Scribd Logo
Upload

Welcome to Scribd!

  • Advisory 2019-001 Disclosure of Personal Data

    Uploaded by

    qwertyuiopkmrr
    10 views1 page

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    10 views1 page

    Advisory 2019-001 Disclosure of Personal Data

    Uploaded by

    qwertyuiopkmrr

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    DE LOS SANTOS MEDICAL CENTER

    Data Privacy Advisory NO. 2019-001


    November 06, 2019
    In Re: Unauthorized Disclosure of Personal Data of Patients and Employees.
    To: ALL

    De Los Santos Medical Center is committed to comply with the provisions of RA 10173,
    also known as the Data Privacy Act of 2012 (DPA) 1, its Implementing Rules and
    Regulations2 (IRR) and relevant issuances.
    As a health institution, considered as a Personal Information Controller (PIC) 3,
    processing personal information of its patients and their relatives, employees and
    individual third-party service providers, DLSMC is bound to implement security
    measures to protect the personal information against any accidental or unlawful
    destruction, alteration and disclosure, as well as against any other unlawful processing 4.
    DLSMC is accountable for any personal information under its control and custody,
    including those transferred to a third party. Such accountability extends to any
    authorized person processing personal data of its data subjects on behalf of DLSMC.
    Given the responsibility of DLSMC to secure personal information, release of personal
    information in any form (manual, electronic or oral) shall only be made to the patient or
    data subject itself. Prior to disclosure to an Authorized Representative 5 of the owner of
    the personal data, the following should be presented:
    a. Authorization letter or consent from the owner of the personal data.
    Authorization letter should contain:
    i. the name of the person authorized to receive the release of
    personal data;
    ii. description of the personal data to be released;
    iii. the purpose of requesting the copy of the personal data;
    iv. signature of the personal data owner and the date;
    b. Valid ID of the authorized representative;
    c. Valid ID of the owner of the personal data;
    d. Other valid documents that will establish relationship to the owner of the
    personal data.
    The immediately preceding paragraph is without prejudice to the lawful disclosure or
    processing that a PIC may do in accordance with Sections 21 and 22 of the
    Implementing Rules and Regulations of the DPA of 2012.
    For your reference and strict compliance. Thank you!
    Regards,

    Data Protection Officer

    1
    AN ACT PROTECTING INDIVIDUAL PERSONAL INFORMATION IN INFORMATION AND COMMUNICATIONS
    SYSTEMS IN THE GOVERNMENT AND THE PRIVATE SECTOR, CREATING FOR THIS PURPOSE A NATIONAL
    PRIACY COMMISSION, AND FOR OTHER PURPOSES, “Data Privacy Act of 2012” (15 August 2012).
    2
    Implementing Rules and Regulations of the Data Privacy Act (24 August 2016).
    3
    Supra note 1, §3(h) - Personal information controller refers to a person or organization who controls the collection,
    holding, processing or use of personal information, including a person or organization who instructs another person or
    organization to collect, hold, process, use, transfer or disclose personal information on his or her behalf.
    4
    IRR of the DPA Rule VI. Sec. 25 Security Measures for the Protection of Personal Data
    5
    DLSMC Data Privacy Manual 2019 (Release of Personal Data)

    You might also like