the acquisition was in good faith.
Notification contents
The contents of the notification must at least:
Describe the nature of the breach;
The personal data possibly involved;
The measures taken by the entity to address the breach;
The measures take to reduce the harm or negative consequence of the breach;
The representatives of the personal information controller, including their contact details;
Any assistance to be provided to the affected data subjects.