Due to the special nature of health information, the legal and technical aspects of the concepts of security, privacy, and confidentiality (SPC) have a particular meaning in the context of healthcare. Privacy is the right of an individual to limit access to others to some aspect of their person. A more specific type of privacy is informational privacy (which is the notion of privacy we are most familiar with). Information privacy is the right of a person to determine at what time, in what way, and to what extent information about the person is communicated to others. Confidentiality refers to the expectation that the information collected will be used for the purpose for which it is granted. Security is defined as the policies, procedures, mechanisms, tools, technologies and accountability methods to support privacy. A related concept to SPC specific to healthcare is Protected Health Information. Protected health information, under the US Health Insurance Portability and Accountability Act (HIPAA), is any information about health status, provision of health care, or payment for health care that can be linked to a specific individual. This is interpreted rather broadly and includes any part of a patient’s medical record or payment history. PHI that is linked based on a list of 18 identifiers must be treated with special care according to HIPAA. LEGAL FRAMEWORK
SPC is enshrined in the Hippocratic Oath :
What I may see or hear in the course of treatment or even outside of the treatment in regard to the life of men, which on no account one must spread abroad, I will keep myself holding such things shameful to be spoken about. Unfortunately, the Philippines does not currently have a specific law or act that pertains to SPC in healthcare. There are no SPC provisions in the Medical Act of 1959. Thrice in the Senate (by Dadivas, Cayetano, and Revilla), a Patient Bill of Rights was proposed, but none seem to have been passed. In the Magna Carta of Patients’ Rights, article 3 section 4 states the patients’ Right to Privacy and Confidentiality : The privacy of the patients must be assured at all stages of his treatment. The patient has the right to be free from unwarranted public exposure, except in the following cases: a) when his mental or physical condition is in controversy and the appropriate court, in its discretion, orders him to submit to a physical or mental examination by a physician; b) when the public health and safety so demand; and c) when the patient waives the right.
The patient has the right to demand that all information, communication and records pertaining to his care be treated as confidential. Any health care provider or practitioner involved in the treatment of a patient and all those who have legitimate access to the patient’s record is not authorized to divulge any information to a third party who has no concern with the care and welfare of the patient without his consent, except: a) when such disclosure will benefit public health and safety; b) when it is in the interest of justice and upon the order of a competent court; and c) when the patient waives in writing the confidential nature of such information; d) when it is needed for continued medical treatment or advancement of medical science subject to de-identification of patient and shared medical confidentiality for those who have access to the information.
Informing the spouse or the family to the first degree of the patient's medical condition may be allowed; Provided, That the patient of legal age shall have the right to choose on whom to inform. In case the patient is not of legal age or is mentally incapacitated, such information shall be given to the parents, legal guardian or his next of kin.
The Code of Ethics of the Philippine Medical Association, in Section 6, states that : The physician should hold as sacred and...